mirror of https://github.com/keeweb/keeweb
disabled desktop update archives
parent
bee96ebf15
commit
75fa636366
@ -1,28 +0,0 @@
|
||||
module.exports = function (grunt) {
|
||||
grunt.registerMultiTask('sign-archive', 'Signs archive with a private key', function () {
|
||||
const done = this.async();
|
||||
const fs = require('fs');
|
||||
const sign = require('../util/sign');
|
||||
const file = fs.readFileSync(this.options().file);
|
||||
const ix = file.toString('binary').lastIndexOf(this.options().signature);
|
||||
if (ix < 0) {
|
||||
grunt.warn('Signature placeholder not found');
|
||||
return;
|
||||
}
|
||||
const data = file.slice(0, ix);
|
||||
sign(grunt, data).then((signature) => {
|
||||
signature = Buffer.from(signature.toString('hex'), 'binary');
|
||||
if (
|
||||
signature.byteLength !== Buffer.from(this.options().signature, 'binary').byteLength
|
||||
) {
|
||||
grunt.warn('Bad signature length');
|
||||
return;
|
||||
}
|
||||
for (let i = 0; i < signature.byteLength; i++) {
|
||||
file[ix + i] = signature[i];
|
||||
}
|
||||
fs.writeFileSync(this.options().file, file);
|
||||
done();
|
||||
});
|
||||
});
|
||||
};
|
@ -1,63 +0,0 @@
|
||||
module.exports = function (grunt) {
|
||||
grunt.registerMultiTask(
|
||||
'validate-desktop-update',
|
||||
'Validates desktop update package',
|
||||
function () {
|
||||
const path = require('path');
|
||||
const crypto = require('crypto');
|
||||
const fs = require('fs');
|
||||
const done = this.async();
|
||||
const StreamZip = require(path.resolve(
|
||||
__dirname,
|
||||
'../../desktop/node_modules/node-stream-zip'
|
||||
));
|
||||
const zip = new StreamZip({ file: this.options().file, storeEntries: true });
|
||||
const expFiles = this.options().expected;
|
||||
const expFilesCount = this.options().expectedCount;
|
||||
const publicKey = fs.readFileSync(this.options().publicKey, 'binary');
|
||||
const zipFileData = fs.readFileSync(this.options().file);
|
||||
zip.on('error', (err) => {
|
||||
grunt.warn(err);
|
||||
});
|
||||
zip.on('ready', () => {
|
||||
let valid = true;
|
||||
if (!zip.comment) {
|
||||
grunt.warn('No comment in ZIP');
|
||||
return;
|
||||
}
|
||||
if (zip.comment.length !== 512) {
|
||||
grunt.warn('Bad comment length in ZIP');
|
||||
return;
|
||||
}
|
||||
const verify = crypto.createVerify('RSA-SHA256');
|
||||
verify.write(zipFileData.slice(0, zip.centralDirectory.headerOffset + 22));
|
||||
verify.end();
|
||||
const signature = Buffer.from(zip.comment, 'hex');
|
||||
if (!verify.verify(publicKey, signature)) {
|
||||
grunt.warn('Invalid ZIP signature');
|
||||
return;
|
||||
}
|
||||
if (zip.entriesCount !== expFilesCount) {
|
||||
grunt.warn(
|
||||
`ZIP contains ${zip.entriesCount} entries, expected ${expFilesCount}`
|
||||
);
|
||||
valid = false;
|
||||
}
|
||||
expFiles.forEach((entry) => {
|
||||
try {
|
||||
if (!zip.entryDataSync(entry)) {
|
||||
grunt.warn('Corrupted entry in desktop update archive: ' + entry);
|
||||
valid = false;
|
||||
}
|
||||
} catch (e) {
|
||||
grunt.warn('Entry not found in desktop update archive: ' + entry);
|
||||
valid = false;
|
||||
}
|
||||
});
|
||||
if (valid) {
|
||||
done();
|
||||
}
|
||||
});
|
||||
}
|
||||
);
|
||||
};
|
@ -1,13 +0,0 @@
|
||||
{
|
||||
"name": "KeeWeb",
|
||||
"version": "1.16.7",
|
||||
"lockfileVersion": 1,
|
||||
"requires": true,
|
||||
"dependencies": {
|
||||
"node-stream-zip": {
|
||||
"version": "1.4.2",
|
||||
"resolved": "https://registry.npmjs.org/node-stream-zip/-/node-stream-zip-1.4.2.tgz",
|
||||
"integrity": "sha512-9WbviH8qi0HgHmHbQleydUZToH3vNlN83CyOrhrwGaPzmBPH1SUYUkFyHjWl6GWMMODlM81qgycZEfWm267gKA=="
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue