add package verification and signing... and creation of keys
This commit is contained in:
parent
cccce16986
commit
7626fb9b8d
61
mrk.c
61
mrk.c
|
@ -17,6 +17,10 @@ static const char *build_chkdir = "Marrakesh-Check";
|
||||||
static const char *build_objdir = "Marrakesh-Obj";
|
static const char *build_objdir = "Marrakesh-Obj";
|
||||||
static const char *arch = NULL;
|
static const char *arch = NULL;
|
||||||
static const char *os = NULL;
|
static const char *os = NULL;
|
||||||
|
static char key_priv_buf[4096];
|
||||||
|
static char key_cert_buf[4096];
|
||||||
|
static const char *key_priv = NULL;
|
||||||
|
static const char *key_cert = NULL;
|
||||||
|
|
||||||
static Eina_Bool move_to_cwd = EINA_FALSE;
|
static Eina_Bool move_to_cwd = EINA_FALSE;
|
||||||
static Eina_Bool install_bin = EINA_FALSE;
|
static Eina_Bool install_bin = EINA_FALSE;
|
||||||
|
@ -153,6 +157,8 @@ main(int argc, char **argv)
|
||||||
" bin\n"
|
" bin\n"
|
||||||
" check\n"
|
" check\n"
|
||||||
" src\n"
|
" src\n"
|
||||||
|
" newkey\n"
|
||||||
|
" verify FILE\n"
|
||||||
" extract FILE\n"
|
" extract FILE\n"
|
||||||
" inst FILE\n"
|
" inst FILE\n"
|
||||||
" rm PKGNAME\n"
|
" rm PKGNAME\n"
|
||||||
|
@ -175,6 +181,13 @@ main(int argc, char **argv)
|
||||||
os = mrk_os_get();
|
os = mrk_os_get();
|
||||||
arch = mrk_arch_get();
|
arch = mrk_arch_get();
|
||||||
|
|
||||||
|
snprintf(key_priv_buf, sizeof(key_priv_buf),
|
||||||
|
"%s/.marrakesh/keys/default-priv.pem", getenv("HOME"));
|
||||||
|
snprintf(key_cert_buf, sizeof(key_cert_buf),
|
||||||
|
"%s/.marrakesh/keys/default-cert.pem", getenv("HOME"));
|
||||||
|
key_priv = key_priv_buf;
|
||||||
|
key_cert = key_cert_buf;
|
||||||
|
|
||||||
if (getenv("MRKHOST")) server_host = getenv("MRKHOST");
|
if (getenv("MRKHOST")) server_host = getenv("MRKHOST");
|
||||||
if (getenv("MRKPORT")) server_port = atoi(getenv("MRKPORT"));
|
if (getenv("MRKPORT")) server_port = atoi(getenv("MRKPORT"));
|
||||||
if (getenv("MRKARCH")) arch = getenv("MRKARCH");
|
if (getenv("MRKARCH")) arch = getenv("MRKARCH");
|
||||||
|
@ -182,6 +195,8 @@ main(int argc, char **argv)
|
||||||
if (getenv("MRKDIR")) build_tmpdir = getenv("MRKDIR");
|
if (getenv("MRKDIR")) build_tmpdir = getenv("MRKDIR");
|
||||||
if (getenv("MRKCHKDIR")) build_chkdir = getenv("MRKCHKDIR");
|
if (getenv("MRKCHKDIR")) build_chkdir = getenv("MRKCHKDIR");
|
||||||
if (getenv("MRKOBJDIR")) build_objdir = getenv("MRKOBJDIR");
|
if (getenv("MRKOBJDIR")) build_objdir = getenv("MRKOBJDIR");
|
||||||
|
if (getenv("MRKKEY")) key_priv = getenv("MRKKEY");
|
||||||
|
if (getenv("MRKCERT")) key_cert = getenv("MRKCERT");
|
||||||
|
|
||||||
if (!strcmp(argv[1], "build"))
|
if (!strcmp(argv[1], "build"))
|
||||||
{
|
{
|
||||||
|
@ -200,13 +215,39 @@ main(int argc, char **argv)
|
||||||
ecore_file_recursive_rm(build_chkdir);
|
ecore_file_recursive_rm(build_chkdir);
|
||||||
ecore_file_recursive_rm(build_objdir);
|
ecore_file_recursive_rm(build_objdir);
|
||||||
}
|
}
|
||||||
|
else if (!strcmp(argv[1], "newkey"))
|
||||||
|
{
|
||||||
|
char tmp[4096];
|
||||||
|
|
||||||
|
snprintf(tmp, sizeof(tmp), "%s/.marrakesh/keys", getenv("HOME"));
|
||||||
|
ecore_file_mkpath(tmp);
|
||||||
|
snprintf(tmp, sizeof(tmp),
|
||||||
|
"openssl genrsa -out "
|
||||||
|
"%s/.marrakesh/keys/default-priv.pem "
|
||||||
|
"4096"
|
||||||
|
,
|
||||||
|
getenv("HOME"));
|
||||||
|
system(tmp);
|
||||||
|
snprintf(tmp, sizeof(tmp),
|
||||||
|
"openssl req "
|
||||||
|
"-x509 -new "
|
||||||
|
"-key %s/.marrakesh/keys/default-priv.pem "
|
||||||
|
"-out %s/.marrakesh/keys/default-cert.pem "
|
||||||
|
"-days 999999 "
|
||||||
|
"-subj /prompt=no"
|
||||||
|
,
|
||||||
|
getenv("HOME"),
|
||||||
|
getenv("HOME"));
|
||||||
|
system(tmp);
|
||||||
|
}
|
||||||
else if (!strcmp(argv[1], "src"))
|
else if (!strcmp(argv[1], "src"))
|
||||||
{
|
{
|
||||||
char tmp[4096];
|
char tmp[4096];
|
||||||
Mrk_Build *bld = mrk_build_load("Marrakesh.mrk");
|
Mrk_Build *bld = mrk_build_load("Marrakesh.mrk");
|
||||||
if (!bld) _mrk_err("Failed to load Marrakesh.mrk\n");
|
if (!bld) _mrk_err("Failed to load Marrakesh.mrk\n");
|
||||||
snprintf(tmp, sizeof(tmp), "%s-%s.mks", bld->name, bld->version);
|
snprintf(tmp, sizeof(tmp), "%s-%s.mks", bld->name, bld->version);
|
||||||
if (!mrk_build_package_src(bld, "Marrakesh.mrk", tmp))
|
if (!mrk_build_package_src(bld, "Marrakesh.mrk", tmp,
|
||||||
|
key_cert, key_priv))
|
||||||
{
|
{
|
||||||
mrk_build_free(bld);
|
mrk_build_free(bld);
|
||||||
_mrk_err("Failed to package up source\n");
|
_mrk_err("Failed to package up source\n");
|
||||||
|
@ -220,13 +261,20 @@ main(int argc, char **argv)
|
||||||
if (!bld) _mrk_err("Failed to load Marrakesh.mrk\n");
|
if (!bld) _mrk_err("Failed to load Marrakesh.mrk\n");
|
||||||
snprintf(tmp, sizeof(tmp), "%s-%s.mkb", bld->name, bld->version);
|
snprintf(tmp, sizeof(tmp), "%s-%s.mkb", bld->name, bld->version);
|
||||||
if (!ecore_file_exists(build_tmpdir)) _mrk_err("No build dir!\n");
|
if (!ecore_file_exists(build_tmpdir)) _mrk_err("No build dir!\n");
|
||||||
if (!mrk_build_package_bin(bld, tmp, build_tmpdir, os, arch))
|
if (!mrk_build_package_bin(bld, tmp, build_tmpdir, os, arch,
|
||||||
|
key_cert, key_priv))
|
||||||
{
|
{
|
||||||
mrk_build_free(bld);
|
mrk_build_free(bld);
|
||||||
_mrk_err("Failed to package up binary\n");
|
_mrk_err("Failed to package up binary\n");
|
||||||
}
|
}
|
||||||
mrk_build_free(bld);
|
mrk_build_free(bld);
|
||||||
}
|
}
|
||||||
|
else if (!strcmp(argv[1], "verify"))
|
||||||
|
{
|
||||||
|
if (argc < 2) _mrk_err("Must provide FILE.MK[SB]\n");
|
||||||
|
if (!mrk_package_verify(argv[2], key_cert)) _mrk_err("Failed to verify\n");
|
||||||
|
printf("OK\n");
|
||||||
|
}
|
||||||
else if (!strcmp(argv[1], "extract"))
|
else if (!strcmp(argv[1], "extract"))
|
||||||
{
|
{
|
||||||
if (argc < 2) _mrk_err("Must provide FILE.MKS\n");
|
if (argc < 2) _mrk_err("Must provide FILE.MKS\n");
|
||||||
|
@ -267,13 +315,15 @@ main(int argc, char **argv)
|
||||||
_mrk_err("Failed to build Marrakesh.mrk\n");
|
_mrk_err("Failed to build Marrakesh.mrk\n");
|
||||||
}
|
}
|
||||||
snprintf(tmp, sizeof(tmp), "%s-%s.mks", bld->name, bld->version);
|
snprintf(tmp, sizeof(tmp), "%s-%s.mks", bld->name, bld->version);
|
||||||
if (!mrk_build_package_src(bld, "Marrakesh.mrk", tmp))
|
if (!mrk_build_package_src(bld, "Marrakesh.mrk", tmp,
|
||||||
|
key_cert, key_priv))
|
||||||
{
|
{
|
||||||
mrk_build_free(bld);
|
mrk_build_free(bld);
|
||||||
_mrk_err("Failed to package up source\n");
|
_mrk_err("Failed to package up source\n");
|
||||||
}
|
}
|
||||||
snprintf(tmp, sizeof(tmp), "%s-%s.mkb", bld->name, bld->version);
|
snprintf(tmp, sizeof(tmp), "%s-%s.mkb", bld->name, bld->version);
|
||||||
if (!mrk_build_package_bin(bld, tmp, build_tmpdir, os, arch))
|
if (!mrk_build_package_bin(bld, tmp, build_tmpdir, os, arch,
|
||||||
|
key_cert, key_priv))
|
||||||
{
|
{
|
||||||
mrk_build_free(bld);
|
mrk_build_free(bld);
|
||||||
_mrk_err("Failed to package up binary\n");
|
_mrk_err("Failed to package up binary\n");
|
||||||
|
@ -339,7 +389,8 @@ main(int argc, char **argv)
|
||||||
Mrk_Build *bld = mrk_build_load("Marrakesh.mrk");
|
Mrk_Build *bld = mrk_build_load("Marrakesh.mrk");
|
||||||
if (!bld) _mrk_err("Failed to load Marrakesh.mrk\n");
|
if (!bld) _mrk_err("Failed to load Marrakesh.mrk\n");
|
||||||
snprintf(tmp, sizeof(tmp), "%s-%s.mks", bld->name, bld->version);
|
snprintf(tmp, sizeof(tmp), "%s-%s.mks", bld->name, bld->version);
|
||||||
if (!mrk_build_package_src(bld, "Marrakesh.mrk", tmp))
|
if (!mrk_build_package_src(bld, "Marrakesh.mrk", tmp,
|
||||||
|
key_cert, key_priv))
|
||||||
{
|
{
|
||||||
mrk_build_free(bld);
|
mrk_build_free(bld);
|
||||||
_mrk_err("Failed to package up source\n");
|
_mrk_err("Failed to package up source\n");
|
||||||
|
|
5
mrklib.h
5
mrklib.h
|
@ -129,11 +129,12 @@ struct _Mrk_Build
|
||||||
EAPI Mrk_Build *mrk_build_load(const char *file);
|
EAPI Mrk_Build *mrk_build_load(const char *file);
|
||||||
EAPI void mrk_build_free(Mrk_Build *bld);
|
EAPI void mrk_build_free(Mrk_Build *bld);
|
||||||
EAPI Eina_Bool mrk_build_do(Mrk_Build *bld, const char *tmpd, const char *objd);
|
EAPI Eina_Bool mrk_build_do(Mrk_Build *bld, const char *tmpd, const char *objd);
|
||||||
EAPI Eina_Bool mrk_build_package_bin(Mrk_Build *bld, const char *file, const char *tmpd, const char *os, const char *arch);
|
EAPI Eina_Bool mrk_build_package_bin(Mrk_Build *bld, const char *file, const char *tmpd, const char *os, const char *arch, const char *key_cert_file, const char *key_priv_file);
|
||||||
EAPI Eina_Bool mrk_build_package_src(Mrk_Build *bld, const char *buildfile, const char *file);
|
EAPI Eina_Bool mrk_build_package_src(Mrk_Build *bld, const char *buildfile, const char *file, const char *key_cert_file, const char *key_priv_file);
|
||||||
|
|
||||||
EAPI Eina_Bool mrk_package_src_extract(const char *file, const char *dst);
|
EAPI Eina_Bool mrk_package_src_extract(const char *file, const char *dst);
|
||||||
EAPI Eina_Bool mrk_package_bin_clean(void);
|
EAPI Eina_Bool mrk_package_bin_clean(void);
|
||||||
|
EAPI Eina_Bool mrk_package_verify(const char *file, const char *key_cert_file);
|
||||||
EAPI Eina_Bool mrk_package_bin_install(const char *file, const char *os, const char *arch);
|
EAPI Eina_Bool mrk_package_bin_install(const char *file, const char *os, const char *arch);
|
||||||
EAPI Eina_Bool mrk_package_bin_remove(const char *name);
|
EAPI Eina_Bool mrk_package_bin_remove(const char *name);
|
||||||
|
|
||||||
|
|
|
@ -798,14 +798,16 @@ package_bin_iter(Eet_File *ef, const char *dir, const char *key)
|
||||||
}
|
}
|
||||||
|
|
||||||
EAPI Eina_Bool
|
EAPI Eina_Bool
|
||||||
mrk_build_package_bin(Mrk_Build *bld, const char *file, const char *tmpd, const char *os, const char *arch)
|
mrk_build_package_bin(Mrk_Build *bld, const char *file, const char *tmpd, const char *os, const char *arch, const char *key_cert_file, const char *key_priv_file)
|
||||||
{
|
{
|
||||||
Eet_File *ef;
|
Eet_File *ef;
|
||||||
|
Eet_Key *key;
|
||||||
char tmp[4096];
|
char tmp[4096];
|
||||||
Eina_List *l;
|
Eina_List *l;
|
||||||
char *s;
|
char *s;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
|
#define err(reason) do { fprintf(stderr, "%s\n", reason); goto error; } while (0)
|
||||||
ef = eet_open(file, EET_FILE_MODE_WRITE);
|
ef = eet_open(file, EET_FILE_MODE_WRITE);
|
||||||
if (ef)
|
if (ef)
|
||||||
{
|
{
|
||||||
|
@ -836,14 +838,22 @@ mrk_build_package_bin(Mrk_Build *bld, const char *file, const char *tmpd, const
|
||||||
WRTS(tmp, s);
|
WRTS(tmp, s);
|
||||||
}
|
}
|
||||||
package_bin_iter(ef, tmpd, "bin/f");
|
package_bin_iter(ef, tmpd, "bin/f");
|
||||||
|
|
||||||
|
key = eet_identity_open(key_cert_file, key_priv_file, NULL);
|
||||||
|
if (!key) err("can't open prive + certificate key files");
|
||||||
|
eet_identity_set(ef, key);
|
||||||
|
eet_identity_close(key);
|
||||||
eet_close(ef);
|
eet_close(ef);
|
||||||
return EINA_TRUE;
|
return EINA_TRUE;
|
||||||
}
|
}
|
||||||
|
#undef err
|
||||||
|
error:
|
||||||
|
if (ef) eet_close(ef);
|
||||||
return EINA_FALSE;
|
return EINA_FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
EAPI Eina_Bool
|
EAPI Eina_Bool
|
||||||
mrk_build_package_src(Mrk_Build *bld, const char *buildfile, const char *file)
|
mrk_build_package_src(Mrk_Build *bld, const char *buildfile, const char *file, const char *key_cert_file, const char *key_priv_file)
|
||||||
{
|
{
|
||||||
Eet_File *ef;
|
Eet_File *ef;
|
||||||
char tmp[4096];
|
char tmp[4096];
|
||||||
|
@ -854,6 +864,7 @@ mrk_build_package_src(Mrk_Build *bld, const char *buildfile, const char *file)
|
||||||
if (ef)
|
if (ef)
|
||||||
{
|
{
|
||||||
Eina_File *enf;
|
Eina_File *enf;
|
||||||
|
Eet_Key *key;
|
||||||
Eina_List *l, *ll;
|
Eina_List *l, *ll;
|
||||||
void *mem;
|
void *mem;
|
||||||
size_t size;
|
size_t size;
|
||||||
|
@ -903,6 +914,10 @@ mrk_build_package_src(Mrk_Build *bld, const char *buildfile, const char *file)
|
||||||
snprintf(tmp, sizeof(tmp), "src/%s", data->src);
|
snprintf(tmp, sizeof(tmp), "src/%s", data->src);
|
||||||
package_file(ef, data->src, tmp);
|
package_file(ef, data->src, tmp);
|
||||||
}
|
}
|
||||||
|
key = eet_identity_open(key_cert_file, key_priv_file, NULL);
|
||||||
|
if (!key) err("can't open prive + certificate key files");
|
||||||
|
eet_identity_set(ef, key);
|
||||||
|
eet_identity_close(key);
|
||||||
eet_close(ef);
|
eet_close(ef);
|
||||||
return EINA_TRUE;
|
return EINA_TRUE;
|
||||||
}
|
}
|
||||||
|
|
|
@ -155,6 +155,19 @@ mrk_package_bin_clean(void)
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
EAPI Eina_Bool
|
||||||
|
mrk_package_verify(const char *file, const char *key_cert_file)
|
||||||
|
{
|
||||||
|
Eet_File *ef;
|
||||||
|
Eina_Bool ok = EINA_FALSE;
|
||||||
|
|
||||||
|
ef = eet_open(file, EET_FILE_MODE_READ);
|
||||||
|
if (!ef) return EINA_FALSE;
|
||||||
|
if (eet_identity_verify(ef, key_cert_file)) ok = EINA_TRUE;
|
||||||
|
eet_close(ef);
|
||||||
|
return ok;
|
||||||
|
}
|
||||||
|
|
||||||
EAPI Eina_Bool
|
EAPI Eina_Bool
|
||||||
mrk_package_bin_install(const char *file, const char *os, const char *arch)
|
mrk_package_bin_install(const char *file, const char *os, const char *arch)
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue