#21: Add signature validation during installations [partial]

2019-04-16 13:29:22 -05:00
parent 3351c08674
commit 89fd3d5a84
13 changed files with 59 additions and 15 deletions
--- a/bin/7za.dll
+++ b/bin/7za.dll
--- a/bin/7za.exe
+++ b/bin/7za.exe
--- a/bin/7zxa.dll
+++ b/bin/7zxa.dll
--- a/bin/b64.exe
+++ b/bin/b64.exe
--- a/bin/grep.exe
+++ b/bin/grep.exe
--- a/bin/libiconv2.dll
+++ b/bin/libiconv2.dll
--- a/bin/libintl3.dll
+++ b/bin/libintl3.dll
--- a/bin/pcre3.dll
+++ b/bin/pcre3.dll
--- a/bin/regex2.dll
+++ b/bin/regex2.dll
--- a/bin/sed.exe
+++ b/bin/sed.exe
--- a/blockstorage_dev_public.pem
+++ b/blockstorage_dev_public.pem
@@ -0,0 +1,25 @@
+-----BEGIN PUBLIC KEY-----
+MIIEIjANBgkqhkiG9w0BAQEFAAOCBA8AMIIECgKCBAEKfZmq5mMAtD4kSt2Gc/5J
+H+HHTYtUZE6YYvsvz8TNG/bNL67ZtNRyaoMyhLTfIN4rPBNLUfD+owNS+u5Yk+lS
+ZLYyOuhoCZIFefayYqKLr42G8EeuRbx0IMzXmJtN0a4rqxlWhkYufJubpdQ+V4DF
+oeupcPdIATaadCKVeZC7A0G0uaSwoiAVMG5dZqjQW7F2LoQm3PhNkPvAybIJ6vBy
+LqdBegS1JrDn43x/pvQHzLO+l+FIG23D1F7iF+yZm3DkzBdcmi/mOMYs/rXZpBym
+2/kTuSGh5buuJCeyOwR8N3WdvXw6+KHMU/wWU8qTCTT87mYbzH4YR8HgkjkLHxAO
+5waHK6vMu0TxugCdJmVV6BSbiarJsh66VRosn7+6hlq6AdgksxqCeNELZBS+LBki
+tb5hKyL+jNZnaHiR0U7USWtmnqZG6FVVRzlCnxP7tZo5O5Ex9AAFGz5JzOzsFNbv
+xwQ0zqaTQOze+MJbkda7JfRoC6TncD0+3hoXsiaF4mCn8PqUCn0DwhglcRucZlST
+ZvDNDo1WAtxPJebb3aS6uymNhBIquQbVAWxVO4eTrOYEgutxwkHE3yO3is+ogp8d
+xot7f/+vzlbsbIDyuZBDe0fFkbTIMTU48QuUUVZpRKmKZTHQloz4EHqminbfX1sh
+M7wvDkpJEtqbc0VnG/BukUzP6e7Skvgc7eF1sI3+8jH8du2rivZeZAl7Q2f+L9JA
+BY9pjaxttxsud7V5jeFi4tKuDHi21/XhSjlJK2c2C4AiUEK5/WhtGbQ5JjmcOjRq
+yXFRqLlerzOcop2kbtU3Ar230wOx3Dj23Wg8++lV3LU4U9vMR/t0qnSbCSGJys7m
+ax2JpFlTwj/0wYuTlVFoNQHZJ1cdfyRiRBY4Ou7XO0W5hcBBKiYsC+neEeMMHdCe
+iTDIW/ojcVTdFovl+sq3n1u4SBknE90JC/3H+TPE1s2iB+fwORVg0KPosQSNDS0A
+7iK6AZCDC3YooFo+OzHkYMt9uLkXiXMSLx70az+qlIwOzVHKxCo7W/QpeKCXUCRZ
+MMdlYEUs1PC8x2qIRUEVHuJ0XMTKNyOHmzVLuLK93wUWbToh+rdDxnbhX+emuESn
+XH6aKiUwX4olEVKSylRUQw8nVckZGVWXzLDlgpzDrLHC8J8qHzFt7eCqOdiqsxhZ
+x1U5LtugxwSWncTZ7vlKl0DuC/AWB7SuDi7bGRMSVp2n+MnD1VLKlsCclHXjIciE
+W29n3G3lJ/sOta2sxqLd0j1XBQddrFXl5b609sIY81ocHqu8P2hRu5CpqJ/sGZC5
+mMH3segHBkRj0xJcfOxceRLj1a+ULIIR3xL/3f8s5Id25TDo/nqBoCvu5PeCpo6L
+9wIDAQAB
+-----END PUBLIC KEY-----
--- a/create_dist.cmd
+++ b/create_dist.cmd
@@ -0,0 +1,29 @@
+@echo off
+
+set ROOT=%~dp0%
+
+set OPENSSL_BIN="c:\OpenSSL-Win64\bin\openssl.exe"
+set PRIVATE_KEY="c:\src\cert\blockstorage_dev_private.pem"
+set PUBLIC_KEY="%ROOT%\blockstorage_dev_public.pem"
+set SED_BIN=%ROOT%bin\sed.exe
+set GREP_BIN=%ROOT%bin\grep.exe
+set B64_BIN=%ROOT%bin\b64.exe
+
+pushd "%ROOT%"
+  for /f "tokens=*" %%i in ('%GREP_BIN% -m1 -a version package.json ^| %SED_BIN% -e "s/""""//g" ^| %SED_BIN% -e "s/version: //g" -e "s/,//g"') do (
+    set APP_VER=%%i
+  )
+  set OUT_FILE=repertory-ui_%APP_VER%_win.exe
+  echo %OUT_FILE%
+
+  npm run dist && (
+    pushd dist
+      echo Signing Installation [%OUT_FILE%]
+      (certutil -hashfile "%OUT_FILE%" SHA256 | "%SED_BIN%" -e "1d" -e "$d" -e "s/\ //g") > "%OUT_FILE%.sha256"
+      "%OPENSSL_BIN%" dgst -sha256 -sign "%PRIVATE_KEY%" -out "%OUT_FILE%.sig" "%OUT_FILE%"
+      "%B64_BIN%" -e "%OUT_FILE%.sig" "%OUT_FILE%.sig.b64"
+    popd
+  ) || (
+    echo Failed
+  )
+popd
--- a/releases.json
+++ b/releases.json
@@ -2,27 +2,19 @@
  "Locations": {
    "win32": {
      "1.0.3": {
-        "hash": "",
+        "sig": "",
        "urls": []
-      },
-      "1.0.2": {
-        "hash": "",
-        "urls": ["https://pixeldrain.com/api/file/4oJeVntd"]
      }
    },
    "darwin": {
      "1.0.3": {
-        "hash": "",
+        "sig": "",
        "urls": []
-      },
-      "1.0.2": {
-        "hash": "",
-        "urls": ["https://pixeldrain.com/api/file/sEz57mDP"]
      }
    },
    "solus": {
      "1.0.3": {
-        "hash": "",
+        "sig": "",
        "urls": []
      }
    }
@@ -35,12 +27,10 @@
      "1.0.3"
    ],
    "win32": [
-      "1.0.3",
-      "1.0.2"
+      "1.0.3"
    ],
    "darwin": [
-      "1.0.3",
-      "1.0.2"
+      "1.0.3"
    ],
    "unknown": [
      "unavailable"