diff --git a/mrk.c b/mrk.c index 5c31fab..5449b5e 100644 --- a/mrk.c +++ b/mrk.c @@ -17,6 +17,10 @@ static const char *build_chkdir = "Marrakesh-Check"; static const char *build_objdir = "Marrakesh-Obj"; static const char *arch = NULL; static const char *os = NULL; +static char key_priv_buf[4096]; +static char key_cert_buf[4096]; +static const char *key_priv = NULL; +static const char *key_cert = NULL; static Eina_Bool move_to_cwd = EINA_FALSE; static Eina_Bool install_bin = EINA_FALSE; @@ -153,6 +157,8 @@ main(int argc, char **argv) " bin\n" " check\n" " src\n" + " newkey\n" + " verify FILE\n" " extract FILE\n" " inst FILE\n" " rm PKGNAME\n" @@ -175,6 +181,13 @@ main(int argc, char **argv) os = mrk_os_get(); arch = mrk_arch_get(); + snprintf(key_priv_buf, sizeof(key_priv_buf), + "%s/.marrakesh/keys/default-priv.pem", getenv("HOME")); + snprintf(key_cert_buf, sizeof(key_cert_buf), + "%s/.marrakesh/keys/default-cert.pem", getenv("HOME")); + key_priv = key_priv_buf; + key_cert = key_cert_buf; + if (getenv("MRKHOST")) server_host = getenv("MRKHOST"); if (getenv("MRKPORT")) server_port = atoi(getenv("MRKPORT")); if (getenv("MRKARCH")) arch = getenv("MRKARCH"); @@ -182,6 +195,8 @@ main(int argc, char **argv) if (getenv("MRKDIR")) build_tmpdir = getenv("MRKDIR"); if (getenv("MRKCHKDIR")) build_chkdir = getenv("MRKCHKDIR"); if (getenv("MRKOBJDIR")) build_objdir = getenv("MRKOBJDIR"); + if (getenv("MRKKEY")) key_priv = getenv("MRKKEY"); + if (getenv("MRKCERT")) key_cert = getenv("MRKCERT"); if (!strcmp(argv[1], "build")) { @@ -200,13 +215,39 @@ main(int argc, char **argv) ecore_file_recursive_rm(build_chkdir); ecore_file_recursive_rm(build_objdir); } + else if (!strcmp(argv[1], "newkey")) + { + char tmp[4096]; + + snprintf(tmp, sizeof(tmp), "%s/.marrakesh/keys", getenv("HOME")); + ecore_file_mkpath(tmp); + snprintf(tmp, sizeof(tmp), + "openssl genrsa -out " + "%s/.marrakesh/keys/default-priv.pem " + "4096" + , + getenv("HOME")); + system(tmp); + snprintf(tmp, sizeof(tmp), + "openssl req " + "-x509 -new " + "-key %s/.marrakesh/keys/default-priv.pem " + "-out %s/.marrakesh/keys/default-cert.pem " + "-days 999999 " + "-subj /prompt=no" + , + getenv("HOME"), + getenv("HOME")); + system(tmp); + } else if (!strcmp(argv[1], "src")) { char tmp[4096]; Mrk_Build *bld = mrk_build_load("Marrakesh.mrk"); if (!bld) _mrk_err("Failed to load Marrakesh.mrk\n"); snprintf(tmp, sizeof(tmp), "%s-%s.mks", bld->name, bld->version); - if (!mrk_build_package_src(bld, "Marrakesh.mrk", tmp)) + if (!mrk_build_package_src(bld, "Marrakesh.mrk", tmp, + key_cert, key_priv)) { mrk_build_free(bld); _mrk_err("Failed to package up source\n"); @@ -220,13 +261,20 @@ main(int argc, char **argv) if (!bld) _mrk_err("Failed to load Marrakesh.mrk\n"); snprintf(tmp, sizeof(tmp), "%s-%s.mkb", bld->name, bld->version); if (!ecore_file_exists(build_tmpdir)) _mrk_err("No build dir!\n"); - if (!mrk_build_package_bin(bld, tmp, build_tmpdir, os, arch)) + if (!mrk_build_package_bin(bld, tmp, build_tmpdir, os, arch, + key_cert, key_priv)) { mrk_build_free(bld); _mrk_err("Failed to package up binary\n"); } mrk_build_free(bld); } + else if (!strcmp(argv[1], "verify")) + { + if (argc < 2) _mrk_err("Must provide FILE.MK[SB]\n"); + if (!mrk_package_verify(argv[2], key_cert)) _mrk_err("Failed to verify\n"); + printf("OK\n"); + } else if (!strcmp(argv[1], "extract")) { if (argc < 2) _mrk_err("Must provide FILE.MKS\n"); @@ -267,13 +315,15 @@ main(int argc, char **argv) _mrk_err("Failed to build Marrakesh.mrk\n"); } snprintf(tmp, sizeof(tmp), "%s-%s.mks", bld->name, bld->version); - if (!mrk_build_package_src(bld, "Marrakesh.mrk", tmp)) + if (!mrk_build_package_src(bld, "Marrakesh.mrk", tmp, + key_cert, key_priv)) { mrk_build_free(bld); _mrk_err("Failed to package up source\n"); } snprintf(tmp, sizeof(tmp), "%s-%s.mkb", bld->name, bld->version); - if (!mrk_build_package_bin(bld, tmp, build_tmpdir, os, arch)) + if (!mrk_build_package_bin(bld, tmp, build_tmpdir, os, arch, + key_cert, key_priv)) { mrk_build_free(bld); _mrk_err("Failed to package up binary\n"); @@ -339,7 +389,8 @@ main(int argc, char **argv) Mrk_Build *bld = mrk_build_load("Marrakesh.mrk"); if (!bld) _mrk_err("Failed to load Marrakesh.mrk\n"); snprintf(tmp, sizeof(tmp), "%s-%s.mks", bld->name, bld->version); - if (!mrk_build_package_src(bld, "Marrakesh.mrk", tmp)) + if (!mrk_build_package_src(bld, "Marrakesh.mrk", tmp, + key_cert, key_priv)) { mrk_build_free(bld); _mrk_err("Failed to package up source\n"); diff --git a/mrklib.h b/mrklib.h index 78281e0..54ace32 100644 --- a/mrklib.h +++ b/mrklib.h @@ -129,11 +129,12 @@ struct _Mrk_Build EAPI Mrk_Build *mrk_build_load(const char *file); EAPI void mrk_build_free(Mrk_Build *bld); EAPI Eina_Bool mrk_build_do(Mrk_Build *bld, const char *tmpd, const char *objd); -EAPI Eina_Bool mrk_build_package_bin(Mrk_Build *bld, const char *file, const char *tmpd, const char *os, const char *arch); -EAPI Eina_Bool mrk_build_package_src(Mrk_Build *bld, const char *buildfile, const char *file); +EAPI Eina_Bool mrk_build_package_bin(Mrk_Build *bld, const char *file, const char *tmpd, const char *os, const char *arch, const char *key_cert_file, const char *key_priv_file); +EAPI Eina_Bool mrk_build_package_src(Mrk_Build *bld, const char *buildfile, const char *file, const char *key_cert_file, const char *key_priv_file); EAPI Eina_Bool mrk_package_src_extract(const char *file, const char *dst); EAPI Eina_Bool mrk_package_bin_clean(void); +EAPI Eina_Bool mrk_package_verify(const char *file, const char *key_cert_file); EAPI Eina_Bool mrk_package_bin_install(const char *file, const char *os, const char *arch); EAPI Eina_Bool mrk_package_bin_remove(const char *name); diff --git a/mrklib_buildfile.c b/mrklib_buildfile.c index c7f8036..4a21cf5 100644 --- a/mrklib_buildfile.c +++ b/mrklib_buildfile.c @@ -798,14 +798,16 @@ package_bin_iter(Eet_File *ef, const char *dir, const char *key) } EAPI Eina_Bool -mrk_build_package_bin(Mrk_Build *bld, const char *file, const char *tmpd, const char *os, const char *arch) +mrk_build_package_bin(Mrk_Build *bld, const char *file, const char *tmpd, const char *os, const char *arch, const char *key_cert_file, const char *key_priv_file) { Eet_File *ef; + Eet_Key *key; char tmp[4096]; Eina_List *l; char *s; int i; +#define err(reason) do { fprintf(stderr, "%s\n", reason); goto error; } while (0) ef = eet_open(file, EET_FILE_MODE_WRITE); if (ef) { @@ -836,14 +838,22 @@ mrk_build_package_bin(Mrk_Build *bld, const char *file, const char *tmpd, const WRTS(tmp, s); } package_bin_iter(ef, tmpd, "bin/f"); + + key = eet_identity_open(key_cert_file, key_priv_file, NULL); + if (!key) err("can't open prive + certificate key files"); + eet_identity_set(ef, key); + eet_identity_close(key); eet_close(ef); return EINA_TRUE; } +#undef err +error: + if (ef) eet_close(ef); return EINA_FALSE; } EAPI Eina_Bool -mrk_build_package_src(Mrk_Build *bld, const char *buildfile, const char *file) +mrk_build_package_src(Mrk_Build *bld, const char *buildfile, const char *file, const char *key_cert_file, const char *key_priv_file) { Eet_File *ef; char tmp[4096]; @@ -854,6 +864,7 @@ mrk_build_package_src(Mrk_Build *bld, const char *buildfile, const char *file) if (ef) { Eina_File *enf; + Eet_Key *key; Eina_List *l, *ll; void *mem; size_t size; @@ -903,6 +914,10 @@ mrk_build_package_src(Mrk_Build *bld, const char *buildfile, const char *file) snprintf(tmp, sizeof(tmp), "src/%s", data->src); package_file(ef, data->src, tmp); } + key = eet_identity_open(key_cert_file, key_priv_file, NULL); + if (!key) err("can't open prive + certificate key files"); + eet_identity_set(ef, key); + eet_identity_close(key); eet_close(ef); return EINA_TRUE; } diff --git a/mrklib_package.c b/mrklib_package.c index 00a4a28..201b3b2 100644 --- a/mrklib_package.c +++ b/mrklib_package.c @@ -155,6 +155,19 @@ mrk_package_bin_clean(void) return 1; } +EAPI Eina_Bool +mrk_package_verify(const char *file, const char *key_cert_file) +{ + Eet_File *ef; + Eina_Bool ok = EINA_FALSE; + + ef = eet_open(file, EET_FILE_MODE_READ); + if (!ef) return EINA_FALSE; + if (eet_identity_verify(ef, key_cert_file)) ok = EINA_TRUE; + eet_close(ef); + return ok; +} + EAPI Eina_Bool mrk_package_bin_install(const char *file, const char *os, const char *arch) {