Check-in [6f88d82476]
Overview
Comment:Added start of signature verification
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 6f88d82476d96f9e1b65a4fedf58f88d9a96cce8
User & Date: rkeene on 2014-11-17 16:51:57
Other Links: manifest | tags
Context
2014-11-17
20:37
Updated to include entire error stack on error for --tcl mode in AppFSd check-in: 4b2e0bf187 user: rkeene tags: trunk
16:51
Added start of signature verification check-in: 6f88d82476 user: rkeene tags: trunk
16:51
Added timeout (30s) for DB operations to avoid locking failures being immediately returned check-in: dd0cc55f82 user: rkeene tags: trunk
Changes

Modified Makefile from [a0e0d80d7b] to [fdccdbca53].

1
2
3
4
5
6
7
8
9
10
11
12
13
CC = gcc
PKG_CONFIG = pkg-config
FUSE_CFLAGS = $(shell $(PKG_CONFIG) --cflags fuse)
CFLAGS_DEBUG = -Wall -g3 -ggdb3 -DDEBUG=1 -UNDEBUG -O0 -DAPPFS_EXIT_PATH=1
CFLAGS_RELEASE = -Wall -UDEBUG -DNDEBUG=1 -O3
CFLAGS = $(FUSE_CFLAGS) $(TCL_CFLAGS) $(CFLAGS_DEBUG)
LDFLAGS = $(TCL_LDFLAGS)
FUSE_LIBS = $(shell $(PKG_CONFIG) --libs fuse)
LIBS = $(FUSE_LIBS) $(TCL_LIBS)
PREFIX = /usr/local
prefix = $(PREFIX)
bindir = $(prefix)/bin
sbindir = $(prefix)/sbin





|







1
2
3
4
5
6
7
8
9
10
11
12
13
CC = gcc
PKG_CONFIG = pkg-config
FUSE_CFLAGS = $(shell $(PKG_CONFIG) --cflags fuse)
CFLAGS_DEBUG = -Wall -g3 -ggdb3 -DDEBUG=1 -UNDEBUG -O0 -DAPPFS_EXIT_PATH=1
CFLAGS_RELEASE = -Wall -UDEBUG -DNDEBUG=1 -O3
CFLAGS = $(FUSE_CFLAGS) $(TCL_CFLAGS) $(CFLAGS_RELEASE)
LDFLAGS = $(TCL_LDFLAGS)
FUSE_LIBS = $(shell $(PKG_CONFIG) --libs fuse)
LIBS = $(FUSE_LIBS) $(TCL_LIBS)
PREFIX = /usr/local
prefix = $(PREFIX)
bindir = $(prefix)/bin
sbindir = $(prefix)/sbin

Modified appfsd.tcl from [171439581e] to [2e09ba053f].

92
93
94
95
96
97
98




99
100
101
102
103
104
105

		if {![regexp {^[0-9a-f]*$} $value]} {
			return false
		}

		return true
	}





	proc _normalizeOS {os} {
		set os [string tolower [string trim $os]]

		switch -- $os {
			"linux" - "freebsd" - "openbsd" - "netbsd" {
				return $os







>
>
>
>







92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109

		if {![regexp {^[0-9a-f]*$} $value]} {
			return false
		}

		return true
	}

	proc _verifySignatureAndCertificate {certificate signature} {
		return true
	}

	proc _normalizeOS {os} {
		set os [string tolower [string trim $os]]

		switch -- $os {
			"linux" - "freebsd" - "openbsd" - "netbsd" {
				return $os
225
226
227
228
229
230
231

232



233
234
235
236




237
238
239
240
241
242
243
		if {![info exists indexhash_data]} {
			# Cache this result for 60 seconds
			db eval {INSERT OR REPLACE INTO sites (hostname, lastUpdate, ttl) VALUES ($hostname, $now, $::appfs::nttl);}

			return -code error "Unable to fetch $url"
		}


		set indexhash [lindex [split $indexhash_data ","] 0]




		if {![_isHash $indexhash]} {
			return -code error "Invalid hash: $indexhash"
		}





		set file [download $hostname $indexhash]
		set fd [open $file]
		set data [read $fd]
		close $fd

		set curr_packages [list]







>
|
>
>
>




>
>
>
>







229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
		if {![info exists indexhash_data]} {
			# Cache this result for 60 seconds
			db eval {INSERT OR REPLACE INTO sites (hostname, lastUpdate, ttl) VALUES ($hostname, $now, $::appfs::nttl);}

			return -code error "Unable to fetch $url"
		}

		set indexhash_data [split $indexhash_data ","]
		set indexhash [lindex $indexhash_data 0]
		set indexhashmethod [lindex $indexhash_data 1]
		set indexhashcert   [lindex $indexhash_data 2]
		set indexhashsig    [lindex $indexhash_data 3]

		if {![_isHash $indexhash]} {
			return -code error "Invalid hash: $indexhash"
		}

		if {![_verifySignatureAndCertificate $indexhashcert $indexhashsig]} {
			return -code error "Invalid signature or certificate from $hostname"
		}

		set file [download $hostname $indexhash]
		set fd [open $file]
		set data [read $fd]
		close $fd

		set curr_packages [list]