add package verification and signing... and creation of keys
This commit is contained in:
parent
cccce16986
commit
7626fb9b8d
61
mrk.c
61
mrk.c
|
@ -17,6 +17,10 @@ static const char *build_chkdir = "Marrakesh-Check";
|
|||
static const char *build_objdir = "Marrakesh-Obj";
|
||||
static const char *arch = NULL;
|
||||
static const char *os = NULL;
|
||||
static char key_priv_buf[4096];
|
||||
static char key_cert_buf[4096];
|
||||
static const char *key_priv = NULL;
|
||||
static const char *key_cert = NULL;
|
||||
|
||||
static Eina_Bool move_to_cwd = EINA_FALSE;
|
||||
static Eina_Bool install_bin = EINA_FALSE;
|
||||
|
@ -153,6 +157,8 @@ main(int argc, char **argv)
|
|||
" bin\n"
|
||||
" check\n"
|
||||
" src\n"
|
||||
" newkey\n"
|
||||
" verify FILE\n"
|
||||
" extract FILE\n"
|
||||
" inst FILE\n"
|
||||
" rm PKGNAME\n"
|
||||
|
@ -175,6 +181,13 @@ main(int argc, char **argv)
|
|||
os = mrk_os_get();
|
||||
arch = mrk_arch_get();
|
||||
|
||||
snprintf(key_priv_buf, sizeof(key_priv_buf),
|
||||
"%s/.marrakesh/keys/default-priv.pem", getenv("HOME"));
|
||||
snprintf(key_cert_buf, sizeof(key_cert_buf),
|
||||
"%s/.marrakesh/keys/default-cert.pem", getenv("HOME"));
|
||||
key_priv = key_priv_buf;
|
||||
key_cert = key_cert_buf;
|
||||
|
||||
if (getenv("MRKHOST")) server_host = getenv("MRKHOST");
|
||||
if (getenv("MRKPORT")) server_port = atoi(getenv("MRKPORT"));
|
||||
if (getenv("MRKARCH")) arch = getenv("MRKARCH");
|
||||
|
@ -182,6 +195,8 @@ main(int argc, char **argv)
|
|||
if (getenv("MRKDIR")) build_tmpdir = getenv("MRKDIR");
|
||||
if (getenv("MRKCHKDIR")) build_chkdir = getenv("MRKCHKDIR");
|
||||
if (getenv("MRKOBJDIR")) build_objdir = getenv("MRKOBJDIR");
|
||||
if (getenv("MRKKEY")) key_priv = getenv("MRKKEY");
|
||||
if (getenv("MRKCERT")) key_cert = getenv("MRKCERT");
|
||||
|
||||
if (!strcmp(argv[1], "build"))
|
||||
{
|
||||
|
@ -200,13 +215,39 @@ main(int argc, char **argv)
|
|||
ecore_file_recursive_rm(build_chkdir);
|
||||
ecore_file_recursive_rm(build_objdir);
|
||||
}
|
||||
else if (!strcmp(argv[1], "newkey"))
|
||||
{
|
||||
char tmp[4096];
|
||||
|
||||
snprintf(tmp, sizeof(tmp), "%s/.marrakesh/keys", getenv("HOME"));
|
||||
ecore_file_mkpath(tmp);
|
||||
snprintf(tmp, sizeof(tmp),
|
||||
"openssl genrsa -out "
|
||||
"%s/.marrakesh/keys/default-priv.pem "
|
||||
"4096"
|
||||
,
|
||||
getenv("HOME"));
|
||||
system(tmp);
|
||||
snprintf(tmp, sizeof(tmp),
|
||||
"openssl req "
|
||||
"-x509 -new "
|
||||
"-key %s/.marrakesh/keys/default-priv.pem "
|
||||
"-out %s/.marrakesh/keys/default-cert.pem "
|
||||
"-days 999999 "
|
||||
"-subj /prompt=no"
|
||||
,
|
||||
getenv("HOME"),
|
||||
getenv("HOME"));
|
||||
system(tmp);
|
||||
}
|
||||
else if (!strcmp(argv[1], "src"))
|
||||
{
|
||||
char tmp[4096];
|
||||
Mrk_Build *bld = mrk_build_load("Marrakesh.mrk");
|
||||
if (!bld) _mrk_err("Failed to load Marrakesh.mrk\n");
|
||||
snprintf(tmp, sizeof(tmp), "%s-%s.mks", bld->name, bld->version);
|
||||
if (!mrk_build_package_src(bld, "Marrakesh.mrk", tmp))
|
||||
if (!mrk_build_package_src(bld, "Marrakesh.mrk", tmp,
|
||||
key_cert, key_priv))
|
||||
{
|
||||
mrk_build_free(bld);
|
||||
_mrk_err("Failed to package up source\n");
|
||||
|
@ -220,13 +261,20 @@ main(int argc, char **argv)
|
|||
if (!bld) _mrk_err("Failed to load Marrakesh.mrk\n");
|
||||
snprintf(tmp, sizeof(tmp), "%s-%s.mkb", bld->name, bld->version);
|
||||
if (!ecore_file_exists(build_tmpdir)) _mrk_err("No build dir!\n");
|
||||
if (!mrk_build_package_bin(bld, tmp, build_tmpdir, os, arch))
|
||||
if (!mrk_build_package_bin(bld, tmp, build_tmpdir, os, arch,
|
||||
key_cert, key_priv))
|
||||
{
|
||||
mrk_build_free(bld);
|
||||
_mrk_err("Failed to package up binary\n");
|
||||
}
|
||||
mrk_build_free(bld);
|
||||
}
|
||||
else if (!strcmp(argv[1], "verify"))
|
||||
{
|
||||
if (argc < 2) _mrk_err("Must provide FILE.MK[SB]\n");
|
||||
if (!mrk_package_verify(argv[2], key_cert)) _mrk_err("Failed to verify\n");
|
||||
printf("OK\n");
|
||||
}
|
||||
else if (!strcmp(argv[1], "extract"))
|
||||
{
|
||||
if (argc < 2) _mrk_err("Must provide FILE.MKS\n");
|
||||
|
@ -267,13 +315,15 @@ main(int argc, char **argv)
|
|||
_mrk_err("Failed to build Marrakesh.mrk\n");
|
||||
}
|
||||
snprintf(tmp, sizeof(tmp), "%s-%s.mks", bld->name, bld->version);
|
||||
if (!mrk_build_package_src(bld, "Marrakesh.mrk", tmp))
|
||||
if (!mrk_build_package_src(bld, "Marrakesh.mrk", tmp,
|
||||
key_cert, key_priv))
|
||||
{
|
||||
mrk_build_free(bld);
|
||||
_mrk_err("Failed to package up source\n");
|
||||
}
|
||||
snprintf(tmp, sizeof(tmp), "%s-%s.mkb", bld->name, bld->version);
|
||||
if (!mrk_build_package_bin(bld, tmp, build_tmpdir, os, arch))
|
||||
if (!mrk_build_package_bin(bld, tmp, build_tmpdir, os, arch,
|
||||
key_cert, key_priv))
|
||||
{
|
||||
mrk_build_free(bld);
|
||||
_mrk_err("Failed to package up binary\n");
|
||||
|
@ -339,7 +389,8 @@ main(int argc, char **argv)
|
|||
Mrk_Build *bld = mrk_build_load("Marrakesh.mrk");
|
||||
if (!bld) _mrk_err("Failed to load Marrakesh.mrk\n");
|
||||
snprintf(tmp, sizeof(tmp), "%s-%s.mks", bld->name, bld->version);
|
||||
if (!mrk_build_package_src(bld, "Marrakesh.mrk", tmp))
|
||||
if (!mrk_build_package_src(bld, "Marrakesh.mrk", tmp,
|
||||
key_cert, key_priv))
|
||||
{
|
||||
mrk_build_free(bld);
|
||||
_mrk_err("Failed to package up source\n");
|
||||
|
|
5
mrklib.h
5
mrklib.h
|
@ -129,11 +129,12 @@ struct _Mrk_Build
|
|||
EAPI Mrk_Build *mrk_build_load(const char *file);
|
||||
EAPI void mrk_build_free(Mrk_Build *bld);
|
||||
EAPI Eina_Bool mrk_build_do(Mrk_Build *bld, const char *tmpd, const char *objd);
|
||||
EAPI Eina_Bool mrk_build_package_bin(Mrk_Build *bld, const char *file, const char *tmpd, const char *os, const char *arch);
|
||||
EAPI Eina_Bool mrk_build_package_src(Mrk_Build *bld, const char *buildfile, const char *file);
|
||||
EAPI Eina_Bool mrk_build_package_bin(Mrk_Build *bld, const char *file, const char *tmpd, const char *os, const char *arch, const char *key_cert_file, const char *key_priv_file);
|
||||
EAPI Eina_Bool mrk_build_package_src(Mrk_Build *bld, const char *buildfile, const char *file, const char *key_cert_file, const char *key_priv_file);
|
||||
|
||||
EAPI Eina_Bool mrk_package_src_extract(const char *file, const char *dst);
|
||||
EAPI Eina_Bool mrk_package_bin_clean(void);
|
||||
EAPI Eina_Bool mrk_package_verify(const char *file, const char *key_cert_file);
|
||||
EAPI Eina_Bool mrk_package_bin_install(const char *file, const char *os, const char *arch);
|
||||
EAPI Eina_Bool mrk_package_bin_remove(const char *name);
|
||||
|
||||
|
|
|
@ -798,14 +798,16 @@ package_bin_iter(Eet_File *ef, const char *dir, const char *key)
|
|||
}
|
||||
|
||||
EAPI Eina_Bool
|
||||
mrk_build_package_bin(Mrk_Build *bld, const char *file, const char *tmpd, const char *os, const char *arch)
|
||||
mrk_build_package_bin(Mrk_Build *bld, const char *file, const char *tmpd, const char *os, const char *arch, const char *key_cert_file, const char *key_priv_file)
|
||||
{
|
||||
Eet_File *ef;
|
||||
Eet_Key *key;
|
||||
char tmp[4096];
|
||||
Eina_List *l;
|
||||
char *s;
|
||||
int i;
|
||||
|
||||
#define err(reason) do { fprintf(stderr, "%s\n", reason); goto error; } while (0)
|
||||
ef = eet_open(file, EET_FILE_MODE_WRITE);
|
||||
if (ef)
|
||||
{
|
||||
|
@ -836,14 +838,22 @@ mrk_build_package_bin(Mrk_Build *bld, const char *file, const char *tmpd, const
|
|||
WRTS(tmp, s);
|
||||
}
|
||||
package_bin_iter(ef, tmpd, "bin/f");
|
||||
|
||||
key = eet_identity_open(key_cert_file, key_priv_file, NULL);
|
||||
if (!key) err("can't open prive + certificate key files");
|
||||
eet_identity_set(ef, key);
|
||||
eet_identity_close(key);
|
||||
eet_close(ef);
|
||||
return EINA_TRUE;
|
||||
}
|
||||
#undef err
|
||||
error:
|
||||
if (ef) eet_close(ef);
|
||||
return EINA_FALSE;
|
||||
}
|
||||
|
||||
EAPI Eina_Bool
|
||||
mrk_build_package_src(Mrk_Build *bld, const char *buildfile, const char *file)
|
||||
mrk_build_package_src(Mrk_Build *bld, const char *buildfile, const char *file, const char *key_cert_file, const char *key_priv_file)
|
||||
{
|
||||
Eet_File *ef;
|
||||
char tmp[4096];
|
||||
|
@ -854,6 +864,7 @@ mrk_build_package_src(Mrk_Build *bld, const char *buildfile, const char *file)
|
|||
if (ef)
|
||||
{
|
||||
Eina_File *enf;
|
||||
Eet_Key *key;
|
||||
Eina_List *l, *ll;
|
||||
void *mem;
|
||||
size_t size;
|
||||
|
@ -903,6 +914,10 @@ mrk_build_package_src(Mrk_Build *bld, const char *buildfile, const char *file)
|
|||
snprintf(tmp, sizeof(tmp), "src/%s", data->src);
|
||||
package_file(ef, data->src, tmp);
|
||||
}
|
||||
key = eet_identity_open(key_cert_file, key_priv_file, NULL);
|
||||
if (!key) err("can't open prive + certificate key files");
|
||||
eet_identity_set(ef, key);
|
||||
eet_identity_close(key);
|
||||
eet_close(ef);
|
||||
return EINA_TRUE;
|
||||
}
|
||||
|
|
|
@ -155,6 +155,19 @@ mrk_package_bin_clean(void)
|
|||
return 1;
|
||||
}
|
||||
|
||||
EAPI Eina_Bool
|
||||
mrk_package_verify(const char *file, const char *key_cert_file)
|
||||
{
|
||||
Eet_File *ef;
|
||||
Eina_Bool ok = EINA_FALSE;
|
||||
|
||||
ef = eet_open(file, EET_FILE_MODE_READ);
|
||||
if (!ef) return EINA_FALSE;
|
||||
if (eet_identity_verify(ef, key_cert_file)) ok = EINA_TRUE;
|
||||
eet_close(ef);
|
||||
return ok;
|
||||
}
|
||||
|
||||
EAPI Eina_Bool
|
||||
mrk_package_bin_install(const char *file, const char *os, const char *arch)
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue