Skip to content
Snippets Groups Projects
Select Git revision
  • tedomum-prod default
1 result
Search by author
  • Any Author
  • ayiniho ayiniho ayiniho
  • cress1 cress1 cress1
  • cyrinux cyrinux cyrinux
  • do3 do3 do3
  • gitlab-triage-bot gitlab-triage-bot
  • Halfa Halfa halfa
  • Jae Lo Presti Jae Lo Presti jae
  • kaiyou kaiyou kaiyou
  • MickGe MickGe mickge
  • Orlinum Orlinum orlinum
  • reminec reminec reminec
11 authors
  1. Oct 18, 2016
  3. Oct 11, 2016
  5. Oct 07, 2016
  7. Sep 27, 2016
  9. May 23, 2016
  11. May 03, 2016
  13. May 02, 2016
  15. Apr 26, 2016
  17. Apr 22, 2016
  19. Apr 06, 2016
  21. Mar 17, 2016
    • Morris Jobke's avatar
      Read available l10n files also from theme folder · 23c0f4ff
      Morris Jobke authored 
      The old behaviour was that only languages could be used for an app
that are already present in the apps/$app/l10n folder. If there is
a themed l10n that is not present in the apps default l10n folder
the language could not be used and the texts are not translated.

With this change this is possible and also the l10n files are
loaded even if the default l10n doesn't contain the l10n file.
      23c0f4ff
  23. Mar 15, 2016
  25. Feb 10, 2016
  27. Jan 22, 2016
    • Lukas Reschke's avatar
      Exclude .htaccess modifications from code checker · bc62aa1e
      Lukas Reschke authored 
      After the initial installation ownCloud will write some content into the .htaccess file such as the 404 or 403 directives. This adds a magic marker into the .htaccess file and only the content above this marker will be compared in the integrity checker.
      bc62aa1e
  29. Dec 01, 2015
    • Lukas Reschke's avatar
      Add code integrity check · 49710155
      Lukas Reschke authored 
      This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository.

Furthermore, there is a basic implementation to display problems with the code integrity on the update screen.

Code signing basically happens the following way:

- There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates.
- Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`,  apps need to be signed with a certificate that either has a CN of `core` (shipped apps!)  or the AppID.
- The command generates a signature.json file of the following format:
```json
{
    "hashes": {
        "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d",
        "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9"
    },
    "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----",
    "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl"
}
```
`hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the  certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`.

Steps to do in other PRs, this is already a quite huge one:
- Add nag screen in case the code check fails to ensure that administrators are aware of this.
- Add code verification also to OCC upgrade and unify display code more.
- Add enforced code verification to apps shipped from the appstore with a level of "official"
- Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release
- Add some developer documentation on how devs can request their own certificate
- Check when installing ownCloud
- Add support for CRLs to allow revoking certificates

**Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature:

```
➜  master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt
Successfully signed "core"
```

Then increase the version and you should see something like the following:

![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png)

As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen.

For packaging stable releases this requires the following additional steps as a last action before zipping:
1. Run `./occ integrity:sign-core` once
2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
      49710155
  31. Oct 14, 2015
  33. Aug 27, 2015
  35. Jul 20, 2015
    • Robin McCorkell's avatar
      Unit test OC_Files::setUploadLimit() · aac84f73
      Robin McCorkell authored 
      There was also a bug with checking the upper limit on the passed upload
size. PHP does funny things with integer vs float comparisons, so our
check didn't work. Now the check is much simpler, and ensures the value
is sane.
      aac84f73
  37. Jul 17, 2015
  39. Jun 06, 2015
    • Olivier Paroz's avatar
      Fix max preview, some resizing and caching issues and force preview providers... · 71d65cb7
      Olivier Paroz authored 
      Fix max preview, some resizing and caching issues and force preview providers to resize their previews properly
* introduces a method in OC_Image which doesn't stretch images when trying to make them fit in a box
* adds the method to all key providers so that they can do their job, as expected by the Preview class
* improves the caching mechanism of Preview in order to reduce I/O and to avoid filling the available disk space
* fixes some long standing issues
* **contains mostly tests**
      71d65cb7
  41. May 21, 2015
  43. May 05, 2015
  45. Apr 20, 2015
    • Vincent Petry's avatar
      Fix encryption feof to not return too early · 76dad297
      Vincent Petry authored 
      This is because stream_read will pre-cache the next block which causes
feof($this->source) to return true prematurely. So we cannot rely on it.

Fixed encryption stream wrapper unit tests to actually simulate 6k/8k
blocks to make sure we cover the matching logic.

Added two data files with 8192 and 8193 bytes.
      76dad297
  47. Mar 09, 2015
  49. Feb 20, 2015
  51. Feb 10, 2015
  53. Dec 11, 2014
  55. Dec 04, 2014