Validate archives after downloading them with separate fwup keys (#158)

nerves-hub · Mar 12, 2024 · bec959b · bec959b
1 parent 0fa048f
commit bec959b
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 2 deletions.
diff --git a/lib/nerves_hub_link/archive_manager.ex b/lib/nerves_hub_link/archive_manager.ex
@@ -22,6 +22,7 @@ defmodule NervesHubLink.ArchiveManager do
 
   @type t :: %__MODULE__{
           archive_info: nil | ArchiveInfo.t(),
+          archive_public_keys: [binary()],
           data_path: Path.t(),
           download: nil | GenServer.server(),
           file_path: Path.t(),
@@ -31,6 +32,7 @@ defmodule NervesHubLink.ArchiveManager do
         }
 
   defstruct archive_info: nil,
+            archive_public_keys: [],
             data_path: nil,
             download: nil,
             file_path: nil,
@@ -80,7 +82,12 @@ defmodule NervesHubLink.ArchiveManager do
 
   @impl GenServer
   def init(args) do
-    {:ok, %__MODULE__{data_path: args.data_path}}
+    state = %__MODULE__{
+      archive_public_keys: args.archive_public_keys,
+      data_path: args.data_path
+    }
+
+    {:ok, state}
   end
 
   @impl GenServer
@@ -114,7 +121,15 @@ defmodule NervesHubLink.ArchiveManager do
     _ = File.rm_rf(state.file_path)
     _ = File.rename(state.temp_file_path, state.file_path)
 
-    _ = Client.archive_ready(state.archive_info, state.file_path)
+    # validate the file
+
+    if valid_archive?(state.file_path, state.archive_public_keys) do
+      _ = Client.archive_ready(state.archive_info, state.file_path)
+    else
+      Logger.error(
+        "[NervesHubLink] Archive could not be validated, your public keys are configured wrong"
+      )
+    end
 
     {:noreply,
      %__MODULE__{
@@ -190,4 +205,17 @@ defmodule NervesHubLink.ArchiveManager do
 
     %{state | update_reschedule_timer: nil}
   end
+
+  def valid_archive?(file_path, public_keys) do
+    args = ["-V", "-i", file_path]
+
+    args =
+      Enum.reduce(public_keys, args, fn public_key, args ->
+        args ++ ["--public-key", public_key]
+      end)
+
+    {_output, exit_code} = System.cmd("fwup", args)
+
+    exit_code == 0
+  end
 end
diff --git a/lib/nerves_hub_link/configurator.ex b/lib/nerves_hub_link/configurator.ex
@@ -13,6 +13,7 @@ defmodule NervesHubLink.Configurator do
               device_api_port: 443,
               device_api_sni: nil,
               fwup_public_keys: [],
+              archive_public_keys: [],
               fwup_devpath: "/dev/mmcblk0",
               fwup_env: [],
               nerves_key: [],
@@ -28,6 +29,7 @@ defmodule NervesHubLink.Configurator do
             device_api_port: String.t(),
             device_api_sni: charlist(),
             fwup_public_keys: [binary()],
+            archive_public_keys: [binary()],
             fwup_devpath: Path.t(),
             fwup_env: [{String.t(), String.t()}],
             nerves_key: any(),
@@ -48,6 +50,7 @@ defmodule NervesHubLink.Configurator do
     |> do_build()
     |> add_socket_opts()
     |> add_fwup_public_keys()
+    |> add_archive_public_keys()
   end
 
   defp add_socket_opts(config) do
@@ -136,4 +139,16 @@ defmodule NervesHubLink.Configurator do
 
     %{config | fwup_public_keys: fwup_public_keys}
   end
+
+  defp add_archive_public_keys(config) do
+    archive_public_keys = for key <- config.archive_public_keys, is_binary(key), do: key
+
+    if archive_public_keys == [] do
+      Logger.error("No archive public keys were configured for nerves_hub_link.")
+      Logger.error("This means that archive signatures are not being checked.")
+      Logger.error("nerves_hub_link will fail to download archives.")
+    end
+
+    %{config | archive_public_keys: archive_public_keys}
+  end
 end