api: fix function name + allow unsigned packages

This commit is contained in:
Thomas Hobson 2021-02-21 12:56:35 +13:00
parent 8ad62ec983
commit b20f853ef1
No known key found for this signature in database
GPG Key ID: 9F1FD9D87950DB6F
3 changed files with 21 additions and 19 deletions

View File

@ -6,7 +6,7 @@ const fs = require('fs/promises'),
module.exports = { module.exports = {
async buffer_from_u_r_l(url){ async buffer_from_url(url){
if(!(url instanceof URL)) if(!(url instanceof URL))
url = new URL(url); url = new URL(url);
if(url.protocol == 'file:'){ if(url.protocol == 'file:'){

View File

@ -57,7 +57,7 @@ class Package {
logger.debug(`Downloading package from ${this.download_url} in to ${this.install_path}`); logger.debug(`Downloading package from ${this.download_url} in to ${this.install_path}`);
const pkgfile = helpers.url_basename(this.download_url); const pkgfile = helpers.url_basename(this.download_url);
const pkgpath = path.join(this.install_path, pkgfile); const pkgpath = path.join(this.install_path, pkgfile);
await helpers.buffer_from_u_r_l(this.download_url) await helpers.buffer_from_url(this.download_url)
.then(buf=> fs.write_file(pkgpath, buf)); .then(buf=> fs.write_file(pkgpath, buf));
logger.debug('Validating checksums'); logger.debug('Validating checksums');
@ -73,23 +73,25 @@ class Package {
await this.repo.import_keys(); await this.repo.import_keys();
logger.debug('Validating signatutes'); logger.debug('Validating signatutes');
await new Promise((resolve,reject)=>{ if(this.signature != "")
const gpgspawn = cp.spawn('gpg', ['--verify', '-', pkgpath], { await new Promise((resolve,reject)=>{
stdio: ['pipe', 'ignore', 'ignore'] const gpgspawn = cp.spawn('gpg', ['--verify', '-', pkgpath], {
stdio: ['pipe', 'ignore', 'ignore']
});
gpgspawn.once('exit', (code, _) => {
if(code == 0) resolve();
else reject(new Error('Invalid signature'));
});
gpgspawn.once('error', reject);
gpgspawn.stdin.write(this.signature);
gpgspawn.stdin.end();
}); });
else
gpgspawn.once('exit', (code, _) => { logger.warn("Package does not contain a signature - allowing install, but proceed with caution")
if(code == 0) resolve();
else reject(new Error('Invalid signature'));
});
gpgspawn.once('error', reject);
gpgspawn.stdin.write(this.signature);
gpgspawn.stdin.end();
});
logger.debug(`Extracting package files from archive ${pkgfile} in to ${this.install_path}`); logger.debug(`Extracting package files from archive ${pkgfile} in to ${this.install_path}`);
await new Promise((resolve, reject)=>{ await new Promise((resolve, reject)=>{

View File

@ -24,7 +24,7 @@ class Repository {
async load(){ async load(){
try{ try{
var index = await cache.get(this.cache_key,async ()=>{ var index = await cache.get(this.cache_key,async ()=>{
return helpers.buffer_from_u_r_l(this.url); return helpers.buffer_from_url(this.url);
}); });
var repo = yaml.load(index); var repo = yaml.load(index);