Check-in [ff701ef80a]
Not logged in
Home Help Timeline Files Branches Tags Forum Tickets Wiki More... Login
Overview
Comment:Fix some comments.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | pkgdSelfUpdate
Files: files | file ages | folders
SHA1: ff701ef80aa4ccb83cd1a24e8154cb9be27c6e5c
User & Date: mistachkin on 2016-08-19 19:59:55
Other Links: branch diff | manifest | tags
Context
2016-08-19
20:03
Add OpenPGP signature files for all the Eagle Package Repository and Downloader Client files. Closed-Leaf check-in: 3012f43a77 user: mistachkin tags: pkgdSelfUpdate
19:59
Fix some comments. check-in: ff701ef80a user: mistachkin tags: pkgdSelfUpdate
19:56
Fix PGP signature checking. check-in: 90d6512a4d user: mistachkin tags: pkgdSelfUpdate
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Modified client/1.0/pkgd.eagle from [297a91d7bb] to [0810aba31e]. 

194
195
196
197
198
199
200
201

202
203
204
205
206
207
208

194
195
196
197
198
199
200

201
202
203
204
205
206
207
208








-
+








      error "unsupported language, no idea how to modify auto-path"
    }
  }

  #
  # NOTE: This procedure downloads a single file from the package file server,
  #       writing its contents to the specified local file name.  It can also
  #       verify the PGP signatures.  When a PGP signature file is
  #       verify the OpenPGP signatures.  When an OpenPGP signature file is
  #       downloaded, this procedure assumes the corresponding data file was
  #       already downloaded (i.e. since OpenPGP needs both to perform the
  #       signature checks).  The language argument must be one of the
  #       literal strings "eagle", "tcl", or "client".  The version argument
  #       must be one of the literal strings "8.4", "8.5", or "8.6" when the
  #       language is "tcl" -OR- the literal string "1.0" when the language
  #       is either "eagle" or "client".  The fileName argument is a file

Modified client/1.0/pkgd.eagle.harpy from [4ccc75c948] to [57f0328be3]. 

17
18
19
20
21
22
23
24

25
26
27

28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48


















49
50

17
18
19
20
21
22
23

24
25
26

27
28
29
30


















31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50








-
+


-
+



-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+



    THE ASSOCIATED SOFTWARE MAY NOT WORK PROPERLY IF THIS FILE IS ALTERED.
-->
<Certificate xmlns="https://eagle.to/2011/harpy"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <Protocol>None</Protocol>
  <Vendor>Mistachkin Systems</Vendor>
  <Id>773aaed9-81ab-4f37-a8b5-33385149bc2e</Id>
  <Id>35699df9-d62a-40d3-80c9-7605014c9539</Id>
  <HashAlgorithm>SHA512</HashAlgorithm>
  <EntityType>Script</EntityType>
  <TimeStamp>2016-08-19T19:54:13.8457500Z</TimeStamp>
  <TimeStamp>2016-08-19T19:59:41.5664531Z</TimeStamp>
  <Duration>-1.00:00:00</Duration>
  <Key>0x2c322765603b5278</Key>
  <Signature>
    GjifLJYB15cz+FqY+13kygilEvtDo4pfbdUMKgHMu60tmw39hV0EL7kG6Bke+/oVw0RUzfY2vCl4
    f5ChSrG3+2TI31oqM9XAvCr29/XFE/p1hR410m+9mdOCpXavxh2bN5bRhJ0SxrKA4TcK6CumbIdQ
    27+RRYZyyxelv8oQ4KRuMOc3u0UdznLpe7yNEvp9W6aOE6y0iS66euuOw7ZRpPilwSJOs+sVgYXM
    847NCjheDbx/qR5UXGlzPWUbhIBvlyXMslte7sPm+t42hblwkAGuAC8Vd2sG6HANLDtpDw+arn5A
    2TyqqhWYbnaD9MXxKc7aQs9OnTJJGtagqob43fmNJ1surMwxR2oI/nvK/QswCJCAgyGFmTmgHR0v
    MqfOsCe/PmI0VXTQFaLzkDvH5JmFZG7ePNqmrOYqaAhywl91t427buCAFcN6s3GzXX+ydbtL3SeF
    nlcb/pObhReo//YvLSm7/PTR5xicScSAZWBRCGtmZ+9gllGqDYHnUHh4edNLZc2o6Zwm3nUz7Rg1
    wOuND8G9M/kX6X8s5VbUSlMUXReAJpITe88l+oCFqxybxGaVZyRcNibzRiKHuosJWnTJ3yhPlOhW
    qusxkvPlihE3H6hoBk1tocSPmcKL0NKSchjrL15bKTMGvCZpzJuaoeZlHWpdKol9Nu1Cz7NT/MEM
    tWwVbb8C2zNmVAf9TN8jI2HEJ0V9LlWQ6ShbJwveRHLVsnLqEFrfQ76z5IGnxI5uEZRtid8djMwF
    3vUnzZ8SIzqZJWmzD9zR2MPfUz2uEa7V+S6Y/UtlV6G6Gv9T0hDzyZX9I0pVt/l7GhXz0TYaN/bV
    NpI8E8ZIlrIEORFcqWcHJMLIGfCa8xXrDkPz8b9rohZA61Q9XVKrihChjgIbvvx8YzhU0OAt4kZ8
    OzoK09L9SnReHcPd94c91/NLcGx5BR0aLQ3A/LOKdXY0jN+sY9s32oLGD/AIVAvpCSsUclX27Vb1
    AKS+vN71W2XfYb7I8MU5mk3DzZMHmOSYVYAmr7GYLPo8Hnm4M/AR/+V9GS88YSf/EQf57BxfHsNn
    lzqyLCpuVX5k2V0NMmpciXTtLcXhsxBBBZh3veMM30u8dWja5xm6H0KLTAhdsGz2y4RtgUbtRxVN
    mwGitz7oUKFAf8HhLViOUDzx3uJSZhPNd+BNyBGvrwpHOmLToMhqBvEhSCBsfhBFiB9oBdJ6BTEB
    v6ORKk5b28fB9wa5zdNcg8YOoanMopjSCYgDFYUhu96qqRVd7qZjuSvgknfCpnQjhbiq6s+Lz+rX
    iIRB2UhDfkZpA1UewH7B2C+EAP+eqKsbgsfsAunH60FRfCGVOFvFIqA3yQ1KEePsBCD8+LHyxg==
    Gyk9ywk4wQypqZ1oGWmLU36FnsQuf8IfiAQfAojXXMrx29IPt0u+l5z8ouyy7+HJQvvMuCz61Rzt
    P6VVL40mYVqrNcb/0vAaP1prJPdtjElUXM76I2gQ/gesRLBZYo4t9kqMSw8ywNCNxUGA3S9qi3s4
    e/+MwwuGn0Z5Mu1bebdR5YEdnWxmBHJUOz6VRk/4NodV4DXaL+qblqbfgqASi+nVtAf6aIeAvHiz
    15udngt/0SwY8wwnI7eHeB8qNBUUg8ZOaBfpZiUWEGmlUlJT1xQS9T/5B9Oi3jphAj221Mjr/WrU
    GpHF9h7OjVv5MSFTdvA6mtX6VvlaTTurXGti+YaeaLx2KpdxH98Qkf8EV2v9Fp6hOh7M/8bOIURq
    A67AFKYEfcxLQ32ynOKx357QFVs774R/j7Wr3FvQv1GiC5siXQMK4maKVxEwfUjE/cuxp2wl+gi9
    /azadXRGoRRiMwHaQ8GUI6rfpyzbc7YwVJJuTm14H1dN41s5G9lzNAH6uCaYwp8xC1GYNz/Rbg7H
    /0yfZZQMnx5uzK/CDksdGXymC4Ta0KxEV/edLy/cUhozyOWckW0tk+KcPmj/iuvOtwHEhS/yUF+C
    j+bIU0/qZks6EkoZjLG+Xj1LfGQd2C/HMMvGk/tF3/+zyl5LkpRPpYA3smCF2qrUPsJJvxgNPgVc
    ZhyBHWq61GPY/C81HE7K3DY7j5m6Z2qehh1hP49KYbB9+RhzBwluah0YdQqN+2/22nDsyvZZFeWI
    LBnUGJ7jwi+aUYWNAMxJ7G12GQNXMhkH0F8KISl0iYfSBzEPUYZ1FA/ZlI2DDdJpGaiESc0KMHgJ
    m6s9Uf5SZ4xVxJ7NZ/DZ7rasuJoqDWkmrnIYbxHJoFbIWS9cWKVgqHVUEjNq8A/sCTAZGT/0Ba4S
    HGX/EWhlh8pfsQleny5wKBHXMqZeQj5ELAjSsvrLM3yw9G/Y4FWBnA4T7VsoVsjHFMc0gvaDNB0b
    2NTgi92M+Z8Y7dg1GgieEi7vPwweHYDW/7myQ/q33XREEGJrc6qH0dHNvJ3bE30Gy3ioawLMVvWX
    MCkiogdtbbBS6vtuE8u27CARIz1PIUot01S9gTItpHfKnKJoSda0RdvUBVIoRSjGO97ikQEzeXZx
    DbGyaD2BHwJuT7MGa0lNJBavXx/sFj69tDCls5fl+RsBJ6DQbcXY7ZUA0zPHAb1icocykucYBvKV
    8Zfn7MLRO7Zq/xVZpjlEN1VsPx8OP1SDoB/Tyg8U6uHOxE2WL3/ZnunVi0UDmSu9ZWlRc3bplPCB
    4tRCB9dBinUgBT1EtDYE8kI8ChrpjunmHVhWCtgpJjFlzTAlb43VzA4az+nA6tPTOxIavjDqnw==
  </Signature>
</Certificate>

Modified client/1.0/pkgr.eagle from [25667f2c0a] to [5a0dd193f2]. 

108
109
110
111
112
113
114
115
116


117
118
119
120
121
122
123

108
109
110
111
112
113
114


115
116
117
118
119
120
121
122
123








-
-
+
+








    } else {
      return false
    }
  }

  #
  # NOTE: This procedure returns non-zero if the specified string value
  #       looks like a PGP signature.  The value argument is the string
  #       to check.
  #       looks like an OpenPGP signature.  The value argument is the
  #       string to check.
  #
  # <public>
  proc isPgpSignature { value } {
    if {[string length $value] == 0 || [string first [string trim {
      -----BEGIN PGP SIGNATURE-----
    }] $value] == 0} then {
      return true

170
171
172
173
174
175
176
177
178
179
180
181






182
183
184
185
186
187
188

170
171
172
173
174
175
176





177
178
179
180
181
182
183
184
185
186
187
188
189








-
-
-
-
-
+
+
+
+
+
+









        incr counter
      }
    }
  }

  #
  # NOTE: This procedure attempts to verify the PGP signature contained in
  #       the specified (named) file.  Non-zero is only returned if the PGP
  #       signature is verified successfully.  A script error should not be
  #       raised by this procedure.  The fileName argument must be the fully
  #       qualified path and file name of the PGP signature file to verify.
  # NOTE: This procedure attempts to verify the OpenPGP signature contained
  #       in the specified (named) file.  Non-zero is only returned if the
  #       OpenPGP signature is verified successfully.  A script error should
  #       not be raised by this procedure.  The fileName argument must be
  #       the fully qualified path and file name of the OpenPGP signature
  #       file to verify.
  #
  # <public>
  proc verifyPgpSignature { fileName } {
    variable pgpCommand

    if {[isEagle]} then {
      set fileName [appendArgs \" $fileName \"]

643
644
645
646
647
648
649
650
651


652
653
654
655
656
657
658

644
645
646
647
648
649
650


651
652
653
654
655
656
657
658
659








-
-
+
+









    return false
  }

  #
  # NOTE: This procedure uses the package lookup metadata.  If the package
  #       script is properly signed, an attempt will be made to evaluate it
  #       in the target language.  If the script was signed using PGP, then
  #       a conforming implementation of the OpenPGP specification (e.g.
  #       in the target language.  If the script was signed using OpenPGP,
  #       then a conforming implementation of the OpenPGP specification (e.g.
  #       gpg2) must be installed locally.  If the script was signed using
  #       Harpy then Garuda, Eagle, and Harpy must be installed locally.
  #       This procedure is designed to work for both native Tcl and Eagle
  #       packages.  Additionally, it is designed to work when evaluated
  #       using either native Tcl or Eagle; however, it is up to the package
  #       script itself to either add the package or provide the package to
  #       the language(s) supported by that package.  The varName argument

905
906
907
908
909
910
911
912

913
914
915
916
917
918
919
920
921
922
923

924
925
926
927
928
929
930


931
932
933
934
935


936
937
938
939
940
941


942
943
944
945
946
947


948
949
950
951
952
953
954


955
956
957
958
959
960
961

906
907
908
909
910
911
912

913
914
915
916
917
918
919
920
921
922
923

924
925
926
927
928
929
930

931
932
933
934
935


936
937
938
939
940
941


942
943
944
945
946
947


948
949
950
951
952
953
954


955
956
957
958
959
960
961
962
963








-
+










-
+






-
+
+



-
-
+
+




-
-
+
+




-
-
+
+





-
-
+
+








      #
      # NOTE: If there is no package script, there is nothing we
      #       can do here.
      #
      if {[string length $metadata(script)] > 0} then {
        #
        # NOTE: Figure out temporary file name for the downloaded script
        #       and its associated PGP signature.
        #       and its associated OpenPGP signature.
        #
        set fileName(1) [getFileTempName]
        set fileName(2) [appendArgs $fileName(1) .asc]

        #
        # NOTE: Write downloaded script to a temporary file.
        #
        writeFile $fileName(1) $metadata(script)

        #
        # NOTE: Write downloaded script PGP signature a temporary file.
        # NOTE: Write downloaded script OpenPGP signature a temporary file.
        #
        if {[string length $metadata(certificate)] > 0} then {
          writeFile $fileName(2) $metadata(certificate)
        }

        #
        # NOTE: Attempt to verify the PGP signature for the package script.
        # NOTE: Attempt to verify the OpenPGP signature for the package
        #       script.
        #
        if {[verifyPgpSignature $fileName(2)]} then {
          #
          # NOTE: Delete the temporary files that we created for the PGP
          #       signature verification.
          # NOTE: Delete the temporary files that we created for the
          #       OpenPGP signature verification.
          #
          eval $script(cleanup)
        } else {
          #
          # NOTE: Delete the temporary files that we created for the PGP
          #       signature verification.
          # NOTE: Delete the temporary files that we created for the
          #       OpenPGP signature verification.
          #
          eval $script(cleanup)

          #
          # NOTE: PGP signature verification failed.  Raise an error and
          #       do not proceed with evaluating the package script.
          # NOTE: OpenPGP signature verification failed.  Raise an error
          #       and do not proceed with evaluating the package script.
          #
          error "bad PGP signature"
        }

        #
        # NOTE: The PGP signature was verified; use the downloaded package
        #       script verbatim.
        # NOTE: The OpenPGP signature was verified; use the downloaded
        #       package script verbatim.
        #
        set script(inner) $metadata(script)

        #
        # NOTE: Determine the target language for the package script, which
        #       may or may not be the language that is currently evaluating
        #       this script (Eagle).  The default language, when one was not

Modified client/1.0/pkgr.eagle.harpy from [a401a14e54] to [3ea72268c0]. 

17
18
19
20
21
22
23
24

25
26
27

28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48


















49
50

17
18
19
20
21
22
23

24
25
26

27
28
29
30


















31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50








-
+


-
+



-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+



    THE ASSOCIATED SOFTWARE MAY NOT WORK PROPERLY IF THIS FILE IS ALTERED.
-->
<Certificate xmlns="https://eagle.to/2011/harpy"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <Protocol>None</Protocol>
  <Vendor>Mistachkin Systems</Vendor>
  <Id>f958f841-28ec-493a-9f30-fc7c5ec9e126</Id>
  <Id>b72e4969-c47f-4935-95df-c483ce315d11</Id>
  <HashAlgorithm>SHA512</HashAlgorithm>
  <EntityType>Script</EntityType>
  <TimeStamp>2016-08-19T19:55:14.6953594Z</TimeStamp>
  <TimeStamp>2016-08-19T19:59:26.5352031Z</TimeStamp>
  <Duration>-1.00:00:00</Duration>
  <Key>0x2c322765603b5278</Key>
  <Signature>
    EOkrzoac4RZFR8mw+Y41atTlsnQaJF1UTJm/73gRZ3xLZonAIAe7oJWHNW9+OdWTv07fmq4OnVkP
    RhhwffZ9p0d3dFSRTQfIByyeofHn5pLIFFSr3dejKJYJjIbXsaRapuKE2LTlowUKQ76V1ImA2uJL
    LDSDqVF3o9g8KmjYMYOC9710AvPboDNbA0aJcKl9oooLnVvVs1v0kXsh+fh+mMv11nShNDTZ7WcY
    mcDxFuOsfbphrdiwerE7rHeM2apHABtWrCkFrO+Liw45cPfQPqLThyW09BDXdwCI7T9EeHjv7IBZ
    PxNfwaA1P5SJxgTJlTn6h2FklmXglEDIkFzDidXp5IYxlm4aiDjIXUzv34TyWypouzLIyEf+CSKQ
    ieO4gmnu+PqHaQS0prGhR5KAjO70k2rH77H7Ai9XiX459MzdJlwd3G6lsWVgBbVqkRo69GYw6kXI
    Nw2YcobtoTswnF162IfemvlTtAxLsycWY+7sBEeRlQsLSP01PL4ifUVRCjPLayGPcbM69Jc9cTDM
    gMz0xwKK9cBTYsjtSxcwa1TnwuDVc6IiQnahJn0q5Nep3wokLqV8/ugokocISLt+BIo9++wesLJX
    w4VLR5vBd5URS/vek2gdppGPGCprNODaTtwHSL1MnTAB+lf0XOmRz84x+WXr5F5T2Atims77hVgp
    9y7G5KnT8nXF/DGjxNLn0+2+gwVGYeijFlm5bEhbjvV34cIVKMRxSyxEKU0e5xc2syendXFbWy+r
    rrVueBtGvoTDvZRuQthWI4ryHDEbzya0NFbnMkzH/ppszoIjnQf+2e3EzrI0tyG1dShFcbeZp3JN
    jNhBrGu0KlzNmZcJn7EWSgmY3d2wFHwI5vtQm5M0JmivqQWktlrwAuFiq+z9LtOX349lh7AqKx2i
    ut3Yz/XZhO7nDsIa2CsN5jdgsKahtebpVX2lcHnbGPR7xZwgy2LoDcN0SAgodxW8KPqlxLpWrv04
    gipXIZXALpuFe/w5LhIJHrbFqAeP+jIBoktwF9x02JRo/ziuj7a6LFFJ21lM4PB/RtP1JChaU8tL
    dYDOiUHkoEKB2W++RXmL2Iq9BPsZ3o7Za380f7Wro0PGxJRjnJTf5MUzkWFa7zQFCwBAqPLC0YME
    z58OH1U2imdnz79C3E9OLtCVdI09zVq0rKz7G8QoaqDU8GxlzvSTeftCv+c7UuM2mVzyhEVLoRR7
    LUNYsdnLW8mvg5Tn0W9syxUo4M8eZ/jOxs5MLbQNcbx6kap5nq+YfzreIeOKA62mUAn/dmCMlgWN
    Lhq2cYZdwzkNfsoXXAdU/J4uZKqqXFqQnpCiCPxexPrnA1BNHEkzjEj7t9vc9Mr62v5TvjdREA==
    XcsIVCu13nAbOUWRR4PfzF+mJVvQM5dDNuHugAcYrtRX1ENq1kSIKajzO1EucaSucgr+b+l0n5ES
    oADKBozX45J1QLeT2UywOFsEciyBUcLfuGBGRDN0aKYK8WR85IzJXdelOekjfGpASLszNu70rK4B
    Skm6ZV0y4Wh7/m0j60eUzKAP2NzcL24V6B96Yc3MzEJ9f8M7/FMvvNoXlblq5SIQIlCMKgi7zqy/
    5+MmfLvc6KLhRm7tEWA0uRGMdQ7UKDx6tfEgaE4KiZwPMFF/54MLREuvi0rRcm4LbSGZE5xr4lXK
    p+UDSu6nYiGtedLDQMw9nJ4XCS1w3ufYKj6oAvX8AOhP4lsFnyxH2s+WQxGMWYO4ly/bLem6dQp1
    /0CP4fuHYSsCxl3oMCo7ch5nP5lY5TCpTJVFHGwjOeVWWNL8eMUeDnF0OUx1bJtgTy7bulBAAkgU
    RhD1GwMXiVSzeGtuRE/o7beBem4Cth4O8mgCDn8hzaWdHXv7trtzmIyABHFHBB5qLGd3VwiYMVwv
    XXUFYKferSBuyAxwwxM++hNxzyNxgu9qeHQ3tmSLlblPlYSr3PL2tEdj8xtklqUIIUMIFYfqIIEl
    r8fUwuRlOhwSNd7mP17/B+Fac6TDCMHfrp1xiW9ORO9db9se+5PYFT8wUg6hoUuIeNhFfE03Ppo4
    xnwTpykr/LmGoTHK0f6zxjLXOjVEZYQVBvEiQ01conGcQeLD43VsMlo5WxdznRZb1jd2S0XMYENe
    TywkaweDSRyxGNfwkgyzVizJuuYILS9/is2HXhxbqcN4/dksasn4SAiV6DZCa5mn58XT7tT/9qbu
    v+pw5DVsceDX04UcaXbh9DjtK6uSO42sVpLw06Qi+3WPQdzxjEA+lxDooFamaVMY0fsIpEdnkkIQ
    b7lCYQm1zpc4DRJLukyUKgSVlAQhk+o02HD0N9rJyO2v+Wp8xMP6Mqxe5BqYp5uy0oXIOtrm+PyL
    5u0gq76Rf7mhd/5mgFqTwL+I/cYQUCJCv0nz1SDawFDfLdm/QVFh3H11eaff1doCnfMfIrBkhu6E
    +FaJLpAade0py0t8yssl2R7PISGWuRBJxlC6fNgVF5jdLkYIVq+osXxbglF0hh/SQb8O09KbgiQ9
    MCBFHWelAmvIo6ulywRbyc5BDeujGUaKyxDlMhVx2Np/8vqs+GILjTBjbHsTpUZbXD9beKGnW7TH
    tvwKa+MgoTpLR22xz9P2+k3y0XocnzrRV+5UxMPCMuYCPcqygyvGVt0P3z41Xw8VkAXYfYECOBft
    wKKbMbRvJ2N7N2O44bFhlchyG8eVtuoIxxim6bqGLIKSLXmREeYKPkPD7Ux3GEqSTKhzpeu1zw==
  </Signature>
</Certificate>

This page was generated in about 0.017s by Fossil version 2.20 Tcl version 8.6.12 [658547aa7c] 2022-10-09 01:11:55