Commit 28fc9d6

authored

Enforce signature check on library_index.json (#2326)

1 parent 29c70df commit 28fc9d6Copy full SHA for 28fc9d6

File tree

+10

-3

lines changed

+10

-3

lines changed

Lines changed: 8 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,7 @@ package resources`
`17`	`17`
`18`	`18`	`import (`
`19`	`19`	`"context"`
	`20`	`+ "errors"`
`20`	`21`	`"net/url"`
`21`	`22`	`"path"`
`22`	`23`	`"strings"`
`@@ -33,8 +34,9 @@ import (`
`33`	`34`
`34`	`35`	`// IndexResource is a reference to an index file URL with an optional signature.`
`35`	`36`	`type IndexResource struct {`
`36`		`- URL *url.URL`
`37`		`- SignatureURL *url.URL`
	`37`	`+ URL *url.URL`
	`38`	`+ SignatureURL *url.URL`
	`39`	`+ EnforceSignatureVerification bool`
`38`	`40`	`}`
`39`	`41`
`40`	`42`	`// IndexFileName returns the index file name as it is saved in data dir (package_xxx_index.json).`
`@@ -140,6 +142,10 @@ func (res IndexResource) Download(destDir paths.Path, downloadCB rpc.DownloadP`
`140`	`142`	`} else if !valid {`
`141`	`143`	`return &arduino.SignatureVerificationFailedError{File: res.URL.String()}`
`142`	`144`	`}`
	`145`	`+ } else {`
	`146`	`+ if res.EnforceSignatureVerification {`
	`147`	`+ return &arduino.PermissionDeniedError{Message: tr("Error verifying signature"), Cause: errors.New(tr("missing signature"))}`
	`148`	`+ }`
`143`	`149`	`}`
`144`	`150`
`145`	`151`	`// TODO: Implement a ResourceValidator`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -511,7 +511,8 @@ func UpdateLibrariesIndex(ctx context.Context, req *rpc.UpdateLibrariesIndexRequ`
`511`	`511`	`defer tmp.RemoveAll()`
`512`	`512`
`513`	`513`	`indexResource := resources.IndexResource{`
`514`		`- URL: librariesmanager.LibraryIndexWithSignatureArchiveURL,`
	`514`	`+ URL: librariesmanager.LibraryIndexWithSignatureArchiveURL,`
	`515`	`+ EnforceSignatureVerification: true,`
`515`	`516`	`}`
`516`	`517`	`if err := indexResource.Download(lm.IndexFile.Parent(), downloadCB); err != nil {`
`517`	`518`	`return err`

Comments

(0)