comaps/meta-php
15
1
Fork
You've already forked meta-php
0

Add meta server description #25

Merged
zyphlar merged 4 commits from zyphlar-patch-1 into main 2025年11月12日 10:52:35 +01:00

Signed-off-by: zyphlar zyphlar@noreply.codeberg.org

Signed-off-by: zyphlar <zyphlar@noreply.codeberg.org>
Signed-off-by: zyphlar <zyphlar@noreply.codeberg.org>
Author
Owner
Copy link

Fixes #6

Fixes #6
x7z4w requested changes 2025年11月09日 09:54:47 +01:00
Dismissed
x7z4w left a comment
Owner
Copy link

Maybe add how it can be used later e.g. scalability opportunities?

Maybe add how it can be used later e.g. scalability opportunities?
README.md Outdated
@ -3,0 +6,4 @@
Note that currently our download routine chunks the files and requests multiple chunks at a time from all available servers, so more servers in each list is better. The app will evaluate the health of each server and direct chunk requests accordingly, but won't request multiple chunks from the same server at the same time.
The upstream Metaserver has additional capabilities like telling the app to display donation buttons or a Christmas tree, but that seems intrusive.
Owner
Copy link

We fully removed this from the app

We fully removed this from the app
Owner
Copy link

I'm not sure what's the point of mentioning OM's implementation at all, as ours is a complete re-implementation.

I'm not sure what's the point of mentioning OM's implementation at all, as ours is a complete re-implementation.
Author
Owner
Copy link

I've reworded this. I think it's good and important to highlight ways that we're respecting privacy and security, to be transparent and also reduce fears anyone may have after digging around upstream.

I've reworded this. I think it's good and important to highlight ways that we're respecting privacy and security, to be transparent and also reduce fears anyone may have after digging around upstream.
README.md Outdated
@ -3,0 +8,4 @@
The upstream Metaserver has additional capabilities like telling the app to display donation buttons or a Christmas tree, but that seems intrusive.
Currently there is no capability for giving an app newer maps than it was built for. Apps are shipped with a countries.txt file that dictates every possible map and its checksum, which is quite secure, but also limiting. The meta server would need to be extended to list compatible map versions for each app version, and provide secure verification info, to improve on this.
Owner
Copy link

The meta server would need to be extended to list compatible map versions for each app version, and provide secure verification info, to improve on this.

I'd drop this sentence, IMO its debatable.
IMO this repo's issues section is more suitable for discussing future plans, rather than stating them in the README.md

`The meta server would need to be extended to list compatible map versions for each app version, and provide secure verification info, to improve on this.` I'd drop this sentence, IMO its debatable. IMO this repo's issues section is more suitable for discussing future plans, rather than stating them in the README.md
@ -2,1 +2,4 @@
## Description
When the main app in the field checks for map updates, it needs to download the map files from nearby servers that hopefully have the desired files. Also, these servers can change over time, so they shouldn't be hardcoded into the app. So the first step is to ask for this list of CDNs, and the second step is to actually connect to one or more CDN servers to get the map files.
First-time contributor
Copy link

Isnt this incorrect?
Also, these servers can change over time, so they shouldn't be hardcoded into the app.
Since if this list gets another server added to it, will it even work on the app?
because its not in the private.h:

#define DEFAULT_URLS_JSON "[ \"https://cdn-us-2.comaps.tech/\", \"https://comaps.firewall-gateway.de/\", \"https://cdn-fi-1.comaps.app/\", \"https://comaps-cdn.s3-website.cloud.ru/\" ]"

sry if i am getting something wrong

Isnt this incorrect? `Also, these servers can change over time, so they shouldn't be hardcoded into the app.` Since if this list gets another server added to it, will it even work on the app? because its not in the private.h: https://codeberg.org/comaps/comaps/src/commit/5bd7a284fad1199ca5b98f82d3867611a7712a86/private.h#L9 _sry if i am getting something wrong_
Owner
Copy link

DEFAULT_URLS_JSON is used only when the metaserver is unreachable.

`DEFAULT_URLS_JSON` is used only when the metaserver is unreachable.
Owner
Copy link

the full server list in private.h is a fallback which is used only if the app can't get the latest and georegion-tailored list from the metaserver

e.g. we might add new CDNs for South America region and clients will be able to download from them without waiting for the next app update (which will update the list in private.h)

the full server list in `private.h` is a fallback which is used only if the app can't get the latest and georegion-tailored list from the metaserver e.g. we might add new CDNs for South America region and clients will be able to download from them without waiting for the next app update (which will update the list in private.h)
First-time contributor
Copy link

oh nice, understood it wrong way around, that these where the only valid/safe cdn's, so if the metaserver would be compromised the app would not start requests to domains that are unsafe

oh nice, understood it wrong way around, that these where the only valid/safe cdn's, so if the metaserver would be compromised the app would not start requests to domains that are _unsafe_
Owner
Copy link

actually you make a good point that metaserver could be potentially compromised (and CDN nodes too, of course)

we need to think of potential consequences and what we can do about it

actually you make a good point that metaserver could be potentially compromised (and CDN nodes too, of course) we need to think of potential consequences and what we can do about it
Owner
Copy link

@pastk wrote in #25 (comment):

actually you make a good point that metaserver could be potentially compromised (and CDN nodes too, of course)

we need to think of potential consequences and what we can do about it

Isn't app rejects MWMs that do not match the hash from countries.txt?

@pastk wrote in https://codeberg.org/comaps/meta-php/pulls/25#issuecomment-8193449: > actually you make a good point that metaserver could be potentially compromised (and CDN nodes too, of course) > > we need to think of potential consequences and what we can do about it Isn't app rejects MWMs that do not match the hash from `countries.txt`?
Owner
Copy link

It does reject them.

But it'd try to download them first (hit the urls). So theoretically someone could replace CDN urls to make clients to hit them. DDOS attack by CoMaps users? :)))

It does reject them. But it'd try to download them first (hit the urls). So theoretically someone could replace CDN urls to make clients to hit them. DDOS attack by CoMaps users? :)))
Author
Owner
Copy link

Ultimately any online component to the app is a service, and the service needs to be trustworthy. A dns-based DoS due to HTTP GET requests for specific files that won't exist on most targets is a pretty small edge case I think.

A bigger issue is malicious MWMs crafted to buffer overflow a device, but it's correct that the checksum in countries.txt prevents this. So if we move to fully online updates, maybe what we do is embed a signing public key in the app instead, and then sign map updates? Or just sign a new countries.txt for the app to download, and then the files themselves probably don't need further checking.

Ultimately any online component to the app is a service, and the service needs to be trustworthy. A dns-based DoS due to HTTP GET requests for specific files that won't exist on most targets is a pretty small edge case I think. A bigger issue is malicious MWMs crafted to buffer overflow a device, but it's correct that the checksum in countries.txt prevents this. So if we move to fully online updates, maybe what we do is embed a signing public key in the app instead, and then sign map updates? Or just sign a new countries.txt for the app to download, and then the files themselves probably don't need further checking.
Owner
Copy link

Isn't app rejects MWMs that do not match the hash from countries.txt?

We use sha1 for hashing which was broken and is not considered cryptographically secure any more. But the computational effort for forging a file with the same hash is still immense.

> Isn't app rejects MWMs that do not match the hash from countries.txt? We use sha1 for hashing which was broken and is not considered cryptographically secure any more. But the computational effort for forging a file with the same hash is still immense.
Author
Owner
Copy link

@x7z4w wrote in #25 (comment):

Maybe add how it can be used later e.g. scalability opportunities?

What are you thinking about? The code is pretty simple, the main improvement would be instructing apps to download map files that they don't have a countries.txt for (essentially giving them a new countries.txt) which is pretty well described I think.

@x7z4w wrote in https://codeberg.org/comaps/meta-php/pulls/25#issuecomment-8188709: > Maybe add how it can be used later e.g. scalability opportunities? What are you thinking about? The code is pretty simple, the main improvement would be instructing apps to download map files that they don't have a countries.txt for (essentially giving them a new countries.txt) which is pretty well described I think.
Signed-off-by: zyphlar <zyphlar@noreply.codeberg.org>
Signed-off-by: zyphlar <zyphlar@noreply.codeberg.org>
README.md Outdated
@ -3,0 +6,4 @@
Note that currently our download routine chunks the files and requests multiple chunks at a time from all available servers, so more servers in each list is better. The app will evaluate the health of each server and direct chunk requests accordingly, but won't request multiple chunks from the same server at the same time.
Upstream features that allowed the metaserver to control donation buttons etc have been removed from CoMaps and are not present in this metaserver.
Owner
Copy link

"Upstream" sounds like this is a fork.

As @pastk said, it doesn't make sense to mention this at all.

"Upstream" sounds like this is a fork. As @pastk said, it doesn't make sense to mention this at all.
Author
Owner
Copy link

I guess my question is, the metaserver concept exists due to OM, and it serves various purposes there, but these purposes are intentionally limited and privacy-preserving, and I don't know anywhere better to talk about that. I would be concerned, knowing the history, if I was a user

I guess my question is, the metaserver concept exists due to OM, and it serves various purposes there, but these purposes are intentionally limited and privacy-preserving, and I don't know anywhere better to talk about that. I would be concerned, knowing the history, if I was a user
Owner
Copy link

Then at least make it explicit Unlike Organic Maps meta-server
Because some people reading this won't understand what "upstream" is. Could be some 3party lib for example.

Then at least make it explicit `Unlike Organic Maps meta-server` Because some people reading this won't understand what "upstream" is. Could be some 3party lib for example.
zyphlar marked this conversation as resolved 
Signed-off-by: zyphlar <zyphlar@noreply.codeberg.org>
zyphlar deleted branch zyphlar-patch-1 2025年11月12日 10:52:36 +01:00
Sign in to join this conversation.
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
6 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
comaps/meta-php!25
Reference in a new issue
comaps/meta-php
No description provided.
Delete branch "zyphlar-patch-1"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?