mirror of
https://github.com/safing/portbase
synced 2025-09-01 10:09:50 +00:00
Save verification options to resource and save if versions have a sig available
This commit is contained in:
Daniel
parent
77a6ab050b
commit
44dc8df5d6
2 changed files with 39 additions and 13 deletions
|
|
@ -1,7 +1,6 @@
|
|||
package updater
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io"
|
||||
"os"
|
||||
"strings"
|
||||
|
|
@ -58,8 +57,7 @@ func (file *File) SigningMetadata() map[string]string {
|
|||
// Verify verifies the given file.
|
||||
func (file *File) Verify() ([]*filesig.FileData, error) {
|
||||
// Check if verification is configured.
|
||||
verifOpts := file.resource.registry.GetVerificationOptions(file.resource.Identifier)
|
||||
if verifOpts == nil {
|
||||
if file.resource.VerificationOptions == nil {
|
||||
return nil, ErrVerificationNotConfigured
|
||||
}
|
||||
|
||||
|
|
@ -68,12 +66,12 @@ func (file *File) Verify() ([]*filesig.FileData, error) {
|
|||
file.storagePath,
|
||||
file.storagePath+filesig.Extension,
|
||||
file.SigningMetadata(),
|
||||
verifOpts.TrustStore,
|
||||
file.resource.VerificationOptions.TrustStore,
|
||||
)
|
||||
if err != nil {
|
||||
switch verifOpts.DiskLoadPolicy {
|
||||
switch file.resource.VerificationOptions.DiskLoadPolicy {
|
||||
case SignaturePolicyRequire:
|
||||
return nil, fmt.Errorf("failed to verify file: %w", err)
|
||||
return nil, err
|
||||
case SignaturePolicyWarn:
|
||||
log.Warningf("%s: failed to verify %s: %s", file.resource.registry.Name, file.storagePath, err)
|
||||
case SignaturePolicyDisable:
|
||||
|
|
|
|||
|
|
@ -10,7 +10,9 @@ import (
|
|||
|
||||
semver "github.com/hashicorp/go-version"
|
||||
|
||||
"github.com/safing/jess/filesig"
|
||||
"github.com/safing/portbase/log"
|
||||
"github.com/safing/portbase/utils"
|
||||
)
|
||||
|
||||
var devVersion *semver.Version
|
||||
|
|
@ -49,6 +51,9 @@ type Resource struct {
|
|||
// to download the latest version from the updates servers
|
||||
// specified in the resource registry.
|
||||
SelectedVersion *ResourceVersion
|
||||
|
||||
// VerificationOptions holds the verification options for this resource.
|
||||
VerificationOptions *VerificationOptions
|
||||
}
|
||||
|
||||
// ResourceVersion represents a single version of a resource.
|
||||
|
|
@ -63,6 +68,9 @@ type ResourceVersion struct {
|
|||
// Available indicates if this version is available locally.
|
||||
Available bool
|
||||
|
||||
// SigAvailable indicates if the signature of this version is available locally.
|
||||
SigAvailable bool
|
||||
|
||||
// CurrentRelease indicates that this is the current release that should be
|
||||
// selected, if possible.
|
||||
CurrentRelease bool
|
||||
|
|
@ -132,9 +140,7 @@ func (res *Resource) Export() *Resource {
|
|||
SelectedVersion: res.SelectedVersion,
|
||||
}
|
||||
// Copy Versions slice.
|
||||
for i := 0; i < len(res.Versions); i++ {
|
||||
export.Versions[i] = res.Versions[i]
|
||||
}
|
||||
copy(export.Versions, res.Versions)
|
||||
|
||||
return export
|
||||
}
|
||||
|
|
@ -184,9 +190,10 @@ func (res *Resource) AnyVersionAvailable() bool {
|
|||
|
||||
func (reg *ResourceRegistry) newResource(identifier string) *Resource {
|
||||
return &Resource{
|
||||
registry: reg,
|
||||
Identifier: identifier,
|
||||
Versions: make([]*ResourceVersion, 0, 1),
|
||||
registry: reg,
|
||||
Identifier: identifier,
|
||||
Versions: make([]*ResourceVersion, 0, 1),
|
||||
VerificationOptions: reg.GetVerificationOptions(identifier),
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -230,6 +237,12 @@ func (res *Resource) AddVersion(version string, available, currentRelease, preRe
|
|||
// set flags
|
||||
if available {
|
||||
rv.Available = true
|
||||
|
||||
// If available and signatures are enabled for this resource, check if the
|
||||
// signature is available.
|
||||
if res.VerificationOptions != nil && utils.PathExists(rv.storageSigPath()) {
|
||||
rv.SigAvailable = true
|
||||
}
|
||||
}
|
||||
if currentRelease {
|
||||
rv.CurrentRelease = true
|
||||
|
|
@ -439,8 +452,13 @@ boundarySearch:
|
|||
|
||||
// Purge everything beyond the purge boundary.
|
||||
for _, rv := range res.Versions[purgeBoundary:] {
|
||||
storagePath := rv.storagePath()
|
||||
// Only remove if resource file is actually available.
|
||||
if !rv.Available {
|
||||
continue
|
||||
}
|
||||
|
||||
// Remove resource file.
|
||||
storagePath := rv.storagePath()
|
||||
err := os.Remove(storagePath)
|
||||
if err != nil {
|
||||
log.Warningf("%s: failed to purge resource %s v%s: %s", res.registry.Name, rv.resource.Identifier, rv.VersionNumber, err)
|
||||
|
|
@ -507,7 +525,17 @@ func (rv *ResourceVersion) versionedPath() string {
|
|||
return GetVersionedPath(rv.resource.Identifier, rv.VersionNumber)
|
||||
}
|
||||
|
||||
// versionedSigPath returns the versioned identifier of the file signature.
|
||||
func (rv *ResourceVersion) versionedSigPath() string {
|
||||
return GetVersionedPath(rv.resource.Identifier, rv.VersionNumber) + filesig.Extension
|
||||
}
|
||||
|
||||
// storagePath returns the absolute storage path.
|
||||
func (rv *ResourceVersion) storagePath() string {
|
||||
return filepath.Join(rv.resource.registry.storageDir.Path, filepath.FromSlash(rv.versionedPath()))
|
||||
}
|
||||
|
||||
// storageSigPath returns the absolute storage path of the file signature.
|
||||
func (rv *ResourceVersion) storageSigPath() string {
|
||||
return rv.storagePath() + filesig.Extension
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue