mirror of
https://github.com/safing/portbase
synced 2025-09-05 04:00:14 +00:00
Save verification options to resource and save if versions have a sig available
This commit is contained in:
Daniel
parent
77a6ab050b
commit
44dc8df5d6
2 changed files with 39 additions and 13 deletions
|
|
@ -1,7 +1,6 @@
|
||||||
package updater
|
package updater
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
|
||||||
"io"
|
"io"
|
||||||
"os"
|
"os"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
@ -58,8 +57,7 @@ func (file *File) SigningMetadata() map[string]string {
|
||||||
// Verify verifies the given file.
|
// Verify verifies the given file.
|
||||||
func (file *File) Verify() ([]*filesig.FileData, error) {
|
func (file *File) Verify() ([]*filesig.FileData, error) {
|
||||||
// Check if verification is configured.
|
// Check if verification is configured.
|
||||||
verifOpts := file.resource.registry.GetVerificationOptions(file.resource.Identifier)
|
if file.resource.VerificationOptions == nil {
|
||||||
if verifOpts == nil {
|
|
||||||
return nil, ErrVerificationNotConfigured
|
return nil, ErrVerificationNotConfigured
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -68,12 +66,12 @@ func (file *File) Verify() ([]*filesig.FileData, error) {
|
||||||
file.storagePath,
|
file.storagePath,
|
||||||
file.storagePath+filesig.Extension,
|
file.storagePath+filesig.Extension,
|
||||||
file.SigningMetadata(),
|
file.SigningMetadata(),
|
||||||
verifOpts.TrustStore,
|
file.resource.VerificationOptions.TrustStore,
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
switch verifOpts.DiskLoadPolicy {
|
switch file.resource.VerificationOptions.DiskLoadPolicy {
|
||||||
case SignaturePolicyRequire:
|
case SignaturePolicyRequire:
|
||||||
return nil, fmt.Errorf("failed to verify file: %w", err)
|
return nil, err
|
||||||
case SignaturePolicyWarn:
|
case SignaturePolicyWarn:
|
||||||
log.Warningf("%s: failed to verify %s: %s", file.resource.registry.Name, file.storagePath, err)
|
log.Warningf("%s: failed to verify %s: %s", file.resource.registry.Name, file.storagePath, err)
|
||||||
case SignaturePolicyDisable:
|
case SignaturePolicyDisable:
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,9 @@ import (
|
||||||
|
|
||||||
semver "github.com/hashicorp/go-version"
|
semver "github.com/hashicorp/go-version"
|
||||||
|
|
||||||
|
"github.com/safing/jess/filesig"
|
||||||
"github.com/safing/portbase/log"
|
"github.com/safing/portbase/log"
|
||||||
|
"github.com/safing/portbase/utils"
|
||||||
)
|
)
|
||||||
|
|
||||||
var devVersion *semver.Version
|
var devVersion *semver.Version
|
||||||
|
|
@ -49,6 +51,9 @@ type Resource struct {
|
||||||
// to download the latest version from the updates servers
|
// to download the latest version from the updates servers
|
||||||
// specified in the resource registry.
|
// specified in the resource registry.
|
||||||
SelectedVersion *ResourceVersion
|
SelectedVersion *ResourceVersion
|
||||||
|
|
||||||
|
// VerificationOptions holds the verification options for this resource.
|
||||||
|
VerificationOptions *VerificationOptions
|
||||||
}
|
}
|
||||||
|
|
||||||
// ResourceVersion represents a single version of a resource.
|
// ResourceVersion represents a single version of a resource.
|
||||||
|
|
@ -63,6 +68,9 @@ type ResourceVersion struct {
|
||||||
// Available indicates if this version is available locally.
|
// Available indicates if this version is available locally.
|
||||||
Available bool
|
Available bool
|
||||||
|
|
||||||
|
// SigAvailable indicates if the signature of this version is available locally.
|
||||||
|
SigAvailable bool
|
||||||
|
|
||||||
// CurrentRelease indicates that this is the current release that should be
|
// CurrentRelease indicates that this is the current release that should be
|
||||||
// selected, if possible.
|
// selected, if possible.
|
||||||
CurrentRelease bool
|
CurrentRelease bool
|
||||||
|
|
@ -132,9 +140,7 @@ func (res *Resource) Export() *Resource {
|
||||||
SelectedVersion: res.SelectedVersion,
|
SelectedVersion: res.SelectedVersion,
|
||||||
}
|
}
|
||||||
// Copy Versions slice.
|
// Copy Versions slice.
|
||||||
for i := 0; i < len(res.Versions); i++ {
|
copy(export.Versions, res.Versions)
|
||||||
export.Versions[i] = res.Versions[i]
|
|
||||||
}
|
|
||||||
|
|
||||||
return export
|
return export
|
||||||
}
|
}
|
||||||
|
|
@ -184,9 +190,10 @@ func (res *Resource) AnyVersionAvailable() bool {
|
||||||
|
|
||||||
func (reg *ResourceRegistry) newResource(identifier string) *Resource {
|
func (reg *ResourceRegistry) newResource(identifier string) *Resource {
|
||||||
return &Resource{
|
return &Resource{
|
||||||
registry: reg,
|
registry: reg,
|
||||||
Identifier: identifier,
|
Identifier: identifier,
|
||||||
Versions: make([]*ResourceVersion, 0, 1),
|
Versions: make([]*ResourceVersion, 0, 1),
|
||||||
|
VerificationOptions: reg.GetVerificationOptions(identifier),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -230,6 +237,12 @@ func (res *Resource) AddVersion(version string, available, currentRelease, preRe
|
||||||
// set flags
|
// set flags
|
||||||
if available {
|
if available {
|
||||||
rv.Available = true
|
rv.Available = true
|
||||||
|
|
||||||
|
// If available and signatures are enabled for this resource, check if the
|
||||||
|
// signature is available.
|
||||||
|
if res.VerificationOptions != nil && utils.PathExists(rv.storageSigPath()) {
|
||||||
|
rv.SigAvailable = true
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if currentRelease {
|
if currentRelease {
|
||||||
rv.CurrentRelease = true
|
rv.CurrentRelease = true
|
||||||
|
|
@ -439,8 +452,13 @@ boundarySearch:
|
||||||
|
|
||||||
// Purge everything beyond the purge boundary.
|
// Purge everything beyond the purge boundary.
|
||||||
for _, rv := range res.Versions[purgeBoundary:] {
|
for _, rv := range res.Versions[purgeBoundary:] {
|
||||||
storagePath := rv.storagePath()
|
// Only remove if resource file is actually available.
|
||||||
|
if !rv.Available {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
// Remove resource file.
|
// Remove resource file.
|
||||||
|
storagePath := rv.storagePath()
|
||||||
err := os.Remove(storagePath)
|
err := os.Remove(storagePath)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Warningf("%s: failed to purge resource %s v%s: %s", res.registry.Name, rv.resource.Identifier, rv.VersionNumber, err)
|
log.Warningf("%s: failed to purge resource %s v%s: %s", res.registry.Name, rv.resource.Identifier, rv.VersionNumber, err)
|
||||||
|
|
@ -507,7 +525,17 @@ func (rv *ResourceVersion) versionedPath() string {
|
||||||
return GetVersionedPath(rv.resource.Identifier, rv.VersionNumber)
|
return GetVersionedPath(rv.resource.Identifier, rv.VersionNumber)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// versionedSigPath returns the versioned identifier of the file signature.
|
||||||
|
func (rv *ResourceVersion) versionedSigPath() string {
|
||||||
|
return GetVersionedPath(rv.resource.Identifier, rv.VersionNumber) + filesig.Extension
|
||||||
|
}
|
||||||
|
|
||||||
// storagePath returns the absolute storage path.
|
// storagePath returns the absolute storage path.
|
||||||
func (rv *ResourceVersion) storagePath() string {
|
func (rv *ResourceVersion) storagePath() string {
|
||||||
return filepath.Join(rv.resource.registry.storageDir.Path, filepath.FromSlash(rv.versionedPath()))
|
return filepath.Join(rv.resource.registry.storageDir.Path, filepath.FromSlash(rv.versionedPath()))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// storageSigPath returns the absolute storage path of the file signature.
|
||||||
|
func (rv *ResourceVersion) storageSigPath() string {
|
||||||
|
return rv.storagePath() + filesig.Extension
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue