Overview
| Comment: | Added start of signature verification |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: | 6f88d82476d96f9e1b65a4fedf58f88d9a96cce8 |
| User & Date: | rkeene on 2014-11-17 16:51:57 |
| Other Links: | manifest | tags |
Context
|
2014-11-17
| ||
| 20:37 | Updated to include entire error stack on error for --tcl mode in AppFSd check-in: 4b2e0bf187 user: rkeene tags: trunk | |
| 16:51 | Added start of signature verification check-in: 6f88d82476 user: rkeene tags: trunk | |
| 16:51 | Added timeout (30s) for DB operations to avoid locking failures being immediately returned check-in: dd0cc55f82 user: rkeene tags: trunk | |
Changes
Modified Makefile from [a0e0d80d7b] to [fdccdbca53].
1 2 3 4 5 6 7 8 9 10 11 12 13 |
CC = gcc
PKG_CONFIG = pkg-config
FUSE_CFLAGS = $(shell $(PKG_CONFIG) --cflags fuse)
CFLAGS_DEBUG = -Wall -g3 -ggdb3 -DDEBUG=1 -UNDEBUG -O0 -DAPPFS_EXIT_PATH=1
CFLAGS_RELEASE = -Wall -UDEBUG -DNDEBUG=1 -O3
CFLAGS = $(FUSE_CFLAGS) $(TCL_CFLAGS) $(CFLAGS_DEBUG)
LDFLAGS = $(TCL_LDFLAGS)
FUSE_LIBS = $(shell $(PKG_CONFIG) --libs fuse)
LIBS = $(FUSE_LIBS) $(TCL_LIBS)
PREFIX = /usr/local
prefix = $(PREFIX)
bindir = $(prefix)/bin
sbindir = $(prefix)/sbin
|
| |
1 2 3 4 5 6 7 8 9 10 11 12 13 |
CC = gcc
PKG_CONFIG = pkg-config
FUSE_CFLAGS = $(shell $(PKG_CONFIG) --cflags fuse)
CFLAGS_DEBUG = -Wall -g3 -ggdb3 -DDEBUG=1 -UNDEBUG -O0 -DAPPFS_EXIT_PATH=1
CFLAGS_RELEASE = -Wall -UDEBUG -DNDEBUG=1 -O3
CFLAGS = $(FUSE_CFLAGS) $(TCL_CFLAGS) $(CFLAGS_RELEASE)
LDFLAGS = $(TCL_LDFLAGS)
FUSE_LIBS = $(shell $(PKG_CONFIG) --libs fuse)
LIBS = $(FUSE_LIBS) $(TCL_LIBS)
PREFIX = /usr/local
prefix = $(PREFIX)
bindir = $(prefix)/bin
sbindir = $(prefix)/sbin
|
Modified appfsd.tcl from [171439581e] to [2e09ba053f].
92
93
94
95
96
97
98
99
100
101
102
103
104
105
...
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
|
if {![regexp {^[0-9a-f]*$} $value]} {
return false
}
return true
}
proc _normalizeOS {os} {
set os [string tolower [string trim $os]]
switch -- $os {
"linux" - "freebsd" - "openbsd" - "netbsd" {
return $os
................................................................................
if {![info exists indexhash_data]} {
# Cache this result for 60 seconds
db eval {INSERT OR REPLACE INTO sites (hostname, lastUpdate, ttl) VALUES ($hostname, $now, $::appfs::nttl);}
return -code error "Unable to fetch $url"
}
set indexhash [lindex [split $indexhash_data ","] 0]
if {![_isHash $indexhash]} {
return -code error "Invalid hash: $indexhash"
}
set file [download $hostname $indexhash]
set fd [open $file]
set data [read $fd]
close $fd
set curr_packages [list]
|
>
>
>
>
|
>
>
>
>
>
>
>
>
|
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
...
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
|
if {![regexp {^[0-9a-f]*$} $value]} {
return false
}
return true
}
proc _verifySignatureAndCertificate {certificate signature} {
return true
}
proc _normalizeOS {os} {
set os [string tolower [string trim $os]]
switch -- $os {
"linux" - "freebsd" - "openbsd" - "netbsd" {
return $os
................................................................................
if {![info exists indexhash_data]} {
# Cache this result for 60 seconds
db eval {INSERT OR REPLACE INTO sites (hostname, lastUpdate, ttl) VALUES ($hostname, $now, $::appfs::nttl);}
return -code error "Unable to fetch $url"
}
set indexhash_data [split $indexhash_data ","]
set indexhash [lindex $indexhash_data 0]
set indexhashmethod [lindex $indexhash_data 1]
set indexhashcert [lindex $indexhash_data 2]
set indexhashsig [lindex $indexhash_data 3]
if {![_isHash $indexhash]} {
return -code error "Invalid hash: $indexhash"
}
if {![_verifySignatureAndCertificate $indexhashcert $indexhashsig]} {
return -code error "Invalid signature or certificate from $hostname"
}
set file [download $hostname $indexhash]
set fd [open $file]
set data [read $fd]
close $fd
set curr_packages [list]
|