-
Notifications
You must be signed in to change notification settings - Fork 66
feat: add layer signature extraction support #1706
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: master
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
| @@ -1,24 +1,30 @@ | ||||||
| /* | ||||||
| * SPDX-FileCopyrightText: 2022 UnionTech Software Technology Co., Ltd. | ||||||
| * SPDX-FileCopyrightText: 2022 - 2026 UnionTech Software Technology Co., Ltd. | ||||||
| * | ||||||
| * SPDX-License-Identifier: LGPL-3.0-or-later | ||||||
| */ | ||||||
|
|
||||||
| #include "linglong/package/layer_packager.h" | ||||||
|
|
||||||
| #include "linglong/api/types/v1/Generators.hpp" | ||||||
|
Check warning on line 9 in libs/linglong/src/linglong/package/layer_packager.cpp
|
||||||
| #include "linglong/api/types/v1/LayerInfo.hpp" | ||||||
|
Check warning on line 10 in libs/linglong/src/linglong/package/layer_packager.cpp
|
||||||
| #include "linglong/common/error.h" | ||||||
|
Check warning on line 11 in libs/linglong/src/linglong/package/layer_packager.cpp
|
||||||
| #include "linglong/utils/cmd.h" | ||||||
|
Check warning on line 12 in libs/linglong/src/linglong/package/layer_packager.cpp
|
||||||
| #include "linglong/utils/file.h" | ||||||
|
Check warning on line 13 in libs/linglong/src/linglong/package/layer_packager.cpp
|
||||||
| #include "linglong/utils/finally/finally.h" | ||||||
| #include "linglong/utils/log/log.h" | ||||||
|
Check warning on line 15 in libs/linglong/src/linglong/package/layer_packager.cpp
|
||||||
|
|
||||||
|
Check warning on line 16 in libs/linglong/src/linglong/package/layer_packager.cpp
|
||||||
| #include <nlohmann/json.hpp> | ||||||
|
|
||||||
|
Check warning on line 18 in libs/linglong/src/linglong/package/layer_packager.cpp
|
||||||
| #include <QDataStream> | ||||||
|
Check warning on line 19 in libs/linglong/src/linglong/package/layer_packager.cpp
|
||||||
| #include <QSysInfo> | ||||||
|
Check warning on line 20 in libs/linglong/src/linglong/package/layer_packager.cpp
|
||||||
|
|
||||||
| #include <array> | ||||||
| #include <filesystem> | ||||||
| #include <fstream> | ||||||
| #include <string> | ||||||
|
|
||||||
| #include <fcntl.h> | ||||||
| #include <unistd.h> | ||||||
|
|
||||||
| namespace linglong::package { | ||||||
|
|
@@ -283,4 +289,109 @@ | |||||
| return utils::Cmd("erofsfuse").exists(); | ||||||
| } | ||||||
|
|
||||||
| utils::error::Result<void> LayerPackager::extractSignData(LayerFile &file, | ||||||
| const std::filesystem::path &signDir) | ||||||
| { | ||||||
| LINGLONG_TRACE("extract sign data from layer"); | ||||||
|
|
||||||
| const auto &number = magicNumber(); | ||||||
| file.seek(number.size()); | ||||||
|
|
||||||
| QDataStream metaLenStream(&file); | ||||||
| metaLenStream.setByteOrder(QDataStream::LittleEndian); | ||||||
| quint32 metaLen = 0; | ||||||
| metaLenStream >> metaLen; | ||||||
|
|
||||||
| auto metaRawData = file.read(metaLen); | ||||||
| auto metaJson = nlohmann::json::parse(metaRawData.toStdString()); | ||||||
| auto erofsSize = metaJson.value("erofs_size", 0ULL); | ||||||
| auto signSize = metaJson.value("sign_size", 0ULL); | ||||||
|
|
||||||
| if (signSize == 0) { | ||||||
| return LINGLONG_OK; | ||||||
| } | ||||||
|
|
||||||
| auto signOffset = static_cast<int64_t>(number.size() + sizeof(quint32) + metaLen + erofsSize); | ||||||
|
|
||||||
| std::error_code ec; | ||||||
| auto destination = signDir / "entries" / "share" / "deepin-elf-verify" / ".elfsign"; | ||||||
| if (!std::filesystem::create_directories(destination, ec) && ec) { | ||||||
| return LINGLONG_ERR(ec.message().c_str()); | ||||||
| } | ||||||
|
|
||||||
| auto tarFile = destination / "sign.tar"; | ||||||
| auto tarFd = ::open(tarFile.c_str(), O_WRONLY | O_CREAT | O_TRUNC, 0644); | ||||||
| if (tarFd == -1) { | ||||||
| return LINGLONG_ERR( | ||||||
| fmt::format("open {} failed: {}", tarFile.string(), common::error::errorString(errno))); | ||||||
| } | ||||||
|
|
||||||
| auto removeTar = utils::finally::finally([&tarFd, &tarFile] { | ||||||
| if (tarFd != -1) { | ||||||
| ::close(tarFd); | ||||||
| } | ||||||
|
|
||||||
| std::error_code ec; | ||||||
| if (!std::filesystem::remove(tarFile, ec) && ec) { | ||||||
| LogW("failed to remove {}: {}", tarFile.string(), ec.message()); | ||||||
| } | ||||||
| }); | ||||||
|
|
||||||
| file.seek(signOffset); | ||||||
| auto selfFd = file.handle(); | ||||||
|
|
||||||
| auto totalBytes = signSize; | ||||||
| std::array<unsigned char, 4096> buf{}; | ||||||
| while (totalBytes > 0) { | ||||||
| auto bytesToRead = totalBytes > buf.size() ? buf.size() : totalBytes; | ||||||
| auto readBytes = ::read(selfFd, buf.data(), bytesToRead); | ||||||
| if (readBytes == -1) { | ||||||
| if (errno == EINTR) { | ||||||
| errno = 0; | ||||||
| continue; | ||||||
| } | ||||||
| return LINGLONG_ERR( | ||||||
| fmt::format("read sign data error: {}", common::error::errorString(errno))); | ||||||
| } | ||||||
|
Comment on lines
+347
to
+355
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. If the layer file is truncated or corrupted such that the actual signature data is smaller than To fix this, explicitly check for auto readBytes = ::read(selfFd, buf.data(), bytesToRead);
if (readBytes == 0) {
return LINGLONG_ERR("unexpected EOF while reading signature data");
}
if (readBytes == -1) {
if (errno == EINTR) {
errno = 0;
continue;
}
return LINGLONG_ERR(
fmt::format("read sign data error: {}", common::error::errorString(errno)));
} |
||||||
|
|
||||||
| while (true) { | ||||||
| auto writeBytes = ::write(tarFd, buf.data(), readBytes); | ||||||
| if (writeBytes == -1) { | ||||||
| if (errno == EINTR) { | ||||||
| errno = 0; | ||||||
| continue; | ||||||
| } | ||||||
| return LINGLONG_ERR( | ||||||
| fmt::format("write sign.tar error: {}", common::error::errorString(errno))); | ||||||
| } | ||||||
|
|
||||||
| if (writeBytes != readBytes) { | ||||||
| return LINGLONG_ERR("write sign.tar failed: byte mismatch"); | ||||||
| } | ||||||
|
|
||||||
| totalBytes -= writeBytes; | ||||||
| break; | ||||||
| } | ||||||
| } | ||||||
|
|
||||||
| if (::fsync(tarFd) == -1) { | ||||||
| return LINGLONG_ERR( | ||||||
| fmt::format("fsync sign.tar error: {}", common::error::errorString(errno))); | ||||||
| } | ||||||
|
|
||||||
| if (::close(tarFd) == -1) { | ||||||
| tarFd = -1; | ||||||
| return LINGLONG_ERR( | ||||||
| fmt::format("failed to close tar: {}", common::error::errorString(errno))); | ||||||
| } | ||||||
| tarFd = -1; | ||||||
|
|
||||||
| auto ret = utils::Cmd("tar").exec({ "-xf", tarFile.string(), "-C", destination.string() }); | ||||||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Extracting an untrusted tarball ( To mitigate this, pass
Suggested change
|
||||||
| if (!ret) { | ||||||
| return LINGLONG_ERR(ret); | ||||||
| } | ||||||
|
|
||||||
| return LINGLONG_OK; | ||||||
| } | ||||||
|
|
||||||
| } // namespace linglong::package | ||||||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nlohmann::json::parsethrows aparse_errorexception if the input is not valid JSON. SincemetaRawDatacomes from an external file on disk, a corrupted or maliciously crafted layer file could crash the daemon.Use the non-throwing overload of
parseby passingfalseforallow_exceptions, and verify that the parsed JSON is indeed an object before accessing its keys.