GithubHelp home page GithubHelp logo

hughsie / libjcat Goto Github PK

View Code? Open in Web Editor NEW
23.0 23.0 8.0 368 KB

Library for reading and writing Jcat files

License: GNU Lesser General Public License v2.1

Shell 0.56% Python 3.77% Meson 5.77% C 89.67% Roff 0.24%

libjcat's People

Contributors

eli-schwartz avatar fd00 avatar hughsie avatar jtojnar avatar rascalking avatar smcv avatar superm1 avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar

Forkers

maffblaster smcv jtojnar 3mdeb eli-schwartz kccqzy superm1

libjcat's Issues

jcat-tool unable to do checksum signing?

Hi, it looks like the "let's create a jcat file with a single checksum" sample from the README doesn't work with jcat-tool v0.1.4:

ubuntu@foo:~/tmp$ jcat-tool --version
libjcat 0.1.4
ubuntu@foo:~/tmp$ jcat-tool sign test.jcat firmware.bin sha256
Invalid arguments, expected FILENAME SOURCE CERT PRIVKEY

Usage:
<SNIP>

Installed tests fail 

Jcat:ERROR:../libjcat/jcat-self-test.c:221:jcat_sha1_engine_func: assertion failed (error == NULL): Failed to open file ?/build/source/data/tests/colorhug/firmware.bin?: No such file or directory (g-file-error-quark, 4)
Bail out! Jcat:ERROR:../libjcat/jcat-self-test.c:221:jcat_sha1_engine_func: assertion failed (error == NULL): Failed to open file ?/build/source/data/tests/colorhug/firmware.bin?: No such file or directory (g-file-error-quark, 4)

jcat validation fails due to "unsupported" sha1 and sha256 check

Describe the bug
jcat-tool verify fails due to sha1: verifying data is not supported

Steps to Reproduce

  1. wget wget https://fwupd.org/downloads/firmware.xml.gz
  2. wget https://fwupd.org/downloads/firmware.xml.gz.jcat
  3. Change alias metadata name to ID name:
mv firmware.xml.gz firmware-01310-stable.xml.gz
  1. Try to verify metadata:
$jcat-tool verify -v firmware.xml.gz.jcat --public-keys /etc/pki/fwupd
(jcat-tool:82699): GLib-GIO-DEBUG: 22:07:08.728: _g_io_module_get_default: Found default implementation gvfs (GDaemonVfs) for ‘gio-vfs’
firmware-01310-stable.xml.gz:
(jcat-tool:82699): Jcat-DEBUG: 22:07:08.730: reading ./firmware-01310-stable.xml.gz with 479016 bytes
    FAILED sha1: verifying data is not supported
    FAILED sha256: verifying data is not supported
(jcat-tool:82699): Jcat-DEBUG: 22:07:08.730: ignoring GPG-KEY-Linux-Vendor-Firmware-Service as not PKCS-7 certificate
(jcat-tool:82699): Jcat-DEBUG: 22:07:08.730: ignoring GPG-KEY-Linux-Foundation-Firmware as not PKCS-7 certificate
(jcat-tool:82699): Jcat-DEBUG: 22:07:08.730: trying to load certificate from /etc/pki/fwupd/LVFS-CA.pem
(jcat-tool:82699): Jcat-DEBUG: 22:07:08.730: reading /etc/pki/fwupd/LVFS-CA.pem with 1679 bytes
(jcat-tool:82699): Jcat-DEBUG: 22:07:08.731: loaded 1 certificates
(jcat-tool:82699): Jcat-DEBUG: 22:07:08.731: ignoring GPG-KEY-Hughski-Limited as not PKCS-7 certificate
(jcat-tool:82699): Jcat-DEBUG: 22:07:08.731: got 1 PKCS7 signatures
    PASSED pkcs7: O=Linux Vendor Firmware Project,CN=LVFS CA
(jcat-tool:82699): Jcat-DEBUG: 22:07:08.737: using gpgme v1.13.1-unknown
(jcat-tool:82699): Jcat-DEBUG: 22:07:08.761: Using engine at /home/nkaminski/.local/share/libjcat/gnupg
(jcat-tool:82699): Jcat-DEBUG: 22:07:08.768: Adding GnuPG public key /etc/pki/fwupd/GPG-KEY-Linux-Vendor-Firmware-Service
(jcat-tool:82699): Jcat-DEBUG: 22:07:08.780: importing key 3FC6B804410ED0840D8F2F9748A6D80E4538BAC2 [0] Success
(jcat-tool:82699): Jcat-DEBUG: 22:07:08.780: Adding GnuPG public key /etc/pki/fwupd/GPG-KEY-Linux-Foundation-Firmware
(jcat-tool:82699): Jcat-DEBUG: 22:07:08.792: importing key F2F0325648E1AE4956710198C6361787A0A849E1 [0] Success
(jcat-tool:82699): Jcat-DEBUG: 22:07:08.792: ignoring LVFS-CA.pem as not GPG public key
(jcat-tool:82699): Jcat-DEBUG: 22:07:08.792: Adding GnuPG public key /etc/pki/fwupd/GPG-KEY-Hughski-Limited
(jcat-tool:82699): Jcat-DEBUG: 22:07:08.803: importing key 7E5439F64986F7A9E973809BAD8A528FEC44881E [0] Success
(jcat-tool:82699): Jcat-DEBUG: 22:07:08.814: returned signature fingerprint 3FC6B804410ED0840D8F2F9748A6D80E4538BAC2
    PASSED gpg: 3FC6B804410ED0840D8F2F9748A6D80E4538BAC2
    FAILED: Validation failed
Validation failed

Expected behavior
jcat-tool should check sha1 and sha256, as it is presented in the README.md.

jcat version information
Fedora 32: 0.1.5 (dnf Updates Testing and package built from master),
Ubuntu 20.04: 0.1.0 (apt)

Meson tests pass.

jcat-tool does not check the AliasId during the validation

Describe the bug
jcat-tool verify does not validate the file named as AliasId. It's needed to change the file name to ID.

Steps to Reproduce

  1. wget wget https://fwupd.org/downloads/firmware.xml.gz
  2. wget https://fwupd.org/downloads/firmware.xml.gz.jcat
  3. jcat-tool verify -v firmware.xml.gz.jcat --public-keys /etc/pki/fwupd
$ jcat-tool verify -v firmware.xml.gz.jcat --public-keys /etc/pki/fwupd
(jcat-tool:86530): GLib-GIO-DEBUG: 22:47:11.296: _g_io_module_get_default: Found default implementation gvfs (GDaemonVfs) for ‘gio-vfs’
firmware-01310-stable.xml.gz:
    FAILED: Failed to open file “./firmware-01310-stable.xml.gz”: No such file or directory
Validation failed

jcat info:

JcatFile:
  Version:               0.1
  JcatItem:
    ID:                  firmware-01310-stable.xml.gz
    AliasId:             firmware.xml.gz
    JcatBlob:
      Kind:              sha1
      Flags:             is-utf8
      Timestamp:         2021-01-13T09:36:07Z
      Size:              0x28
      Data:              e48d8fff38d7ae4d71f23cf7df3796b547a5db94
    JcatBlob:
      Kind:              sha256
      Flags:             is-utf8
      Timestamp:         2021-01-13T09:36:07Z
      Size:              0x40
      Data:              500b7b495b54af762edd9e02c550540c2c0b73821ca576c6a98420ff55cf5524
    JcatBlob:
      Kind:              pkcs7
      Flags:             is-utf8
      Timestamp:         2021-01-13T09:36:07Z
      Size:              0x8c0
      Data:              -----BEGIN PKCS7-----
                         MIIGUgYJKoZIhvcNAQcCoIIGQzCCBj8CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
                         hvcNAQcBoIIEOjCCBDYwggKeoAMCAQICDFprhisibP88kP07YjANBgkqhkiG9w0B
[...]
                         WqpvPqXiEFxtwS2rAiqSsPQIg9SOVg4Y3oW9NBTMuw4tUxuMGvmhIoQur50ReT/p
                         lc1waTFmozFKyvbkHi5dbIvn3wNRUFERGlSla1Oq8LdsenKyrfGZc6yOf6ERH8ct
                         mOerswrj7ttfejcWvbsTzhKh6Q4kwn1kFbPNw/nQMVBwm5F/LJM=
                         -----END PKCS7-----
 
    JcatBlob:
      Kind:              gpg
      Flags:             is-utf8
      Timestamp:         2021-01-13T09:36:07Z
      Size:              0x1e8
      Data:              -----BEGIN PGP SIGNATURE-----
 
                         iQEzBAABCAAdFiEEP8a4BEEO0IQNjy+XSKbYDkU4usIFAl/+vwcACgkQSKbYDkU4
[...]
                         lwdAMiN33i2qjuoZW054RyLQRWt8ZA==
                         =yARu
                         -----END PGP SIGNATURE-----

Expected behavior

jcat-tool should find and validate file named as AliasId.

jcat version information
Fedora 32: 0.1.5 (dnf Updates Testing and package built from master)
Fedora 32: 0.1.2 (dnf)

Decrease meson version

In d6dc3e9 the meson version was bumped to 0.52. This has broken LGTM CI on fwupd since it only has meson 0.51.2. Can it be bumped down back to 0.51 instead?

Build-time tests fail if /etc/machine-id doesn't exist

The build-time tests assume they can sign /etc/machine-id, but distro packages are sometimes built in a minimal chroot/container that doesn't have any init system or related packages (systemd or otherwise), so nothing creates a machine ID there.

Patch on the way.

tag 0.1.2?

Rather than distros cherry pick the security patch, I think it would be good to spin a new release soon.

Change binary name

It seems that at least in Debian and Ubuntu there is a package called sleuthkit that provides the binary jcat. Would you consider renaming it to jcat-tool, or json-catalog (or anything else similar)?

Otherwise it's going to mean having to have a conflicts relationship to sleuthkit so people can never install them side by side.

Darwin build fails

On Darwin the build still fails:

[21/39] Generating jcat_mapfile with a custom command..
FAILED: libjcat/jcat.map
/private/tmp/nix-build-libjcat-0.1.0.drv-0/source/contrib/generate-version-script.py LIBJCAT libjcat/Jcat-1.0.gir libjcat/jcat.map
/private/tmp/nix-build-libjcat-0.1.0.drv-0/source/contrib/generate-version-script.py: line 8: import: command not found
/private/tmp/nix-build-libjcat-0.1.0.drv-0/source/contrib/generate-version-script.py: line 9: import: command not found
/private/tmp/nix-build-libjcat-0.1.0.drv-0/source/contrib/generate-version-script.py: line 11: from: command not found
/private/tmp/nix-build-libjcat-0.1.0.drv-0/source/contrib/generate-version-script.py: line 13: XMLNS: command not found
/private/tmp/nix-build-libjcat-0.1.0.drv-0/source/contrib/generate-version-script.py: line 14: XMLNS_C: command not found
/private/tmp/nix-build-libjcat-0.1.0.drv-0/source/contrib/generate-version-script.py: line 16: syntax error near unexpected token `('
/private/tmp/nix-build-libjcat-0.1.0.drv-0/source/contrib/generate-version-script.py: line 16: `def usage(return_code):'
ninja: build stopped: subcommand failed.

Full log https://logs.nix.ci/?key=nixos/nixpkgs.83755&attempt_id=6e5d7606-89b1-415f-8201-73c9572e8bc5 (might disappear)
Downstream PR: NixOS/nixpkgs#83755

gzipping overhead

How serious is the problem that gzip is trying to solve?

I see that JSON tools don't really see gzip compression as something that belongs to the ecosystem
jqlang/jq#968

Windows unicode rendering issue

I remember we had this happening on fwupd too.

$ wine jcat-tool.exe 
Command not found

Usage:
  jcat-tool.exe [OPTION…]

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.