Check-in [6f88d82476]
Overview
Comment:Added start of signature verification
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 6f88d82476d96f9e1b65a4fedf58f88d9a96cce8
User & Date: rkeene on 2014-11-17 16:51:57
Other Links: manifest | tags
Context
2014-11-17
20:37
Updated to include entire error stack on error for --tcl mode in AppFSd check-in: 4b2e0bf187 user: rkeene tags: trunk
16:51
Added start of signature verification check-in: 6f88d82476 user: rkeene tags: trunk
16:51
Added timeout (30s) for DB operations to avoid locking failures being immediately returned check-in: dd0cc55f82 user: rkeene tags: trunk
Changes

Modified Makefile from [a0e0d80d7b] to [fdccdbca53].

1
2
3
4
5
6

7
8
9
10
11
12
13
1
2
3
4
5

6
7
8
9
10
11
12
13





-
+







CC = gcc
PKG_CONFIG = pkg-config
FUSE_CFLAGS = $(shell $(PKG_CONFIG) --cflags fuse)
CFLAGS_DEBUG = -Wall -g3 -ggdb3 -DDEBUG=1 -UNDEBUG -O0 -DAPPFS_EXIT_PATH=1
CFLAGS_RELEASE = -Wall -UDEBUG -DNDEBUG=1 -O3
CFLAGS = $(FUSE_CFLAGS) $(TCL_CFLAGS) $(CFLAGS_DEBUG)
CFLAGS = $(FUSE_CFLAGS) $(TCL_CFLAGS) $(CFLAGS_RELEASE)
LDFLAGS = $(TCL_LDFLAGS)
FUSE_LIBS = $(shell $(PKG_CONFIG) --libs fuse)
LIBS = $(FUSE_LIBS) $(TCL_LIBS)
PREFIX = /usr/local
prefix = $(PREFIX)
bindir = $(prefix)/bin
sbindir = $(prefix)/sbin

Modified appfsd.tcl from [171439581e] to [2e09ba053f].

92
93
94
95
96
97
98




99
100
101
102
103
104
105
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109







+
+
+
+








		if {![regexp {^[0-9a-f]*$} $value]} {
			return false
		}

		return true
	}

	proc _verifySignatureAndCertificate {certificate signature} {
		return true
	}

	proc _normalizeOS {os} {
		set os [string tolower [string trim $os]]

		switch -- $os {
			"linux" - "freebsd" - "openbsd" - "netbsd" {
				return $os
225
226
227
228
229
230
231

232




233
234
235
236




237
238
239
240
241
242
243
229
230
231
232
233
234
235
236

237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255







+
-
+
+
+
+




+
+
+
+







		if {![info exists indexhash_data]} {
			# Cache this result for 60 seconds
			db eval {INSERT OR REPLACE INTO sites (hostname, lastUpdate, ttl) VALUES ($hostname, $now, $::appfs::nttl);}

			return -code error "Unable to fetch $url"
		}

		set indexhash_data [split $indexhash_data ","]
		set indexhash [lindex [split $indexhash_data ","] 0]
		set indexhash [lindex $indexhash_data 0]
		set indexhashmethod [lindex $indexhash_data 1]
		set indexhashcert   [lindex $indexhash_data 2]
		set indexhashsig    [lindex $indexhash_data 3]

		if {![_isHash $indexhash]} {
			return -code error "Invalid hash: $indexhash"
		}

		if {![_verifySignatureAndCertificate $indexhashcert $indexhashsig]} {
			return -code error "Invalid signature or certificate from $hostname"
		}

		set file [download $hostname $indexhash]
		set fd [open $file]
		set data [read $fd]
		close $fd

		set curr_packages [list]