Check-in [90d6512a4d]
Not logged in
Home Help Timeline Files Branches Tags Forum Tickets Wiki More... Login
Overview
Comment:Fix PGP signature checking.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | pkgdSelfUpdate
Files: files | file ages | folders
SHA1: 90d6512a4d1c5829ae84c109a557732fd92f836d
User & Date: mistachkin on 2016-08-19 19:56:25
Other Links: branch diff | manifest | tags
Context
2016-08-19
19:59
Fix some comments. check-in: ff701ef80a user: mistachkin tags: pkgdSelfUpdate
19:56
Fix PGP signature checking. check-in: 90d6512a4d user: mistachkin tags: pkgdSelfUpdate
19:37
When downloading for a self-update, overwrite existing files. check-in: 09a7063c6e user: mistachkin tags: pkgdSelfUpdate
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Modified client/1.0/pkgd.eagle from [a49ff45f93] to [297a91d7bb]. 

97
98
99
100
101
102
103
104


105
106

107
108
109
110
111
112
113
114

115
116
117
118
119
120
121
122
123
124
125
126
127


128
129

130
131
132
133
134
135
136
137

138
139
140
141
142
143
144

97
98
99
100
101
102
103

104
105
106

107
108
109
110
111
112
113
114

115
116
117
118
119
120
121
122
123
124
125
126
127

128
129
130

131
132
133
134
135
136
137
138

139
140
141
142
143
144
145
146








-
+
+

-
+







-
+












-
+
+

-
+







-
+








    #
    return [file join [file dirname [info library]] pkgd]
  }

  #
  # NOTE: This procedure returns non-zero if the specified file seems to be
  #       an OpenPGP signature file.  The fileName argument is the name of
  #       the file to check, which may or may not exist.
  #       the file to check, which may or may not exist.  The nameOnly
  #       argument should be non-zero to ignore the contents of the file.
  #
  proc isPgpSignatureFileName { fileName } {
  proc isPgpSignatureFileName { fileName nameOnly } {
    if {[string length $fileName] == 0} then {
      return false
    }

    set extension [file extension $fileName]

    if {$extension eq ".asc"} then {
      if {[file exists $fileName]} then {
      if {!$nameOnly && [file exists $fileName]} then {
        return [::PackageRepository::isPgpSignature [readFile $fileName]]
      } else {
        return true
      }
    } else {
      return false
    }
  }

  #
  # NOTE: This procedure returns non-zero if the specified file seems to be
  #       a Harpy script certificate file.  The fileName argument is the name
  #       of the file to check, which may or may not exist.
  #       of the file to check, which may or may not exist.  The nameOnly
  #       argument should be non-zero to ignore the contents of the file.
  #
  proc isHarpyCertificateFileName { fileName } {
  proc isHarpyCertificateFileName { fileName nameOnly } {
    if {[string length $fileName] == 0} then {
      return false
    }

    set extension [file extension $fileName]

    if {$extension eq ".harpy"} then {
      if {[file exists $fileName]} then {
      if {!$nameOnly && [file exists $fileName]} then {
        return [::PackageRepository::isHarpyCertificate [readFile $fileName]]
      } else {
        return true
      }
    } else {
      return false
    }

233
234
235
236
237
238
239
240

241
242
243
244
245
246
247

235
236
237
238
239
240
241

242
243
244
245
246
247
248
249








-
+








          [::PackageRepository::getFileViaHttp $uri 10 stdout $quiet]
    }

    #
    # NOTE: Is use of OpenPGP for signature verification enabled?  Also,
    #       did we just download an OpenPGP signature file?
    #
    if {$usePgp && [isPgpSignatureFileName $localFileName]} then {
    if {$usePgp && [isPgpSignatureFileName $localFileName true]} then {
      #
      # NOTE: Attempt to verify the OpenPGP signature.  If this fails,
      #       an error is raised.
      #
      if {![::PackageRepository::verifyPgpSignature $localFileName]} then {
        error [appendArgs \
            "bad PGP signature \"" $localFileName \"]

339
340
341
342
343
344
345
346

347
348
349
350
351
352
353

341
342
343
344
345
346
347

348
349
350
351
352
353
354
355








-
+









      file mkdir [file dirname $downloadFileName]
      downloadOneFile $language $version $fileName $downloadFileName $usePgp

      lappend downloadedFileNames [list \
          $fileNameOnly $directory(temporary) $directory(persistent)]

      if {$usePgp && ![isPgpSignatureFileName $downloadFileName]} then {
      if {$usePgp && ![isPgpSignatureFileName $downloadFileName true]} then {
        downloadOneFile $language $version [appendArgs $fileName .asc] \
            [appendArgs $downloadFileName .asc] $usePgp

        lappend downloadedFileNames [list \
            [appendArgs $fileNameOnly .asc] $directory(temporary) \
            $directory(persistent)]
      }

Modified client/1.0/pkgd.eagle.harpy from [f0f033a03d] to [4ccc75c948]. 

17
18
19
20
21
22
23
24

25
26
27

28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48


















49
50

17
18
19
20
21
22
23

24
25
26

27
28
29
30


















31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50








-
+


-
+



-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+



    THE ASSOCIATED SOFTWARE MAY NOT WORK PROPERLY IF THIS FILE IS ALTERED.
-->
<Certificate xmlns="https://eagle.to/2011/harpy"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <Protocol>None</Protocol>
  <Vendor>Mistachkin Systems</Vendor>
  <Id>492aa58d-5e9f-40fd-b909-c8a2a65e7036</Id>
  <Id>773aaed9-81ab-4f37-a8b5-33385149bc2e</Id>
  <HashAlgorithm>SHA512</HashAlgorithm>
  <EntityType>Script</EntityType>
  <TimeStamp>2016-08-19T19:36:49.2881328Z</TimeStamp>
  <TimeStamp>2016-08-19T19:54:13.8457500Z</TimeStamp>
  <Duration>-1.00:00:00</Duration>
  <Key>0x2c322765603b5278</Key>
  <Signature>
    G1u9v+sER+oO/8hWG7so9m2yZ8upWl+JB6/Dw60K7KnCY1e8Jgm8Y+G2zT8NA+uVQploGAUaGq/f
    jgE6i29kHY0D0vzcciduULqK5XayNLE5jk7K73xhFpiYT0PW8pjlGmkYR/ka2xD3fYyuO/4PMRVf
    3iydSkqX+BEmT7QVsH/lRdViNyDZl4sOKE63wUI7OtCAjqyD47c/wUeYZahFJ3EgIPEvJMj6ERpr
    Q0thDUaYbtnHcln1imjELHivpZxWfXe7ZMm0tOFEBPnYt8AeP5PzfIgRuXlmpECj94BSzKRycSS/
    cw7f0YAKyxfsaqthMq43GBIqqHda5I1+3mc0A5PHrCTj3Hf7mYDelzZqkYUGtbXhuU0PF1G0R4dl
    +ElPholGd5AnyApmk3cWCAWsrsNzpCChfCW/nqT3z298b8UQO6ddk8hyy0F64eCbD1zQq59v5406
    4gVY6NHYGjUNXFU06WG2ASZilwpK6CSLTjLU67ozsgUgHvTbDkPzuzXqxHOhWEbLFSYeC3xvNijK
    uK0xsbIi64Tyt2/IVRA9bljE5nNT1h+niEkIYm7cGPsApVfVCqrSKok+qvggxmhWvUC3ZfObDazX
    cB82Ody0GKgtZz8vQd+GLZ3iFUs181vjD8rH+JxRyu/5Covuz4syPvoP2PW4+GeOMoIBVXX3XokW
    TVbrlqlqLqi+h1GCJIgbFHBIRgVxmFlYPAhqhIv+o17Wo/yKu/Jh2522WmmrP+NI2xDJYsQp88Mg
    kgSITeEWT2/4P8Kf3Z5ZgXFfNhAxijOddlU6ApmFKDElyWjznmHrSbxdVuwIqNI65XYrOwoEZKvF
    0KfXaEqbfcHuokMtz89+D+1g4C3LzDIi11MAifG6XUskpHtfyW9/pJhNW2SLwucaGjUt2jjyEStQ
    2++jtLk4xg5L6Emki3nNZXU0uC923U6ZnHzqBKzqmnYlF1REY/mQ/NUlpBG4bcBZkIrG/0+6Qbl0
    YUwfr75a+qMkW/68epo8M5xITf0AwzpD5l5mj/twZ4qqdcKtPindLJWJkEZctLXIHT6EXCLe7F9I
    An61MT0sKO874FfoeoylAIYzGiVr9eextmYa7L91ztb0kJSifjp6RDiQ/QKMDujQB/3JUXCmI6wu
    rI2UCSZVDR/cFTwVu+RTBDT1NDoIyN0X8ut6RF8jMFzUWSMU3R/KOA6yl9jjzJvGr+tNsQaQ5zhy
    03JRl2/FUjNOgc/Q3Hv2Wuzd3Od5WhV2bG1E1OAhT22gsngEV1y76biEVIUF/iGRvQQqDdqqbHZp
    DPzHuGEJZbTOY8BvXpYbf4qJuTMMK//PLn7SFm3XIVLumiL/9FaaP8P18MADRl1iTofra8w4QA==
    GjifLJYB15cz+FqY+13kygilEvtDo4pfbdUMKgHMu60tmw39hV0EL7kG6Bke+/oVw0RUzfY2vCl4
    f5ChSrG3+2TI31oqM9XAvCr29/XFE/p1hR410m+9mdOCpXavxh2bN5bRhJ0SxrKA4TcK6CumbIdQ
    27+RRYZyyxelv8oQ4KRuMOc3u0UdznLpe7yNEvp9W6aOE6y0iS66euuOw7ZRpPilwSJOs+sVgYXM
    847NCjheDbx/qR5UXGlzPWUbhIBvlyXMslte7sPm+t42hblwkAGuAC8Vd2sG6HANLDtpDw+arn5A
    2TyqqhWYbnaD9MXxKc7aQs9OnTJJGtagqob43fmNJ1surMwxR2oI/nvK/QswCJCAgyGFmTmgHR0v
    MqfOsCe/PmI0VXTQFaLzkDvH5JmFZG7ePNqmrOYqaAhywl91t427buCAFcN6s3GzXX+ydbtL3SeF
    nlcb/pObhReo//YvLSm7/PTR5xicScSAZWBRCGtmZ+9gllGqDYHnUHh4edNLZc2o6Zwm3nUz7Rg1
    wOuND8G9M/kX6X8s5VbUSlMUXReAJpITe88l+oCFqxybxGaVZyRcNibzRiKHuosJWnTJ3yhPlOhW
    qusxkvPlihE3H6hoBk1tocSPmcKL0NKSchjrL15bKTMGvCZpzJuaoeZlHWpdKol9Nu1Cz7NT/MEM
    tWwVbb8C2zNmVAf9TN8jI2HEJ0V9LlWQ6ShbJwveRHLVsnLqEFrfQ76z5IGnxI5uEZRtid8djMwF
    3vUnzZ8SIzqZJWmzD9zR2MPfUz2uEa7V+S6Y/UtlV6G6Gv9T0hDzyZX9I0pVt/l7GhXz0TYaN/bV
    NpI8E8ZIlrIEORFcqWcHJMLIGfCa8xXrDkPz8b9rohZA61Q9XVKrihChjgIbvvx8YzhU0OAt4kZ8
    OzoK09L9SnReHcPd94c91/NLcGx5BR0aLQ3A/LOKdXY0jN+sY9s32oLGD/AIVAvpCSsUclX27Vb1
    AKS+vN71W2XfYb7I8MU5mk3DzZMHmOSYVYAmr7GYLPo8Hnm4M/AR/+V9GS88YSf/EQf57BxfHsNn
    lzqyLCpuVX5k2V0NMmpciXTtLcXhsxBBBZh3veMM30u8dWja5xm6H0KLTAhdsGz2y4RtgUbtRxVN
    mwGitz7oUKFAf8HhLViOUDzx3uJSZhPNd+BNyBGvrwpHOmLToMhqBvEhSCBsfhBFiB9oBdJ6BTEB
    v6ORKk5b28fB9wa5zdNcg8YOoanMopjSCYgDFYUhu96qqRVd7qZjuSvgknfCpnQjhbiq6s+Lz+rX
    iIRB2UhDfkZpA1UewH7B2C+EAP+eqKsbgsfsAunH60FRfCGVOFvFIqA3yQ1KEePsBCD8+LHyxg==
  </Signature>
</Certificate>

Modified client/1.0/pkgr.eagle from [ece670d676] to [25667f2c0a]. 

95
96
97
98
99
100
101
102



103
104

105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120

121
122
123
124
125
126
127

95
96
97
98
99
100
101

102
103
104
105

106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121

122
123
124
125
126
127
128
129








-
+
+
+

-
+















-
+








  #
  # NOTE: This procedure returns non-zero if the specified string value
  #       looks like a Harpy (script) certificate.  The value argument
  #       is the string to check.
  #
  # <public>
  proc isHarpyCertificate { value } {
    if {[string length $value] == 0 || [string first [string trim {
    if {[string length $value] == 0 || ([string first [string trim {
      <?xml version="1.0" encoding="utf-8"?>
    }] $value] == 0 && [string first [string trim {
      <Certificate xmlns="https://eagle.to/2011/harpy"
    }] $value] != -1} then {
    }] $value] != -1)} then {
      return true
    } else {
      return false
    }
  }

  #
  # NOTE: This procedure returns non-zero if the specified string value
  #       looks like a PGP signature.  The value argument is the string
  #       to check.
  #
  # <public>
  proc isPgpSignature { value } {
    if {[string length $value] == 0 || [string first [string trim {
      -----BEGIN PGP SIGNATURE-----
    }] $value] != -1} then {
    }] $value] == 0} then {
      return true
    } else {
      return false
    }
  }

  #

Modified client/1.0/pkgr.eagle.harpy from [041e568d84] to [a401a14e54]. 

17
18
19
20
21
22
23
24

25
26
27

28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48


















49
50

17
18
19
20
21
22
23

24
25
26

27
28
29
30


















31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50








-
+


-
+



-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+



    THE ASSOCIATED SOFTWARE MAY NOT WORK PROPERLY IF THIS FILE IS ALTERED.
-->
<Certificate xmlns="https://eagle.to/2011/harpy"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <Protocol>None</Protocol>
  <Vendor>Mistachkin Systems</Vendor>
  <Id>c8d855d3-dc6c-4ff7-b559-6920bdc2c9ef</Id>
  <Id>f958f841-28ec-493a-9f30-fc7c5ec9e126</Id>
  <HashAlgorithm>SHA512</HashAlgorithm>
  <EntityType>Script</EntityType>
  <TimeStamp>2016-08-19T19:13:22.5840312Z</TimeStamp>
  <TimeStamp>2016-08-19T19:55:14.6953594Z</TimeStamp>
  <Duration>-1.00:00:00</Duration>
  <Key>0x2c322765603b5278</Key>
  <Signature>
    JBC1xWLd8MNtAHcCpSmqGSmJHhqY2uwe0jbBGKS7vFoYEPueeYGUyLgp2ZUxjJj2jhMxAlkUd/zX
    mLpjzG3YNHCBRxPL1OvkOgn7Oi1bqz9QgJCUimh8vQkq0iGY9lL5GLdmcaBoRwJz1hbFlGhXv5LK
    TrwqAlJQ1Lzb7VZDgRmQpkjq//0m/4rTczf6uvihdKoV2bJRcrCxh6zTtdbbbfJNPMZy+4elb8I3
    xP0EVoI9L1vB/XUGKLPLpD1hI2vDJVoa5RoM2W4FQZyAu7w/gXpno8I1rkhKoiICku9zlMsAfLmR
    PQm2YNn284KKuCjm/UzNzFQw4TrHH8EJY+utqeQ45ZRhfTk+inSSsnkSqhwxzB1EDkdUL4vcTndI
    idOw4ElrG32vDRvA2JPiIezKANn0InpXRFpICcTPIyqLXGlu62PDBBdyQWsIH8ZCFVaJUSNbh9yk
    gzGWBzYcqVqBGOT4YHe/9vdB5uJeqNS7LbGgcC88VPgaG2rnzTmzK6OXCi4dXDFIc7b43XFAeQLy
    G2OGbzz9HS4OvoWvhX2ZVm3rFgPsVdatWIaYQBEsaHY1GDn0Caf4Xe0zbjsn0s24awumSDfrM2kQ
    gke7GLCYyNQti7ydQpHH3ac8EBGj8t7SCgiP3K5yMsKkeTQUvPo/Az/90aNuZ9W6JSOxQAVZ7BDB
    YX5iW15HrWsoR/Uxs+4IUaSB6X/Af2HaJvBGF6EUbqszvehGcd+cFrcU05OQZDQYT2D3rq/ZZYE9
    YMQms6GOKxcHDsoSqM5Z8Q9gH5l1+i/YC5r0yQu/KkakxeAztMmVzl4QttojbInyXQXUj7XOreDA
    1dpE+k/eyjgh+SveAjltsrc7m020eMKKZUgPJmo47CXsZvqknF6exATQ8NWC3d03PcOVqkCk1oK1
    c0QnkH8DddSEUvjLBKTlzUlTVB8Z1GWT/5APOqEgs5BBCvKtLtB7M6PhM9qb+ax5N+mslhEKkMIE
    F4CAul92Zcl62SIw1J+QZPxC3ZW01OrF8OtEQGMMC2TTISBMqkweGhm/aI+QnoEv6686590bvs6G
    iTkjvEYodSqZQtSlZIkddWPF7wgqhcO7mtxAR711yQpQywItJYMOmeBVwTykQ75/LAOfaHI6evPo
    GrxIlt+UfeE57Lb6y/luVdbXNMlovLe4n2XYymD62B/GubjHfj67j/qGPTO8EWVn3gUWwFBXpILn
    3cFqVvH3p3HeMGK/5gGbMafi9fGsqqcugpWrH66PLBCn7VHhiKNa20IOxwiWrx3w5VM1s0Otqcug
    QstW9/mOw1qMLcZh/+mOKhB5XMbF50bapmbZ2SSA+/E3U9j335nekmXIS6OESOVQtbIXb9kqOw==
    EOkrzoac4RZFR8mw+Y41atTlsnQaJF1UTJm/73gRZ3xLZonAIAe7oJWHNW9+OdWTv07fmq4OnVkP
    RhhwffZ9p0d3dFSRTQfIByyeofHn5pLIFFSr3dejKJYJjIbXsaRapuKE2LTlowUKQ76V1ImA2uJL
    LDSDqVF3o9g8KmjYMYOC9710AvPboDNbA0aJcKl9oooLnVvVs1v0kXsh+fh+mMv11nShNDTZ7WcY
    mcDxFuOsfbphrdiwerE7rHeM2apHABtWrCkFrO+Liw45cPfQPqLThyW09BDXdwCI7T9EeHjv7IBZ
    PxNfwaA1P5SJxgTJlTn6h2FklmXglEDIkFzDidXp5IYxlm4aiDjIXUzv34TyWypouzLIyEf+CSKQ
    ieO4gmnu+PqHaQS0prGhR5KAjO70k2rH77H7Ai9XiX459MzdJlwd3G6lsWVgBbVqkRo69GYw6kXI
    Nw2YcobtoTswnF162IfemvlTtAxLsycWY+7sBEeRlQsLSP01PL4ifUVRCjPLayGPcbM69Jc9cTDM
    gMz0xwKK9cBTYsjtSxcwa1TnwuDVc6IiQnahJn0q5Nep3wokLqV8/ugokocISLt+BIo9++wesLJX
    w4VLR5vBd5URS/vek2gdppGPGCprNODaTtwHSL1MnTAB+lf0XOmRz84x+WXr5F5T2Atims77hVgp
    9y7G5KnT8nXF/DGjxNLn0+2+gwVGYeijFlm5bEhbjvV34cIVKMRxSyxEKU0e5xc2syendXFbWy+r
    rrVueBtGvoTDvZRuQthWI4ryHDEbzya0NFbnMkzH/ppszoIjnQf+2e3EzrI0tyG1dShFcbeZp3JN
    jNhBrGu0KlzNmZcJn7EWSgmY3d2wFHwI5vtQm5M0JmivqQWktlrwAuFiq+z9LtOX349lh7AqKx2i
    ut3Yz/XZhO7nDsIa2CsN5jdgsKahtebpVX2lcHnbGPR7xZwgy2LoDcN0SAgodxW8KPqlxLpWrv04
    gipXIZXALpuFe/w5LhIJHrbFqAeP+jIBoktwF9x02JRo/ziuj7a6LFFJ21lM4PB/RtP1JChaU8tL
    dYDOiUHkoEKB2W++RXmL2Iq9BPsZ3o7Za380f7Wro0PGxJRjnJTf5MUzkWFa7zQFCwBAqPLC0YME
    z58OH1U2imdnz79C3E9OLtCVdI09zVq0rKz7G8QoaqDU8GxlzvSTeftCv+c7UuM2mVzyhEVLoRR7
    LUNYsdnLW8mvg5Tn0W9syxUo4M8eZ/jOxs5MLbQNcbx6kap5nq+YfzreIeOKA62mUAn/dmCMlgWN
    Lhq2cYZdwzkNfsoXXAdU/J4uZKqqXFqQnpCiCPxexPrnA1BNHEkzjEj7t9vc9Mr62v5TvjdREA==
  </Signature>
</Certificate>

This page was generated in about 0.016s by Fossil version 2.20 Tcl version 8.6.12 [658547aa7c] 2022-10-09 01:11:55