Revision 77916538
Added by Benoît PECCATTE over 7 years ago
rudder-agent/SOURCES/rudder-sign | ||
---|---|---|
exit 2
|
||
fi
|
||
|
||
VERSION="$2"
|
||
# default version is 1.0
|
||
# Versions 1.x are compatible
|
||
if [ "${VERSION}" = "" ]
|
||
then
|
||
VERSION="1.0"
|
||
fi
|
||
|
||
# the key to use for signature
|
||
PRIVKEY=/var/rudder/cfengine-community/ppkeys/localhost.priv
|
||
PRIVKEY="/var/rudder/cfengine-community/ppkeys/localhost.priv"
|
||
PUBKEY="/var/rudder/cfengine-community/ppkeys/localhost.pub"
|
||
|
||
# cfengine passphrase
|
||
PASSPHRASE="Cfengine passphrase"
|
||
... | ... | |
# Public key identifier (last 4 bytes of the modulus)
|
||
KEYID=`openssl rsa -passin "pass:${PASSPHRASE}" -in "${PRIVKEY}" -noout -modulus | sed 's/.*\(........\)$/\1/'`
|
||
|
||
# Create a signature FILE
|
||
cat > "${FILE}.sign" <<EOF
|
||
if [ "${VERSION}" = "1.0" ]
|
||
then
|
||
# Create a signature FILE
|
||
cat > "${FILE}.sign" <<EOF
|
||
header=rudder-signature-v1
|
||
algorithm=${HASH}
|
||
digest=${SIGNATURE}
|
||
... | ... | |
keyid=${KEYID}
|
||
EOF
|
||
|
||
elif [ "${VERSION}" = "1.1" ]
|
||
then
|
||
SHORT_PUBKEY=`sed '/---/d' "${PUBKEY}" | tr -d '\n'`
|
||
HASH_VALUE=`openssl "${HASH}" "${FILE}" | sed "s/${HASH}(.*)= *\\(.*\\)/\\1/i"`
|
||
# Create a signature FILE
|
||
cat > "${FILE}.sign" <<EOF
|
||
header=rudder-signature-v1
|
||
algorithm=${HASH}
|
||
digest=${SIGNATURE}
|
||
hash_value=${HASH_VALUE}
|
||
short_pubkey=${SHORT_PUBKEY}
|
||
hostname=${HOSTNAME}
|
||
keydate=${KEYDATE}
|
||
keyid=${KEYID}
|
||
EOF
|
||
|
||
else
|
||
echo "ERROR: Unsupported signature version ${VERSION}"
|
||
exit 1
|
||
|
||
fi
|
rudder-server-relay/SOURCES/relay-api/relay_api/shared_files.py | ||
---|---|---|
# Extract informations from header
|
||
def parse_header(header):
|
||
data = {}
|
||
for line in header.rstrip().split():
|
||
for line in header.rstrip().split("\n"):
|
||
m = re.match(r"(\w+)\s*=\s*(.*)", line)
|
||
if m:
|
||
data[m.group(1)] = m.group(2)
|
||
... | ... | |
|
||
# add headers
|
||
header += expiry_line(info)
|
||
header += "hash_value=" + message_hash + "\n"
|
||
# replace hash by a guaranteed one
|
||
header = re.sub(r'hash_value=.*?\n', "hash_value=" + message_hash + "\n", header)
|
||
|
||
# where to store file
|
||
path = file_directory(shared_path, nodes, my_uuid, target_uuid, source_uuid, file_id)
|
Also available in: Unified diff
Fixes #9996: Extend rudder-sign to add new information