Overview
| Comment: | Added start of signature verification |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
6f88d82476d96f9e1b65a4fedf58f88d |
| User & Date: | rkeene on 2014-11-17 16:51:57 |
| Other Links: | manifest | tags |
Context
|
2014-11-17
| ||
| 20:37 | Updated to include entire error stack on error for --tcl mode in AppFSd check-in: 4b2e0bf187 user: rkeene tags: trunk | |
| 16:51 | Added start of signature verification check-in: 6f88d82476 user: rkeene tags: trunk | |
| 16:51 | Added timeout (30s) for DB operations to avoid locking failures being immediately returned check-in: dd0cc55f82 user: rkeene tags: trunk | |
Changes
Modified Makefile from [a0e0d80d7b] to [fdccdbca53].
1 2 3 4 5 | CC = gcc PKG_CONFIG = pkg-config FUSE_CFLAGS = $(shell $(PKG_CONFIG) --cflags fuse) CFLAGS_DEBUG = -Wall -g3 -ggdb3 -DDEBUG=1 -UNDEBUG -O0 -DAPPFS_EXIT_PATH=1 CFLAGS_RELEASE = -Wall -UDEBUG -DNDEBUG=1 -O3 | | | 1 2 3 4 5 6 7 8 9 10 11 12 13 | CC = gcc PKG_CONFIG = pkg-config FUSE_CFLAGS = $(shell $(PKG_CONFIG) --cflags fuse) CFLAGS_DEBUG = -Wall -g3 -ggdb3 -DDEBUG=1 -UNDEBUG -O0 -DAPPFS_EXIT_PATH=1 CFLAGS_RELEASE = -Wall -UDEBUG -DNDEBUG=1 -O3 CFLAGS = $(FUSE_CFLAGS) $(TCL_CFLAGS) $(CFLAGS_RELEASE) LDFLAGS = $(TCL_LDFLAGS) FUSE_LIBS = $(shell $(PKG_CONFIG) --libs fuse) LIBS = $(FUSE_LIBS) $(TCL_LIBS) PREFIX = /usr/local prefix = $(PREFIX) bindir = $(prefix)/bin sbindir = $(prefix)/sbin |
| ︙ | ︙ |
Modified appfsd.tcl from [171439581e] to [2e09ba053f].
| ︙ | ︙ | |||
92 93 94 95 96 97 98 99 100 101 102 103 104 105 |
if {![regexp {^[0-9a-f]*$} $value]} {
return false
}
return true
}
proc _normalizeOS {os} {
set os [string tolower [string trim $os]]
switch -- $os {
"linux" - "freebsd" - "openbsd" - "netbsd" {
return $os
| > > > > | 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 |
if {![regexp {^[0-9a-f]*$} $value]} {
return false
}
return true
}
proc _verifySignatureAndCertificate {certificate signature} {
return true
}
proc _normalizeOS {os} {
set os [string tolower [string trim $os]]
switch -- $os {
"linux" - "freebsd" - "openbsd" - "netbsd" {
return $os
|
| ︙ | ︙ | |||
225 226 227 228 229 230 231 |
if {![info exists indexhash_data]} {
# Cache this result for 60 seconds
db eval {INSERT OR REPLACE INTO sites (hostname, lastUpdate, ttl) VALUES ($hostname, $now, $::appfs::nttl);}
return -code error "Unable to fetch $url"
}
| > | > > > > > > > | 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 |
if {![info exists indexhash_data]} {
# Cache this result for 60 seconds
db eval {INSERT OR REPLACE INTO sites (hostname, lastUpdate, ttl) VALUES ($hostname, $now, $::appfs::nttl);}
return -code error "Unable to fetch $url"
}
set indexhash_data [split $indexhash_data ","]
set indexhash [lindex $indexhash_data 0]
set indexhashmethod [lindex $indexhash_data 1]
set indexhashcert [lindex $indexhash_data 2]
set indexhashsig [lindex $indexhash_data 3]
if {![_isHash $indexhash]} {
return -code error "Invalid hash: $indexhash"
}
if {![_verifySignatureAndCertificate $indexhashcert $indexhashsig]} {
return -code error "Invalid signature or certificate from $hostname"
}
set file [download $hostname $indexhash]
set fd [open $file]
set data [read $fd]
close $fd
set curr_packages [list]
|
| ︙ | ︙ |