Commit 706b5a49 authored by Sietse Ringers's avatar Sietse Ringers
Browse files

Recover from newly downloaded invalid signature schemes

parent 06aad1ff
......@@ -61,6 +61,17 @@ func EnsureDirectoryExists(path string) error {
return os.Mkdir(path, 0700)
}
func Copy(src, dest string) error {
if err := AssertPathExists(src); err != nil {
return err
}
bts, err := ioutil.ReadFile(src)
if err != nil {
return err
}
return SaveFile(dest, bts)
}
// Save the filecontents at the specified path atomically:
// - first save the content in a temp file with a random filename in the same dir
// - then rename the temp file to the specified filepath, overwriting the old file
......
......@@ -379,28 +379,58 @@ func (conf *Configuration) AddSchemeManager(manager *SchemeManager) error {
if err := conf.DownloadSchemeManagerSignature(manager); err != nil {
return err
}
conf.SchemeManagers[NewSchemeManagerIdentifier(name)] = manager
return nil
}
// DownloadSchemeManagerSignature downloads, stores and verifies the latest version
// of the index file and signature of the specified manager.
func (conf *Configuration) DownloadSchemeManagerSignature(manager *SchemeManager) (err error) {
t := NewHTTPTransport(manager.URL)
path := fmt.Sprintf("%s/%s", conf.path, manager.ID)
index := filepath.Join(path, "index")
sig := filepath.Join(path, "index.sig")
// Backup so we can restore last valid signature if the new signature is invalid
if err := conf.backupManagerSignature(index, sig); err != nil {
return err
}
if err = t.GetFile("index", index); err != nil {
return err
}
if err = t.GetFile("index.sig", sig); err != nil {
return err
}
valid, err := conf.VerifySignature(manager.Identifier())
if err != nil {
_ = conf.restoreManagerSignature(index, sig)
return err
}
if !valid {
_ = conf.restoreManagerSignature(index, sig)
return errors.New("Scheme manager signature invalid")
}
conf.SchemeManagers[NewSchemeManagerIdentifier(name)] = manager
return nil
}
// DownloadSchemeManagerSignature downloads and stores the latest version
// of the index file and signature of the specified manager.
func (conf *Configuration) DownloadSchemeManagerSignature(manager *SchemeManager) error {
t := NewHTTPTransport(manager.URL)
path := fmt.Sprintf("%s/%s", conf.path, manager.ID)
func (conf *Configuration) backupManagerSignature(index, sig string) error {
if err := fs.Copy(index, index+".backup"); err != nil {
return err
}
if err := fs.Copy(sig, sig+".backup"); err != nil {
return err
}
return nil
}
if err := t.GetFile("index", path+"/index"); err != nil {
func (conf *Configuration) restoreManagerSignature(index, sig string) error {
if err := fs.Copy(index+".backup", index); err != nil {
return err
}
if err := t.GetFile("index.sig", path+"/index.sig"); err != nil {
if err := fs.Copy(sig+".backup", sig); err != nil {
return err
}
return nil
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment