-
-
Notifications
You must be signed in to change notification settings - Fork 60
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #3128 from LibreSign/backport/2594/stable29
[stable29] Sign setup
- Loading branch information
Showing
16 changed files
with
980 additions
and
227 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -12,3 +12,4 @@ node_modules/ | |
.phpunit.result.cache | ||
*.phar | ||
/src/__test__/coverage | ||
/appinfo/install-*.json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
<?php | ||
|
||
declare(strict_types=1); | ||
/** | ||
* SPDX-FileCopyrightText: 2020-2024 LibreCode coop and contributors | ||
* SPDX-License-Identifier: AGPL-3.0-or-later | ||
*/ | ||
|
||
namespace OCA\Libresign\Command\Developer; | ||
|
||
use OC\Core\Command\Base; | ||
use OC\IntegrityCheck\Helpers\FileAccessHelper; | ||
use OCA\Libresign\Service\Install\SignSetupService; | ||
use OCP\IConfig; | ||
use phpseclib\Crypt\RSA; | ||
use phpseclib\File\X509; | ||
use Symfony\Component\Console\Input\InputInterface; | ||
use Symfony\Component\Console\Input\InputOption; | ||
use Symfony\Component\Console\Output\OutputInterface; | ||
|
||
class SignSetup extends Base { | ||
public function __construct( | ||
private IConfig $config, | ||
private FileAccessHelper $fileAccessHelper, | ||
private SignSetupService $signSetupService, | ||
) { | ||
parent::__construct(); | ||
} | ||
|
||
public function isEnabled(): bool { | ||
return $this->config->getSystemValue('debug', false) === true; | ||
} | ||
|
||
protected function configure(): void { | ||
$this | ||
->setName('libresign:developer:sign-setup') | ||
->setDescription('Clean all LibreSign data') | ||
->addOption('privateKey', null, InputOption::VALUE_REQUIRED, 'Path to private key to use for signing') | ||
->addOption('certificate', null, InputOption::VALUE_REQUIRED, 'Path to certificate to use for signing') | ||
; | ||
} | ||
|
||
protected function execute(InputInterface $input, OutputInterface $output): int { | ||
$privateKeyPath = $input->getOption('privateKey'); | ||
$keyBundlePath = $input->getOption('certificate'); | ||
if (is_null($privateKeyPath) || is_null($keyBundlePath)) { | ||
$output->writeln('This command requires the --path, --privateKey and --certificate.'); | ||
$output->writeln('Example: ./occ libresign:developer:sign-setup --privateKey="/libresign/private/myapp.key" --certificate="/libresign/public/mycert.crt"'); | ||
return 1; | ||
} | ||
|
||
$privateKey = $this->fileAccessHelper->file_get_contents((string) $privateKeyPath); | ||
$keyBundle = $this->fileAccessHelper->file_get_contents((string) $keyBundlePath); | ||
if ($privateKey === false) { | ||
$output->writeln(sprintf('Private key "%s" does not exists.', $privateKeyPath)); | ||
return 1; | ||
} | ||
|
||
if ($keyBundle === false) { | ||
$output->writeln(sprintf('Certificate "%s" does not exists.', $keyBundlePath)); | ||
return 1; | ||
} | ||
|
||
$rsa = new RSA(); | ||
$rsa->loadKey($privateKey); | ||
$x509 = new X509(); | ||
$x509->loadX509($keyBundle); | ||
$x509->setPrivateKey($rsa); | ||
try { | ||
foreach ($this->signSetupService->getArchitectures() as $architecture) { | ||
$this->signSetupService->writeAppSignature($x509, $rsa, $architecture); | ||
} | ||
$output->writeln('Successfully signed'); | ||
} catch (\Exception $e) { | ||
$output->writeln('Error: ' . $e->getMessage()); | ||
return 1; | ||
} | ||
return 0; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
<?php | ||
|
||
declare(strict_types=1); | ||
/** | ||
* SPDX-FileCopyrightText: 2024 LibreCode coop and contributors | ||
* SPDX-License-Identifier: AGPL-3.0-or-later | ||
*/ | ||
|
||
namespace OCA\Libresign\Exception; | ||
|
||
class InvalidSignatureException extends \Exception { | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
<?php | ||
|
||
declare(strict_types=1); | ||
/** | ||
* SPDX-FileCopyrightText: 2024 LibreCode coop and contributors | ||
* SPDX-License-Identifier: AGPL-3.0-or-later | ||
*/ | ||
|
||
namespace OCA\Libresign\Migration; | ||
|
||
use OCP\Files\AppData\IAppDataFactory; | ||
use OCP\Files\IAppData; | ||
use OCP\Files\SimpleFS\ISimpleFolder; | ||
use OCP\Migration\IOutput; | ||
use OCP\Migration\IRepairStep; | ||
|
||
class DeleteOldBinaries implements IRepairStep { | ||
protected IAppData $appData; | ||
protected IOutput $output; | ||
protected array $allowedFiles = [ | ||
'x86_64', | ||
'aarch64', | ||
'openssl_config', | ||
'cfssl_config', | ||
'unauthenticated', | ||
]; | ||
public function __construct( | ||
protected IAppDataFactory $appDataFactory, | ||
) { | ||
$this->appData = $appDataFactory->get('libresign'); | ||
} | ||
|
||
public function getName(): string { | ||
return 'Delete old binaries.'; | ||
} | ||
|
||
public function run(IOutput $output): void { | ||
$output->warning('Run the follow command first: files:scan-app-data libresign'); | ||
$this->output = $output; | ||
$folder = $this->appData->getFolder('/'); | ||
|
||
$list = $this->getDirectoryListing($folder); | ||
foreach ($list as $file) { | ||
if (!in_array($file->getName(), $this->allowedFiles)) { | ||
$file->delete(); | ||
} | ||
} | ||
} | ||
|
||
private function getDirectoryListing(ISimpleFolder $node): array { | ||
$reflection = new \ReflectionClass($node); | ||
$reflectionProperty = $reflection->getProperty('folder'); | ||
$reflectionProperty->setAccessible(true); | ||
$folder = $reflectionProperty->getValue($node); | ||
$list = $folder->getDirectoryListing(); | ||
return $list; | ||
} | ||
} |
Oops, something went wrong.