summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCarsten Haitzler (Rasterman) <raster@rasterman.com>2014-11-28 19:22:40 +0900
committerCarsten Haitzler (Rasterman) <raster@rasterman.com>2014-11-28 19:22:40 +0900
commit7626fb9b8dbdda4f7911b2e0649126493e44b8ba (patch)
tree151547b00908a32b31e880b94aa8eb29fa3e0b4c
parentcccce16986ae239d9434ad8dea78e3364c58bc7c (diff)
add package verification and signing... and creation of keys
-rw-r--r--mrk.c61
-rw-r--r--mrklib.h5
-rw-r--r--mrklib_buildfile.c19
-rw-r--r--mrklib_package.c13
4 files changed, 89 insertions, 9 deletions
diff --git a/mrk.c b/mrk.c
index 5c31fab..5449b5e 100644
--- a/mrk.c
+++ b/mrk.c
@@ -17,6 +17,10 @@ static const char *build_chkdir = "Marrakesh-Check";
17static const char *build_objdir = "Marrakesh-Obj"; 17static const char *build_objdir = "Marrakesh-Obj";
18static const char *arch = NULL; 18static const char *arch = NULL;
19static const char *os = NULL; 19static const char *os = NULL;
20static char key_priv_buf[4096];
21static char key_cert_buf[4096];
22static const char *key_priv = NULL;
23static const char *key_cert = NULL;
20 24
21static Eina_Bool move_to_cwd = EINA_FALSE; 25static Eina_Bool move_to_cwd = EINA_FALSE;
22static Eina_Bool install_bin = EINA_FALSE; 26static Eina_Bool install_bin = EINA_FALSE;
@@ -153,6 +157,8 @@ main(int argc, char **argv)
153 " bin\n" 157 " bin\n"
154 " check\n" 158 " check\n"
155 " src\n" 159 " src\n"
160 " newkey\n"
161 " verify FILE\n"
156 " extract FILE\n" 162 " extract FILE\n"
157 " inst FILE\n" 163 " inst FILE\n"
158 " rm PKGNAME\n" 164 " rm PKGNAME\n"
@@ -175,6 +181,13 @@ main(int argc, char **argv)
175 os = mrk_os_get(); 181 os = mrk_os_get();
176 arch = mrk_arch_get(); 182 arch = mrk_arch_get();
177 183
184 snprintf(key_priv_buf, sizeof(key_priv_buf),
185 "%s/.marrakesh/keys/default-priv.pem", getenv("HOME"));
186 snprintf(key_cert_buf, sizeof(key_cert_buf),
187 "%s/.marrakesh/keys/default-cert.pem", getenv("HOME"));
188 key_priv = key_priv_buf;
189 key_cert = key_cert_buf;
190
178 if (getenv("MRKHOST")) server_host = getenv("MRKHOST"); 191 if (getenv("MRKHOST")) server_host = getenv("MRKHOST");
179 if (getenv("MRKPORT")) server_port = atoi(getenv("MRKPORT")); 192 if (getenv("MRKPORT")) server_port = atoi(getenv("MRKPORT"));
180 if (getenv("MRKARCH")) arch = getenv("MRKARCH"); 193 if (getenv("MRKARCH")) arch = getenv("MRKARCH");
@@ -182,6 +195,8 @@ main(int argc, char **argv)
182 if (getenv("MRKDIR")) build_tmpdir = getenv("MRKDIR"); 195 if (getenv("MRKDIR")) build_tmpdir = getenv("MRKDIR");
183 if (getenv("MRKCHKDIR")) build_chkdir = getenv("MRKCHKDIR"); 196 if (getenv("MRKCHKDIR")) build_chkdir = getenv("MRKCHKDIR");
184 if (getenv("MRKOBJDIR")) build_objdir = getenv("MRKOBJDIR"); 197 if (getenv("MRKOBJDIR")) build_objdir = getenv("MRKOBJDIR");
198 if (getenv("MRKKEY")) key_priv = getenv("MRKKEY");
199 if (getenv("MRKCERT")) key_cert = getenv("MRKCERT");
185 200
186 if (!strcmp(argv[1], "build")) 201 if (!strcmp(argv[1], "build"))
187 { 202 {
@@ -200,13 +215,39 @@ main(int argc, char **argv)
200 ecore_file_recursive_rm(build_chkdir); 215 ecore_file_recursive_rm(build_chkdir);
201 ecore_file_recursive_rm(build_objdir); 216 ecore_file_recursive_rm(build_objdir);
202 } 217 }
218 else if (!strcmp(argv[1], "newkey"))
219 {
220 char tmp[4096];
221
222 snprintf(tmp, sizeof(tmp), "%s/.marrakesh/keys", getenv("HOME"));
223 ecore_file_mkpath(tmp);
224 snprintf(tmp, sizeof(tmp),
225 "openssl genrsa -out "
226 "%s/.marrakesh/keys/default-priv.pem "
227 "4096"
228 ,
229 getenv("HOME"));
230 system(tmp);
231 snprintf(tmp, sizeof(tmp),
232 "openssl req "
233 "-x509 -new "
234 "-key %s/.marrakesh/keys/default-priv.pem "
235 "-out %s/.marrakesh/keys/default-cert.pem "
236 "-days 999999 "
237 "-subj /prompt=no"
238 ,
239 getenv("HOME"),
240 getenv("HOME"));
241 system(tmp);
242 }
203 else if (!strcmp(argv[1], "src")) 243 else if (!strcmp(argv[1], "src"))
204 { 244 {
205 char tmp[4096]; 245 char tmp[4096];
206 Mrk_Build *bld = mrk_build_load("Marrakesh.mrk"); 246 Mrk_Build *bld = mrk_build_load("Marrakesh.mrk");
207 if (!bld) _mrk_err("Failed to load Marrakesh.mrk\n"); 247 if (!bld) _mrk_err("Failed to load Marrakesh.mrk\n");
208 snprintf(tmp, sizeof(tmp), "%s-%s.mks", bld->name, bld->version); 248 snprintf(tmp, sizeof(tmp), "%s-%s.mks", bld->name, bld->version);
209 if (!mrk_build_package_src(bld, "Marrakesh.mrk", tmp)) 249 if (!mrk_build_package_src(bld, "Marrakesh.mrk", tmp,
250 key_cert, key_priv))
210 { 251 {
211 mrk_build_free(bld); 252 mrk_build_free(bld);
212 _mrk_err("Failed to package up source\n"); 253 _mrk_err("Failed to package up source\n");
@@ -220,13 +261,20 @@ main(int argc, char **argv)
220 if (!bld) _mrk_err("Failed to load Marrakesh.mrk\n"); 261 if (!bld) _mrk_err("Failed to load Marrakesh.mrk\n");
221 snprintf(tmp, sizeof(tmp), "%s-%s.mkb", bld->name, bld->version); 262 snprintf(tmp, sizeof(tmp), "%s-%s.mkb", bld->name, bld->version);
222 if (!ecore_file_exists(build_tmpdir)) _mrk_err("No build dir!\n"); 263 if (!ecore_file_exists(build_tmpdir)) _mrk_err("No build dir!\n");
223 if (!mrk_build_package_bin(bld, tmp, build_tmpdir, os, arch)) 264 if (!mrk_build_package_bin(bld, tmp, build_tmpdir, os, arch,
265 key_cert, key_priv))
224 { 266 {
225 mrk_build_free(bld); 267 mrk_build_free(bld);
226 _mrk_err("Failed to package up binary\n"); 268 _mrk_err("Failed to package up binary\n");
227 } 269 }
228 mrk_build_free(bld); 270 mrk_build_free(bld);
229 } 271 }
272 else if (!strcmp(argv[1], "verify"))
273 {
274 if (argc < 2) _mrk_err("Must provide FILE.MK[SB]\n");
275 if (!mrk_package_verify(argv[2], key_cert)) _mrk_err("Failed to verify\n");
276 printf("OK\n");
277 }
230 else if (!strcmp(argv[1], "extract")) 278 else if (!strcmp(argv[1], "extract"))
231 { 279 {
232 if (argc < 2) _mrk_err("Must provide FILE.MKS\n"); 280 if (argc < 2) _mrk_err("Must provide FILE.MKS\n");
@@ -267,13 +315,15 @@ main(int argc, char **argv)
267 _mrk_err("Failed to build Marrakesh.mrk\n"); 315 _mrk_err("Failed to build Marrakesh.mrk\n");
268 } 316 }
269 snprintf(tmp, sizeof(tmp), "%s-%s.mks", bld->name, bld->version); 317 snprintf(tmp, sizeof(tmp), "%s-%s.mks", bld->name, bld->version);
270 if (!mrk_build_package_src(bld, "Marrakesh.mrk", tmp)) 318 if (!mrk_build_package_src(bld, "Marrakesh.mrk", tmp,
319 key_cert, key_priv))
271 { 320 {
272 mrk_build_free(bld); 321 mrk_build_free(bld);
273 _mrk_err("Failed to package up source\n"); 322 _mrk_err("Failed to package up source\n");
274 } 323 }
275 snprintf(tmp, sizeof(tmp), "%s-%s.mkb", bld->name, bld->version); 324 snprintf(tmp, sizeof(tmp), "%s-%s.mkb", bld->name, bld->version);
276 if (!mrk_build_package_bin(bld, tmp, build_tmpdir, os, arch)) 325 if (!mrk_build_package_bin(bld, tmp, build_tmpdir, os, arch,
326 key_cert, key_priv))
277 { 327 {
278 mrk_build_free(bld); 328 mrk_build_free(bld);
279 _mrk_err("Failed to package up binary\n"); 329 _mrk_err("Failed to package up binary\n");
@@ -339,7 +389,8 @@ main(int argc, char **argv)
339 Mrk_Build *bld = mrk_build_load("Marrakesh.mrk"); 389 Mrk_Build *bld = mrk_build_load("Marrakesh.mrk");
340 if (!bld) _mrk_err("Failed to load Marrakesh.mrk\n"); 390 if (!bld) _mrk_err("Failed to load Marrakesh.mrk\n");
341 snprintf(tmp, sizeof(tmp), "%s-%s.mks", bld->name, bld->version); 391 snprintf(tmp, sizeof(tmp), "%s-%s.mks", bld->name, bld->version);
342 if (!mrk_build_package_src(bld, "Marrakesh.mrk", tmp)) 392 if (!mrk_build_package_src(bld, "Marrakesh.mrk", tmp,
393 key_cert, key_priv))
343 { 394 {
344 mrk_build_free(bld); 395 mrk_build_free(bld);
345 _mrk_err("Failed to package up source\n"); 396 _mrk_err("Failed to package up source\n");
diff --git a/mrklib.h b/mrklib.h
index 78281e0..54ace32 100644
--- a/mrklib.h
+++ b/mrklib.h
@@ -129,11 +129,12 @@ struct _Mrk_Build
129EAPI Mrk_Build *mrk_build_load(const char *file); 129EAPI Mrk_Build *mrk_build_load(const char *file);
130EAPI void mrk_build_free(Mrk_Build *bld); 130EAPI void mrk_build_free(Mrk_Build *bld);
131EAPI Eina_Bool mrk_build_do(Mrk_Build *bld, const char *tmpd, const char *objd); 131EAPI Eina_Bool mrk_build_do(Mrk_Build *bld, const char *tmpd, const char *objd);
132EAPI Eina_Bool mrk_build_package_bin(Mrk_Build *bld, const char *file, const char *tmpd, const char *os, const char *arch); 132EAPI Eina_Bool mrk_build_package_bin(Mrk_Build *bld, const char *file, const char *tmpd, const char *os, const char *arch, const char *key_cert_file, const char *key_priv_file);
133EAPI Eina_Bool mrk_build_package_src(Mrk_Build *bld, const char *buildfile, const char *file); 133EAPI Eina_Bool mrk_build_package_src(Mrk_Build *bld, const char *buildfile, const char *file, const char *key_cert_file, const char *key_priv_file);
134 134
135EAPI Eina_Bool mrk_package_src_extract(const char *file, const char *dst); 135EAPI Eina_Bool mrk_package_src_extract(const char *file, const char *dst);
136EAPI Eina_Bool mrk_package_bin_clean(void); 136EAPI Eina_Bool mrk_package_bin_clean(void);
137EAPI Eina_Bool mrk_package_verify(const char *file, const char *key_cert_file);
137EAPI Eina_Bool mrk_package_bin_install(const char *file, const char *os, const char *arch); 138EAPI Eina_Bool mrk_package_bin_install(const char *file, const char *os, const char *arch);
138EAPI Eina_Bool mrk_package_bin_remove(const char *name); 139EAPI Eina_Bool mrk_package_bin_remove(const char *name);
139 140
diff --git a/mrklib_buildfile.c b/mrklib_buildfile.c
index c7f8036..4a21cf5 100644
--- a/mrklib_buildfile.c
+++ b/mrklib_buildfile.c
@@ -798,14 +798,16 @@ package_bin_iter(Eet_File *ef, const char *dir, const char *key)
798} 798}
799 799
800EAPI Eina_Bool 800EAPI Eina_Bool
801mrk_build_package_bin(Mrk_Build *bld, const char *file, const char *tmpd, const char *os, const char *arch) 801mrk_build_package_bin(Mrk_Build *bld, const char *file, const char *tmpd, const char *os, const char *arch, const char *key_cert_file, const char *key_priv_file)
802{ 802{
803 Eet_File *ef; 803 Eet_File *ef;
804 Eet_Key *key;
804 char tmp[4096]; 805 char tmp[4096];
805 Eina_List *l; 806 Eina_List *l;
806 char *s; 807 char *s;
807 int i; 808 int i;
808 809
810#define err(reason) do { fprintf(stderr, "%s\n", reason); goto error; } while (0)
809 ef = eet_open(file, EET_FILE_MODE_WRITE); 811 ef = eet_open(file, EET_FILE_MODE_WRITE);
810 if (ef) 812 if (ef)
811 { 813 {
@@ -836,14 +838,22 @@ mrk_build_package_bin(Mrk_Build *bld, const char *file, const char *tmpd, const
836 WRTS(tmp, s); 838 WRTS(tmp, s);
837 } 839 }
838 package_bin_iter(ef, tmpd, "bin/f"); 840 package_bin_iter(ef, tmpd, "bin/f");
841
842 key = eet_identity_open(key_cert_file, key_priv_file, NULL);
843 if (!key) err("can't open prive + certificate key files");
844 eet_identity_set(ef, key);
845 eet_identity_close(key);
839 eet_close(ef); 846 eet_close(ef);
840 return EINA_TRUE; 847 return EINA_TRUE;
841 } 848 }
849#undef err
850error:
851 if (ef) eet_close(ef);
842 return EINA_FALSE; 852 return EINA_FALSE;
843} 853}
844 854
845EAPI Eina_Bool 855EAPI Eina_Bool
846mrk_build_package_src(Mrk_Build *bld, const char *buildfile, const char *file) 856mrk_build_package_src(Mrk_Build *bld, const char *buildfile, const char *file, const char *key_cert_file, const char *key_priv_file)
847{ 857{
848 Eet_File *ef; 858 Eet_File *ef;
849 char tmp[4096]; 859 char tmp[4096];
@@ -854,6 +864,7 @@ mrk_build_package_src(Mrk_Build *bld, const char *buildfile, const char *file)
854 if (ef) 864 if (ef)
855 { 865 {
856 Eina_File *enf; 866 Eina_File *enf;
867 Eet_Key *key;
857 Eina_List *l, *ll; 868 Eina_List *l, *ll;
858 void *mem; 869 void *mem;
859 size_t size; 870 size_t size;
@@ -903,6 +914,10 @@ mrk_build_package_src(Mrk_Build *bld, const char *buildfile, const char *file)
903 snprintf(tmp, sizeof(tmp), "src/%s", data->src); 914 snprintf(tmp, sizeof(tmp), "src/%s", data->src);
904 package_file(ef, data->src, tmp); 915 package_file(ef, data->src, tmp);
905 } 916 }
917 key = eet_identity_open(key_cert_file, key_priv_file, NULL);
918 if (!key) err("can't open prive + certificate key files");
919 eet_identity_set(ef, key);
920 eet_identity_close(key);
906 eet_close(ef); 921 eet_close(ef);
907 return EINA_TRUE; 922 return EINA_TRUE;
908 } 923 }
diff --git a/mrklib_package.c b/mrklib_package.c
index 00a4a28..201b3b2 100644
--- a/mrklib_package.c
+++ b/mrklib_package.c
@@ -156,6 +156,19 @@ mrk_package_bin_clean(void)
156} 156}
157 157
158EAPI Eina_Bool 158EAPI Eina_Bool
159mrk_package_verify(const char *file, const char *key_cert_file)
160{
161 Eet_File *ef;
162 Eina_Bool ok = EINA_FALSE;
163
164 ef = eet_open(file, EET_FILE_MODE_READ);
165 if (!ef) return EINA_FALSE;
166 if (eet_identity_verify(ef, key_cert_file)) ok = EINA_TRUE;
167 eet_close(ef);
168 return ok;
169}
170
171EAPI Eina_Bool
159mrk_package_bin_install(const char *file, const char *os, const char *arch) 172mrk_package_bin_install(const char *file, const char *os, const char *arch)
160{ 173{
161 Eet_File *ef, *ef2; 174 Eet_File *ef, *ef2;