enlightenment
/
marrakesh
7
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add package verification and signing... and creation of keys

This commit is contained in:
Carsten Haitzler 2014-11-28 19:22:40 +09:00
parent cccce16986
commit 7626fb9b8d
4 changed files with 89 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
mrk.c
View File

@ -17,6 +17,10 @@ static const char *build_chkdir = "Marrakesh-Check";
static const char *build_objdir = "Marrakesh-Obj";
static const char *arch = NULL;
static const char *os = NULL;
static char key_priv_buf[4096];
static char key_cert_buf[4096];
static const char *key_priv = NULL;
static const char *key_cert = NULL;
static Eina_Bool move_to_cwd = EINA_FALSE;
static Eina_Bool install_bin = EINA_FALSE;
@ -153,6 +157,8 @@ main(int argc, char **argv)
" bin\n"
" check\n"
" src\n"
" newkey\n"
" verify FILE\n"
" extract FILE\n"
" inst FILE\n"
" rm PKGNAME\n"
@ -175,6 +181,13 @@ main(int argc, char **argv)
os = mrk_os_get();
arch = mrk_arch_get();
snprintf(key_priv_buf, sizeof(key_priv_buf),
"%s/.marrakesh/keys/default-priv.pem", getenv("HOME"));
snprintf(key_cert_buf, sizeof(key_cert_buf),
"%s/.marrakesh/keys/default-cert.pem", getenv("HOME"));
key_priv = key_priv_buf;
key_cert = key_cert_buf;
if (getenv("MRKHOST")) server_host = getenv("MRKHOST");
if (getenv("MRKPORT")) server_port = atoi(getenv("MRKPORT"));
if (getenv("MRKARCH")) arch = getenv("MRKARCH");
@ -182,6 +195,8 @@ main(int argc, char **argv)
if (getenv("MRKDIR")) build_tmpdir = getenv("MRKDIR");
if (getenv("MRKCHKDIR")) build_chkdir = getenv("MRKCHKDIR");
if (getenv("MRKOBJDIR")) build_objdir = getenv("MRKOBJDIR");
if (getenv("MRKKEY")) key_priv = getenv("MRKKEY");
if (getenv("MRKCERT")) key_cert = getenv("MRKCERT");
if (!strcmp(argv[1], "build"))
{
@ -200,13 +215,39 @@ main(int argc, char **argv)
ecore_file_recursive_rm(build_chkdir);
ecore_file_recursive_rm(build_objdir);
}
else if (!strcmp(argv[1], "newkey"))
{
char tmp[4096];
snprintf(tmp, sizeof(tmp), "%s/.marrakesh/keys", getenv("HOME"));
ecore_file_mkpath(tmp);
snprintf(tmp, sizeof(tmp),
"openssl genrsa -out "
"%s/.marrakesh/keys/default-priv.pem "
"4096"
,
getenv("HOME"));
system(tmp);
snprintf(tmp, sizeof(tmp),
"openssl req "
"-x509 -new "
"-key %s/.marrakesh/keys/default-priv.pem "
"-out %s/.marrakesh/keys/default-cert.pem "
"-days 999999 "
"-subj /prompt=no"
,
getenv("HOME"),
getenv("HOME"));
system(tmp);
}
else if (!strcmp(argv[1], "src"))
{
char tmp[4096];
Mrk_Build *bld = mrk_build_load("Marrakesh.mrk");
if (!bld) _mrk_err("Failed to load Marrakesh.mrk\n");
snprintf(tmp, sizeof(tmp), "%s-%s.mks", bld->name, bld->version);
if (!mrk_build_package_src(bld, "Marrakesh.mrk", tmp))
if (!mrk_build_package_src(bld, "Marrakesh.mrk", tmp,
key_cert, key_priv))
{
mrk_build_free(bld);
_mrk_err("Failed to package up source\n");
@ -220,13 +261,20 @@ main(int argc, char **argv)
if (!bld) _mrk_err("Failed to load Marrakesh.mrk\n");
snprintf(tmp, sizeof(tmp), "%s-%s.mkb", bld->name, bld->version);
if (!ecore_file_exists(build_tmpdir)) _mrk_err("No build dir!\n");
if (!mrk_build_package_bin(bld, tmp, build_tmpdir, os, arch))
if (!mrk_build_package_bin(bld, tmp, build_tmpdir, os, arch,
key_cert, key_priv))
{
mrk_build_free(bld);
_mrk_err("Failed to package up binary\n");
}
mrk_build_free(bld);
}
else if (!strcmp(argv[1], "verify"))
{
if (argc < 2) _mrk_err("Must provide FILE.MK[SB]\n");
if (!mrk_package_verify(argv[2], key_cert)) _mrk_err("Failed to verify\n");
printf("OK\n");
}
else if (!strcmp(argv[1], "extract"))
{
if (argc < 2) _mrk_err("Must provide FILE.MKS\n");
@ -267,13 +315,15 @@ main(int argc, char **argv)
_mrk_err("Failed to build Marrakesh.mrk\n");
}
snprintf(tmp, sizeof(tmp), "%s-%s.mks", bld->name, bld->version);
if (!mrk_build_package_src(bld, "Marrakesh.mrk", tmp))
if (!mrk_build_package_src(bld, "Marrakesh.mrk", tmp,
key_cert, key_priv))
{
mrk_build_free(bld);
_mrk_err("Failed to package up source\n");
}
snprintf(tmp, sizeof(tmp), "%s-%s.mkb", bld->name, bld->version);
if (!mrk_build_package_bin(bld, tmp, build_tmpdir, os, arch))
if (!mrk_build_package_bin(bld, tmp, build_tmpdir, os, arch,
key_cert, key_priv))
{
mrk_build_free(bld);
_mrk_err("Failed to package up binary\n");
@ -339,7 +389,8 @@ main(int argc, char **argv)
Mrk_Build *bld = mrk_build_load("Marrakesh.mrk");
if (!bld) _mrk_err("Failed to load Marrakesh.mrk\n");
snprintf(tmp, sizeof(tmp), "%s-%s.mks", bld->name, bld->version);
if (!mrk_build_package_src(bld, "Marrakesh.mrk", tmp))
if (!mrk_build_package_src(bld, "Marrakesh.mrk", tmp,
key_cert, key_priv))
{
mrk_build_free(bld);
_mrk_err("Failed to package up source\n");

5
mrklib.h
View File

@ -129,11 +129,12 @@ struct _Mrk_Build
EAPI Mrk_Build *mrk_build_load(const char *file);
EAPI void mrk_build_free(Mrk_Build *bld);
EAPI Eina_Bool mrk_build_do(Mrk_Build *bld, const char *tmpd, const char *objd);
EAPI Eina_Bool mrk_build_package_bin(Mrk_Build *bld, const char *file, const char *tmpd, const char *os, const char *arch);
EAPI Eina_Bool mrk_build_package_src(Mrk_Build *bld, const char *buildfile, const char *file);
EAPI Eina_Bool mrk_build_package_bin(Mrk_Build *bld, const char *file, const char *tmpd, const char *os, const char *arch, const char *key_cert_file, const char *key_priv_file);
EAPI Eina_Bool mrk_build_package_src(Mrk_Build *bld, const char *buildfile, const char *file, const char *key_cert_file, const char *key_priv_file);
EAPI Eina_Bool mrk_package_src_extract(const char *file, const char *dst);
EAPI Eina_Bool mrk_package_bin_clean(void);
EAPI Eina_Bool mrk_package_verify(const char *file, const char *key_cert_file);
EAPI Eina_Bool mrk_package_bin_install(const char *file, const char *os, const char *arch);
EAPI Eina_Bool mrk_package_bin_remove(const char *name);

19
mrklib_buildfile.c
View File

@ -798,14 +798,16 @@ package_bin_iter(Eet_File *ef, const char *dir, const char *key)
}
EAPI Eina_Bool
mrk_build_package_bin(Mrk_Build *bld, const char *file, const char *tmpd, const char *os, const char *arch)
mrk_build_package_bin(Mrk_Build *bld, const char *file, const char *tmpd, const char *os, const char *arch, const char *key_cert_file, const char *key_priv_file)
{
Eet_File *ef;
Eet_Key *key;
char tmp[4096];
Eina_List *l;
char *s;
int i;
#define err(reason) do { fprintf(stderr, "%s\n", reason); goto error; } while (0)
ef = eet_open(file, EET_FILE_MODE_WRITE);
if (ef)
{
@ -836,14 +838,22 @@ mrk_build_package_bin(Mrk_Build *bld, const char *file, const char *tmpd, const
WRTS(tmp, s);
}
package_bin_iter(ef, tmpd, "bin/f");
key = eet_identity_open(key_cert_file, key_priv_file, NULL);
if (!key) err("can't open prive + certificate key files");
eet_identity_set(ef, key);
eet_identity_close(key);
eet_close(ef);
return EINA_TRUE;
}
#undef err
error:
if (ef) eet_close(ef);
return EINA_FALSE;
}
EAPI Eina_Bool
mrk_build_package_src(Mrk_Build *bld, const char *buildfile, const char *file)
mrk_build_package_src(Mrk_Build *bld, const char *buildfile, const char *file, const char *key_cert_file, const char *key_priv_file)
{
Eet_File *ef;
char tmp[4096];
@ -854,6 +864,7 @@ mrk_build_package_src(Mrk_Build *bld, const char *buildfile, const char *file)
if (ef)
{
Eina_File *enf;
Eet_Key *key;
Eina_List *l, *ll;
void *mem;
size_t size;
@ -903,6 +914,10 @@ mrk_build_package_src(Mrk_Build *bld, const char *buildfile, const char *file)
snprintf(tmp, sizeof(tmp), "src/%s", data->src);
package_file(ef, data->src, tmp);
}
key = eet_identity_open(key_cert_file, key_priv_file, NULL);
if (!key) err("can't open prive + certificate key files");
eet_identity_set(ef, key);
eet_identity_close(key);
eet_close(ef);
return EINA_TRUE;
}

13
mrklib_package.c
View File

@ -155,6 +155,19 @@ mrk_package_bin_clean(void)
return 1;
}
EAPI Eina_Bool
mrk_package_verify(const char *file, const char *key_cert_file)
{
Eet_File *ef;
Eina_Bool ok = EINA_FALSE;
ef = eet_open(file, EET_FILE_MODE_READ);
if (!ef) return EINA_FALSE;
if (eet_identity_verify(ef, key_cert_file)) ok = EINA_TRUE;
eet_close(ef);
return ok;
}
EAPI Eina_Bool
mrk_package_bin_install(const char *file, const char *os, const char *arch)
{