Select Git revision
check_site.lua
Matthias Schiffer authored
The autoupdater supports HTTPS when a ustream TLS backend is installed,
but we did not allow this in site.conf. However, just allowing HTTPS
URLs unconditionally is also a bad idea, as it might result in nodes
being unable to reach the mirror, in particular if the `tls` feature is
enabled only for some devices.
Solve this by allowing https:// URLs only if the marker file installed
by gluon-tls is found, failing the site check with an error message like
the following otherwise:
*** All of the following alternatives have failed:
1) site.conf error: expected autoupdater.branches.test.mirrors.1 to match pattern 'http://', but it is "https://..." (a string value)
2) site.conf error: expected autoupdater.branches.test.mirrors.1 to use HTTPS only if the 'tls' feature is enabled, but it is "https://..." (a string value)
3) site.conf error: expected autoupdater.branches.test.mirrors.1 to match pattern '^//', but it is "https://..." (a string value)
In addition, introduce support for protocol-less //server/path URLs,
which will use either HTTP or HTTPS depending on the availablility of
the `tls` feature. No fallback happens when `tls` is available, but the
HTTPS connection fails, preventing downgrade attack.
Based-on-patch-by:
Kevin Olbrich <ko@sv01.de>
check_site.lua 1.48 KiB
local has_tls = (function()
local f = io.open((os.getenv('IPKG_INSTROOT') or '') .. '/lib/gluon/features/tls')
if f then
f:close()
return true
end
return false
end)()
local branches = table_keys(need_table({'autoupdater', 'branches'}, function(branch)
need_alphanumeric_key(branch)
need_string(in_site(extend(branch, {'name'})))
need_array(extend(branch, {'mirrors'}), function(mirror)
alternatives(function()
need_string_match(mirror, 'http://')
end, function()
need_string_match(mirror, 'https://')
need(mirror, function() return has_tls end, nil,
"use HTTPS only if the 'tls' feature is enabled")
end, function()
need_string_match(mirror, '^//')
end)
end)
local pubkeys = need_string_array_match(in_site(extend(branch, {'pubkeys'})), '^%x+$')
need_number(in_site(extend(branch, {'good_signatures'})))
need(in_site(extend(branch, {'good_signatures'})), function(good_signatures)
return good_signatures <= #pubkeys
end, nil, string.format('be less than or equal to the number of public keys (%d)', #pubkeys))
obsolete(in_site(extend(branch, {'probability'})), 'Use GLUON_PRIORITY in site.mk instead.')
end))
need_one_of(in_site({'autoupdater', 'branch'}), branches, false)
-- Check GLUON_AUTOUPDATER_BRANCH
local default_branch
local f = io.open((os.getenv('IPKG_INSTROOT') or '') .. '/lib/gluon/autoupdater/default_branch')
if f then
default_branch = f:read('*line')
f:close()
end
need_one_of(value('GLUON_AUTOUPDATER_BRANCH', default_branch), branches, false)