From 95d92e52ed6d71c21433b382f8a178a04b04954b Mon Sep 17 00:00:00 2001 From: Aqua-sama Date: Mon, 11 Mar 2019 19:39:06 +0200 Subject: Add PluginLoader class - PluginLoader::verify can be used to check if the plugin has a valid (SHA512/RSA 4096) signature. - Uses nn OpenSSL public key that is embedded during the compile. --- linux/makepkg/PKGBUILD | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) (limited to 'linux/makepkg') diff --git a/linux/makepkg/PKGBUILD b/linux/makepkg/PKGBUILD index 8c6bed3..3907ff8 100644 --- a/linux/makepkg/PKGBUILD +++ b/linux/makepkg/PKGBUILD @@ -14,10 +14,10 @@ license=('GPL3') depends=('qt5-webengine>=5.11.0' 'boost-libs>=1.66.0') optdepends=('firejail: launch a sandboxed instance') -makedepends=('git' 'meson' 'pkg-config' 'python-kconfiglib' 'asciidoctor') +makedepends=('git' 'meson' 'pkg-config' 'python-kconfiglib' 'asciidoctor' 'openssl') # this is the central repository -source=("git+https://neueland.iserlohn-fortress.net/gitea/aqua/smolbote.git" +source=("git+https://neueland.iserlohn-fortress.net/gitea/aeon/smolbote.git" "git+https://github.com/itay-grudev/SingleApplication.git") sha512sums=('SKIP' @@ -32,6 +32,17 @@ prepare() { git submodule init git config submodule.3rd-party/SingleApplication/SingleApplication.git.url $srcdir/SingleApplication git submodule update 3rd-party/SingleApplication/SingleApplication.git + + msg "Creating OpenSSL signing key" + mkdir $srcdir/signing + cd $srcdir/signing + # generate rsa keypair + openssl genrsa -out privateKey.pem 4096 + msg2 "RSA/4096 key created in $srcdir/signing/privateKey.pem. Keep this key if you want to sign additional plugins." + + openssl rsa -in privateKey.pem -pubout -out publicKey.pem + xxd -i publicKey.pem $srcdir/smolbote/src/plugin/publicKey.h + msg2 "Public key exported, and will be embedded into the resulting application. This will break reproducible builds." } pkgver() { @@ -76,13 +87,9 @@ package() { cd $srcdir/build DESTDIR="$pkgdir" ninja install - #msg Creating signing key in $srcdir/build/gpg - #mkdir $srcdir/build/gpg - #gpg2 --homedir=$srcdir/build/gpg --batch --generate-key $srcdir/smolbote/tools/gpgkey.preset - - #msg Signing plugins - #for so in $pkgdir/usr/local/lib/smolbote/plugins/*.so; do - # gpg2 --homedir=$srcdir/build/gpg --batch --yes --local-user=smolbote@localhost --detach-sign --output=$so.sig $so - #done + msg Signing plugins + for so in $pkgdir/usr/local/lib/smolbote/plugins/*.so; do + openssl dgst -sha256 -sign $srcdir/signing/privateKey.pem -out $so.sig $so + done } -- cgit v1.2.1