Browse Source

Replace xxd with python script

Aqua-sama 1 month ago
parent
commit
f9e85b7ddd
Signed by: Aqua-sama <aqua@iserlohn-fortress.net> GPG Key ID: 5378B8349C1D5ADA
5 changed files with 104 additions and 13 deletions
  1. 4
    1
      Kconfig
  2. 29
    0
      lib/plugin/Kconfig
  3. 10
    0
      linux/.config
  4. 27
    12
      linux/makepkg/PKGBUILD
  5. 34
    0
      tools/hexdump.py

+ 4
- 1
Kconfig View File

@@ -7,7 +7,10 @@ menu "Application"
7 7
         default ":/icons/poi.svg"
8 8
 endmenu
9 9
 
10
-source lib/configuration/Kconfig
10
+source 'lib/configuration/Kconfig'
11
+
12
+# Plugin loading
13
+source 'lib/plugin/Kconfig'
11 14
 
12 15
 config USEPLASMA
13 16
     bool "Enable KDE Frameworks integration"

+ 29
- 0
lib/plugin/Kconfig View File

@@ -0,0 +1,29 @@
1
+config USEPLUGINS
2
+    bool "Enable plugins"
3
+    default y
4
+
5
+menu "Plugin Settings"
6
+    depends on USEPLUGINS
7
+
8
+    choice PLUGIN_SIGNATURE_CHECK
9
+        bool "Plugin Signature enforcement"
10
+        default PLUGIN_SIGNATURE_CHECKED
11
+
12
+        config PLUGIN_SIGNATURE_IGNORED
13
+            bool "Don't check plugin signatures"
14
+
15
+        config PLUGIN_SIGNATURE_NONFATAL
16
+            bool "Check signature validity, but always load plugins"
17
+
18
+        config PLUGIN_SIGNATURE_CHECKED
19
+            bool "Don't load plugins with invalid signatures"
20
+
21
+        config PLUGIN_SIGNATURE_ENFORCED
22
+            bool "Only load plugins with valid signatures"
23
+
24
+    endchoice
25
+
26
+    config PLUGIN_SIGNATURE_HASH
27
+        string "Hashing algorithm used by the signature"
28
+        default "SHA256"
29
+endmenu

+ 10
- 0
linux/.config View File

@@ -70,6 +70,16 @@ CONFIG_PROFILE_DEFAULT=""
70 70
 CONFIG_PROFILE_DEFAULT_SEARCH="https://duckduckgo.com/?q=%1&ia=web"
71 71
 CONFIG_PROFILE_DEFAULT_HOMEPAGE="about:blank"
72 72
 CONFIG_PROFILE_DEFAULT_NEWTAB="about:blank"
73
+CONFIG_USEPLUGINS=y
74
+
75
+#
76
+# Plugin Settings
77
+#
78
+# CONFIG_PLUGIN_SIGNATURE_IGNORED is not set
79
+# CONFIG_PLUGIN_SIGNATURE_NONFATAL is not set
80
+CONFIG_PLUGIN_SIGNATURE_CHECKED=y
81
+# CONFIG_PLUGIN_SIGNATURE_ENFORCED is not set
82
+CONFIG_PLUGIN_SIGNATURE_HASH="SHA256"
73 83
 # CONFIG_USEPLASMA is not set
74 84
 # CONFIG_USEBREAKPAD is not set
75 85
 

+ 27
- 12
linux/makepkg/PKGBUILD View File

@@ -26,6 +26,18 @@ sha512sums=('SKIP'
26 26
 #validgpgkeys=(# Aqua-sama <aqua@iserlohn-fortress.net>
27 27
 #              BB1C090188E3E32B375C13FD095DE26BC16D2E98)
28 28
 
29
+## Build Options
30
+
31
+# Run menuconfig
32
+#_menuconfig=
33
+
34
+# Enable plugin signing:
35
+# - generate a 4096-bit RSA key and embed the public key into the binary
36
+# - apply the plugin signing patch to the config, enabling PluginLoader::verify
37
+# - sign the plugins with the private key, and install the signatures
38
+# Because this embeds the public key into the executable, enabling this option will break reproducible builds.
39
+_signPlugins=
40
+
29 41
 prepare() {
30 42
     cd $srcdir/smolbote
31 43
 
@@ -33,16 +45,18 @@ prepare() {
33 45
     git config submodule.3rd-party/SingleApplication/SingleApplication.git.url $srcdir/SingleApplication
34 46
     git submodule update 3rd-party/SingleApplication/SingleApplication.git
35 47
 
36
-    msg "Creating OpenSSL signing key"
37
-    mkdir $srcdir/signing
38
-    cd $srcdir/signing
39
-    # generate rsa keypair
40
-    openssl genrsa -out privateKey.pem 4096
41
-    msg2 "RSA/4096 key created in $srcdir/signing/privateKey.pem. Keep this key if you want to sign additional plugins."
42
-
43
-    openssl rsa -in privateKey.pem -pubout -out publicKey.pem
44
-    xxd -i publicKey.pem $srcdir/smolbote/src/plugin/publicKey.h
45
-    msg2 "Public key exported, and will be embedded into the resulting application. This will break reproducible builds."
48
+    if [ -n $_signPlugins ]; then
49
+        msg "Creating OpenSSL signing key"
50
+        mkdir $srcdir/signing
51
+        cd $srcdir/signing
52
+        # generate rsa keypair
53
+        openssl genrsa -out privateKey.pem 4096
54
+        msg2 "Keypair written to $srcdir/signing/privateKey.pem."
55
+
56
+        openssl rsa -in privateKey.pem -pubout -out publicKey.pem
57
+        ./tools/hexdump.py --name='publicKey_pem' publicKey.pem $srcdir/smolbote/src/plugin/publicKey.h
58
+        msg2 "Public key exported to $srcdir/signing/publicKey.pem."
59
+    fi
46 60
 }
47 61
 
48 62
 pkgver() {
@@ -71,7 +85,7 @@ build() {
71 85
     # b_lto: Use link time optimization
72 86
     meson --buildtype=plain --prefix=/usr/local --auto-features=disabled \
73 87
         -Db_pie=true -Db_lto=true -Dcpp_link_args="-fuse-ld=gold" \
74
-        -DPlasma=enabled -Dmanpage=enabled \
88
+        -Dmanpage=enabled \
75 89
         $srcdir/build
76 90
 
77 91
     # Run menuconfig
@@ -87,9 +101,10 @@ package() {
87 101
     cd $srcdir/build
88 102
     DESTDIR="$pkgdir" ninja install
89 103
 
90
-    msg Signing plugins
104
+    msg "Signing plugins"
91 105
     for so in $pkgdir/usr/local/lib/smolbote/plugins/*.so; do
92 106
         openssl dgst -sha256 -sign $srcdir/signing/privateKey.pem -out $so.sig $so
107
+        install -m644 $so.sig $pkgdir/usr/lib/smolbote/plugins/$so.sig
93 108
     done
94 109
 }
95 110
 

+ 34
- 0
tools/hexdump.py View File

@@ -0,0 +1,34 @@
1
+#!/usr/bin/env python3
2
+
3
+import argparse
4
+from functools import partial
5
+
6
+parser = argparse.ArgumentParser(description='Convert a file to C array')
7
+parser.add_argument('input', type=str, help='Input file')
8
+parser.add_argument('output', type=str, help='Output file')
9
+parser.add_argument('--array-type', type=str, default='const unsigned char', help='Array type')
10
+parser.add_argument('--length-type', type=str, default='const unsigned int', help='Length type')
11
+parser.add_argument('--name', type=str, default='a', help='Array name')
12
+
13
+args=parser.parse_args()
14
+
15
+print("{} {}[] = {{".format(args.array_type, args.name))
16
+
17
+n = 0
18
+
19
+with open(args.input, "rb") as in_file:
20
+  for c in iter(partial(in_file.read, 1), b''):
21
+    if n % 16 == 0:
22
+      print("    ", end='')
23
+
24
+    print("0x%02X," % ord(c), end='')
25
+
26
+    n += 1
27
+    if n % 16 == 0:
28
+      print("")
29
+    else:
30
+      print(" ", end='')
31
+
32
+print("\n};")
33
+print("{} {}_len = {};".format(args.length_type, args.name, n))
34
+

Loading…
Cancel
Save