Revision: 4625
http://sourceforge.net/p/vexi/code/4625
Author: mkpg2
Date: 2013-12-20 22:56:24 +0000 (Fri, 20 Dec 2013)
Log Message:
-----------
Verify signed core during build process.
- had a bad signing in one build, better to catch early and the build to fail
Modified Paths:
--------------
branches/vexi3_r4566/org.vexi-core.download/build.xml
branches/vexi3_r4566/org.vexi-core.download/meta/product-assembly.xml
trunk/org.vexi-build.sign/src/main/java/org/vexi/build/sign/VexiSignAssembler.java
trunk/org.vexi-library.crypto/src/main/java/org/vexi/security/VerifySigned.java
Modified: branches/vexi3_r4566/org.vexi-core.download/build.xml
===================================================================
--- branches/vexi3_r4566/org.vexi-core.download/build.xml 2013-12-20
22:38:52 UTC (rev 4624)
+++ branches/vexi3_r4566/org.vexi-core.download/build.xml 2013-12-20
22:56:24 UTC (rev 4625)
@@ -1,6 +1,7 @@
-<project default="eclipse_setup">
+<project default="build_release">
<property name="ebuild.home" location="../_ebuild"/>
+ <property name="project-dir" location="."/>
<import file="${ebuild.home}/interface/workspace.ent"/>
</project>
\ No newline at end of file
Modified: branches/vexi3_r4566/org.vexi-core.download/meta/product-assembly.xml
===================================================================
--- branches/vexi3_r4566/org.vexi-core.download/meta/product-assembly.xml
2013-12-20 22:38:52 UTC (rev 4624)
+++ branches/vexi3_r4566/org.vexi-core.download/meta/product-assembly.xml
2013-12-20 22:56:24 UTC (rev 4625)
@@ -59,6 +59,7 @@
<target name="signed">
<assembler source="local" name="build.sign" branch="trunk" >
<input ref="unsigned"/>
+ <property key="verify" value="true"/>
<property key="secret_name" value="secret.vexi"/>
</assembler>
</target>
Modified:
trunk/org.vexi-build.sign/src/main/java/org/vexi/build/sign/VexiSignAssembler.java
===================================================================
---
trunk/org.vexi-build.sign/src/main/java/org/vexi/build/sign/VexiSignAssembler.java
2013-12-20 22:38:52 UTC (rev 4624)
+++
trunk/org.vexi-build.sign/src/main/java/org/vexi/build/sign/VexiSignAssembler.java
2013-12-20 22:56:24 UTC (rev 4625)
@@ -26,9 +26,9 @@
}
- public Collection<File> assemble(IAssemblerArgument argument) throws
BuildPluginException {
+ public Collection<File> assemble(final IAssemblerArgument argument) throws
BuildPluginException {
IPropertyMap props = argument.getPropertyMap();
- IEBuild ebuild = argument.getEBuild();
+ final IEBuild ebuild = argument.getEBuild();
IInputMap inputs = argument.getInputMap();
boolean verify = props.getBool("verify", false);
@@ -38,10 +38,9 @@
throw new BuildPluginException("No such directory:
"+ebuild.formatAsDisplayPath(secretFolder));
}
-
- SecretFolder secret;
- File in = inputs.expectLoneInput().expectLoneArtifact();
- File out = new File(argument.getOutputDirectory(),
argument.getReleaseFileName());
+ final SecretFolder secret;
+ final File in = inputs.expectLoneInput().expectLoneArtifact();
+ final File out = new File(argument.getOutputDirectory(),
argument.getReleaseFileName());
try{
secret = new SecretFolder(secretFolder, null);
// REMARK - we have to use the release file name
@@ -51,15 +50,29 @@
}
if(verify){
- try{
- byte[] bytes0 = IOUtil.fileToBytes(in);
- byte[] bytes1 =
VerifyFiles.verifyFile(secret.getCertFile(), in);
- if(!Arrays.areEqual(bytes0, bytes1)){
- throw new BuildPluginException("Verification
failed - did not reproduce");
+ new Object(){
+ BuildPluginException fail(String msg, Exception e){
+ return new BuildPluginException(msg+"\n" +
+ "Cert:
"+ebuild.formatAsDisplayPath(secret.getCertFile())+
+ "Signed:
"+ebuild.formatAsDisplayPath(out)+
+ "Expected:
"+ebuild.formatAsDisplayPath(in)
+ );
}
- }catch(IOException e){
- throw new BuildPluginException(e);
- }
+
+ void run() throws BuildPluginException{
+ try{
+ byte[] bytes0 = IOUtil.fileToBytes(in);
+ byte[] bytes1 =
VerifyFiles.verifyFile(secret.getCertFile(), out);
+ if(!Arrays.areEqual(bytes0, bytes1)){
+ throw fail("Verification failed - file
did not reproduce", null);
+ }
+ argument.getLogger().log("Verified
"+bytes0.length+" bytes the same");
+ }catch(IOException e){
+ throw fail("Verification failed - error", e);
+ }
+
+ }
+ }.run();
}
return singletonList(out);
}
Modified:
trunk/org.vexi-library.crypto/src/main/java/org/vexi/security/VerifySigned.java
===================================================================
---
trunk/org.vexi-library.crypto/src/main/java/org/vexi/security/VerifySigned.java
2013-12-20 22:38:52 UTC (rev 4624)
+++
trunk/org.vexi-library.crypto/src/main/java/org/vexi/security/VerifySigned.java
2013-12-20 22:56:24 UTC (rev 4625)
@@ -17,10 +17,15 @@
{
DER.InputStream dis = new DER.InputStream(is);
- List l = (List) dis.readObject();
+ Object disO = dis.readObject();
+ if(!(disO instanceof List)){
+ throw new IOException("Exepected list, got
"+disO.getClass().getName());
+ }
+ List l = (List)disO;
version = ((BigInteger) l.get(0)).intValue();
identity = (String) l.get(1);
- signedHash = ((DER.BitString)l.get(2)).data;
+ signedHash = ((DER.BitString)l.get(2)).data;
+
}
if(version!=0) throw new IOException("Unknown signature version:
"+version);
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
Vexi-svn mailing list
Vexi-svn@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/vexi-svn
