Check-in [6f88d82476]
Overview
Comment:Added start of signature verification
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:6f88d82476d96f9e1b65a4fedf58f88d9a96cce8
User & Date: rkeene on 2014-11-17 16:51:57
Other Links: manifest | tags
Context
2014-11-17
20:37
Updated to include entire error stack on error for --tcl mode in AppFSd check-in: 4b2e0bf187 user: rkeene tags: trunk
16:51
Added start of signature verification check-in: 6f88d82476 user: rkeene tags: trunk
16:51
Added timeout (30s) for DB operations to avoid locking failures being immediately returned check-in: dd0cc55f82 user: rkeene tags: trunk
Changes

Modified Makefile from [a0e0d80d7b] to [fdccdbca53].

     1      1   CC = gcc
     2      2   PKG_CONFIG = pkg-config
     3      3   FUSE_CFLAGS = $(shell $(PKG_CONFIG) --cflags fuse)
     4      4   CFLAGS_DEBUG = -Wall -g3 -ggdb3 -DDEBUG=1 -UNDEBUG -O0 -DAPPFS_EXIT_PATH=1
     5      5   CFLAGS_RELEASE = -Wall -UDEBUG -DNDEBUG=1 -O3
     6         -CFLAGS = $(FUSE_CFLAGS) $(TCL_CFLAGS) $(CFLAGS_DEBUG)
            6  +CFLAGS = $(FUSE_CFLAGS) $(TCL_CFLAGS) $(CFLAGS_RELEASE)
     7      7   LDFLAGS = $(TCL_LDFLAGS)
     8      8   FUSE_LIBS = $(shell $(PKG_CONFIG) --libs fuse)
     9      9   LIBS = $(FUSE_LIBS) $(TCL_LIBS)
    10     10   PREFIX = /usr/local
    11     11   prefix = $(PREFIX)
    12     12   bindir = $(prefix)/bin
    13     13   sbindir = $(prefix)/sbin

Modified appfsd.tcl from [171439581e] to [2e09ba053f].

    92     92   
    93     93   		if {![regexp {^[0-9a-f]*$} $value]} {
    94     94   			return false
    95     95   		}
    96     96   
    97     97   		return true
    98     98   	}
           99  +
          100  +	proc _verifySignatureAndCertificate {certificate signature} {
          101  +		return true
          102  +	}
    99    103   
   100    104   	proc _normalizeOS {os} {
   101    105   		set os [string tolower [string trim $os]]
   102    106   
   103    107   		switch -- $os {
   104    108   			"linux" - "freebsd" - "openbsd" - "netbsd" {
   105    109   				return $os
................................................................................
   225    229   		if {![info exists indexhash_data]} {
   226    230   			# Cache this result for 60 seconds
   227    231   			db eval {INSERT OR REPLACE INTO sites (hostname, lastUpdate, ttl) VALUES ($hostname, $now, $::appfs::nttl);}
   228    232   
   229    233   			return -code error "Unable to fetch $url"
   230    234   		}
   231    235   
   232         -		set indexhash [lindex [split $indexhash_data ","] 0]
          236  +		set indexhash_data [split $indexhash_data ","]
          237  +		set indexhash [lindex $indexhash_data 0]
          238  +		set indexhashmethod [lindex $indexhash_data 1]
          239  +		set indexhashcert   [lindex $indexhash_data 2]
          240  +		set indexhashsig    [lindex $indexhash_data 3]
   233    241   
   234    242   		if {![_isHash $indexhash]} {
   235    243   			return -code error "Invalid hash: $indexhash"
   236    244   		}
          245  +
          246  +		if {![_verifySignatureAndCertificate $indexhashcert $indexhashsig]} {
          247  +			return -code error "Invalid signature or certificate from $hostname"
          248  +		}
   237    249   
   238    250   		set file [download $hostname $indexhash]
   239    251   		set fd [open $file]
   240    252   		set data [read $fd]
   241    253   		close $fd
   242    254   
   243    255   		set curr_packages [list]