rooty/Arduino
1
0
Fork 0
mirror of https://github.com/arduino/Arduino.git synced 2025-01-31 20:52:13 +01:00
Code Issues Releases Activity

Add areInsecurePackagesAllowed method

Browse Source
This commit is contained in:
Mattia Bertorello 2019-07-24 17:27:12 +02:00 committed by Cristian Maglie
parent 76852465d2
commit 94dd695355
4 changed files with 23 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
arduino-core/src/cc/arduino/contributions/DownloadableContributionsDownloader.java
View File

@ -29,7 +29,6 @@
package cc.arduino.contributions; package cc.arduino.contributions;
import cc.arduino.Constants;
import cc.arduino.utils.FileHash; import cc.arduino.utils.FileHash;
import cc.arduino.utils.MultiStepProgress; import cc.arduino.utils.MultiStepProgress;
import cc.arduino.utils.Progress; import cc.arduino.utils.Progress;
@ -199,10 +198,6 @@ public class DownloadableContributionsDownloader {
public boolean checkSignature(MultiStepProgress progress, URL signatureUrl, ProgressListener progressListener, SignatureVerifier signatureVerifier, String statusText, File fileToVerify) throws Exception { public boolean checkSignature(MultiStepProgress progress, URL signatureUrl, ProgressListener progressListener, SignatureVerifier signatureVerifier, String statusText, File fileToVerify) throws Exception {
final boolean allowInsecurePackages =
PreferencesData.getBoolean(Constants.ALLOW_INSECURE_PACKAGES, false);
final boolean trustAll = PreferencesData.getBoolean(Constants.PREF_CONTRIBUTIONS_TRUST_ALL);
final boolean skipVerification = allowInsecurePackages || trustAll;
// Signature file name // Signature file name
final String signatureFileName = FilenameUtils.getName(signatureUrl.getPath()); final String signatureFileName = FilenameUtils.getName(signatureUrl.getPath());
@ -214,7 +209,7 @@ public class DownloadableContributionsDownloader {
// Download signature // Download signature
download(signatureUrl, packageIndexSignatureTemp, progress, statusText, progressListener, true); download(signatureUrl, packageIndexSignatureTemp, progress, statusText, progressListener, true);
if (skipVerification) { if (PreferencesData.areInsecurePackagesAllowed()) {
Files.move(packageIndexSignatureTemp.toPath(), packageIndexSignature.toPath(), StandardCopyOption.REPLACE_EXISTING); Files.move(packageIndexSignatureTemp.toPath(), packageIndexSignature.toPath(), StandardCopyOption.REPLACE_EXISTING);
log.info("Allowing insecure packages because allow_insecure_packages is set to true in preferences.txt" + log.info("Allowing insecure packages because allow_insecure_packages is set to true in preferences.txt" +
" but the signature was download"); " but the signature was download");

6
arduino-core/src/cc/arduino/contributions/packages/ContributionInstaller.java
View File

@ -145,7 +145,7 @@ public class ContributionInstaller {
assert toolContrib.getDownloadedFile() != null; assert toolContrib.getDownloadedFile() != null;
new ArchiveExtractor(platform).extract(toolContrib.getDownloadedFile(), destFolder.toFile(), 1); new ArchiveExtractor(platform).extract(toolContrib.getDownloadedFile(), destFolder.toFile(), 1);
try { try {
findAndExecutePostInstallScriptIfAny(destFolder.toFile(), contributedPlatform.getParentPackage().isTrusted(), PreferencesData.getBoolean(Constants.PREF_CONTRIBUTIONS_TRUST_ALL)); findAndExecutePostInstallScriptIfAny(destFolder.toFile(), contributedPlatform.getParentPackage().isTrusted(), PreferencesData.areInsecurePackagesAllowed());
} catch (IOException e) { } catch (IOException e) {
errors.add(tr("Error running post install script")); errors.add(tr("Error running post install script"));
} }
@ -164,7 +164,7 @@ public class ContributionInstaller {
contributedPlatform.setInstalled(true); contributedPlatform.setInstalled(true);
contributedPlatform.setInstalledFolder(destFolder); contributedPlatform.setInstalledFolder(destFolder);
try { try {
findAndExecutePostInstallScriptIfAny(destFolder, contributedPlatform.getParentPackage().isTrusted(), PreferencesData.getBoolean(Constants.PREF_CONTRIBUTIONS_TRUST_ALL)); findAndExecutePostInstallScriptIfAny(destFolder, contributedPlatform.getParentPackage().isTrusted(), PreferencesData.areInsecurePackagesAllowed());
} catch (IOException e) { } catch (IOException e) {
e.printStackTrace(); e.printStackTrace();
errors.add(tr("Error running post install script")); errors.add(tr("Error running post install script"));
@ -244,7 +244,7 @@ public class ContributionInstaller {
} }
List<String> errors = new LinkedList<>(); List<String> errors = new LinkedList<>();
try { try {
findAndExecutePreUninstallScriptIfAny(contributedPlatform.getInstalledFolder(), contributedPlatform.getParentPackage().isTrusted(), PreferencesData.getBoolean(Constants.PREF_CONTRIBUTIONS_TRUST_ALL)); findAndExecutePreUninstallScriptIfAny(contributedPlatform.getInstalledFolder(), contributedPlatform.getParentPackage().isTrusted(), PreferencesData.areInsecurePackagesAllowed());
} catch (IOException e) { } catch (IOException e) {
errors.add(tr("Error running post install script")); errors.add(tr("Error running post install script"));
} }

4
arduino-core/src/cc/arduino/contributions/packages/ContributionsIndexer.java
View File

@ -86,7 +86,7 @@ public class ContributionsIndexer {
File defaultIndexFile = getIndexFile(Constants.DEFAULT_INDEX_FILE_NAME); File defaultIndexFile = getIndexFile(Constants.DEFAULT_INDEX_FILE_NAME);
if (defaultIndexFile.exists()) { if (defaultIndexFile.exists()) {
// Check main index signature // Check main index signature
if (!PreferencesData.getBoolean(Constants.ALLOW_INSECURE_PACKAGES) && !signatureVerifier.isSigned(defaultIndexFile)) { if (!PreferencesData.areInsecurePackagesAllowed() && !signatureVerifier.isSigned(defaultIndexFile)) {
throw new SignatureVerificationFailedException(Constants.DEFAULT_INDEX_FILE_NAME); throw new SignatureVerificationFailedException(Constants.DEFAULT_INDEX_FILE_NAME);
} }
@ -142,7 +142,7 @@ public class ContributionsIndexer {
ContributionsIndex contributionsIndex = parseIndex(indexFile); ContributionsIndex contributionsIndex = parseIndex(indexFile);
boolean signed = signatureVerifier.isSigned(indexFile); boolean signed = signatureVerifier.isSigned(indexFile);
boolean trustall = PreferencesData.getBoolean(Constants.PREF_CONTRIBUTIONS_TRUST_ALL); boolean trustall = PreferencesData.areInsecurePackagesAllowed();
for (ContributedPackage contributedPackage : contributionsIndex.getPackages()) { for (ContributedPackage contributedPackage : contributionsIndex.getPackages()) {
contributedPackage.setTrusted(signed || trustall); contributedPackage.setTrusted(signed || trustall);

27
arduino-core/src/processing/app/PreferencesData.java
View File

@ -1,9 +1,14 @@
package processing.app; package processing.app;
import static processing.app.I18n.format; import cc.arduino.Constants;
import static processing.app.I18n.tr; import cc.arduino.i18n.Languages;
import org.apache.commons.compress.utils.IOUtils;
import processing.app.helpers.PreferencesHelper;
import processing.app.helpers.PreferencesMap;
import processing.app.legacy.PApplet;
import processing.app.legacy.PConstants;
import java.awt.Font; import java.awt.*;
import java.io.File; import java.io.File;
import java.io.IOException; import java.io.IOException;
import java.io.PrintWriter; import java.io.PrintWriter;
@ -13,13 +18,8 @@ import java.util.Iterator;
import java.util.MissingResourceException; import java.util.MissingResourceException;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import org.apache.commons.compress.utils.IOUtils; import static processing.app.I18n.format;
import static processing.app.I18n.tr;
import cc.arduino.i18n.Languages;
import processing.app.helpers.PreferencesHelper;
import processing.app.helpers.PreferencesMap;
import processing.app.legacy.PApplet;
import processing.app.legacy.PConstants;
public class PreferencesData { public class PreferencesData {
@ -275,4 +275,11 @@ public class PreferencesData {
String value = values.stream().collect(Collectors.joining(",")); String value = values.stream().collect(Collectors.joining(","));
set(key, value); set(key, value);
} }
public static boolean areInsecurePackagesAllowed() {
if (getBoolean(Constants.ALLOW_INSECURE_PACKAGES, false)) {
return true;
}
return getBoolean(Constants.PREF_CONTRIBUTIONS_TRUST_ALL, false);
}
} }