#21: Add signature validation during installations [partial]

2019-04-17 21:16:57 -05:00
parent 77094630b2
commit 946b54f2e6
6 changed files with 92 additions and 68 deletions
--- a/src/helpers.js
+++ b/src/helpers.js
@@ -3,6 +3,7 @@ const path = require('path');
 const os = require('os');
 const axios = require('axios/index');
 const exec = require('child_process').exec;
+const execFile = require('child_process').execFile;
 const spawn = require('child_process').spawn;
 const Constants = require('./constants');
 const RandomString = require('randomstring');
@@ -547,8 +548,7 @@ module.exports.verifySignature = (file, signatureFile, publicKeyFile) => {
  return new Promise((resolve, reject) => {
    const executeVerify = openssl => {
      //openssl dgst -sha256 -verify $pubkeyfile -signature signature.sig file
-      const command = '"' + openssl + '" dgst -sha256 -verify "' + publicKeyFile + '" -signature "' + signatureFile + '"';
-      exec(command, res => {
+      execFile(openssl, ['dgst', '-sha256', '-verify', publicKeyFile, '-signature', signatureFile], res => {
        if (res.code !== 0) {
          reject(res);
        } else {
@@ -571,14 +571,15 @@ module.exports.verifySignature = (file, signatureFile, publicKeyFile) => {
            if (err) {
              reject(err);
            } else {
-              const openssl = path.join(item.value(), 'bin', 'openssl.exe');
-              executeVerify(openssl);
+              executeVerify(path.join(item.value(), 'bin', 'openssl.exe'));
            }
          });
        } else {
          reject('Failed to locate \'openssl.exe\'');
        }
      });
+    } else if (os.platform() === 'linux') {
+      executeVerify('openssl');
    } else {
      reject('Platform not supported: ' + os.platform())
    }
@@ -587,13 +588,32 @@ module.exports.verifySignature = (file, signatureFile, publicKeyFile) => {

 module.exports.verifyHash = (file, hash) => {
  return new Promise((resolve, reject) => {
-    if (os.platform() === 'darwin') {
-      reject('Not implemented');
-    } else if (os.platform() === 'linux') {
-      reject('Not implemented');
+    const platform = os.platform();
+    let command;
+    let args;
+    if (platform === 'darwin') {
+      command = 'shasum';
+      args = ['-b', '-a', '256', file];
+    } else if (platform === 'linux') {
+      command = 'sha256sum';
+      args = ['-b', file, '-z'];
    }
    else {
      reject('Platform not supported: ' + os.platform())
    }
+    if (command) {
+      execFile(command, args, (err, stdout) => {
+        if (err) {
+          reject(err);
+        } else {
+          const hash2 = stdout.split(' ')[0].trim().toLowerCase();
+          if (hash2 === hash.toLowerCase()) {
+            resolve();
+          } else {
+            reject('Checksum failed for file');
+          }
+        }
+      });
+    }
  });
 };