front_end_builds 0.1.3 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/controllers/front_end_builds/builds_controller.rb +1 -0
- data/app/models/front_end_builds/build.rb +11 -7
- data/app/models/front_end_builds/pubkey.rb +27 -2
- data/lib/front_end_builds/utils/ssh_pubkey_convert.rb +75 -73
- data/lib/front_end_builds/version.rb +1 -1
- metadata +10 -10
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1542985a803ac72002fd437fc975726ee7dac9cc
|
|
4
|
+
data.tar.gz: 2caa84a2a6c32e72ec08ff5273738778c809eaa1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1af52583c3a5ff0874f0033ca30bc1cfedce894a2d9eaeb9719bc766476c22aa4d47fab82f17c0d30844b9db872c7e28ec4087c49a4619af3748bbf226e4ab15
|
|
7
|
+
data.tar.gz: 9b3bc4d6543bfa161d35d1f130fcfb56fef52918a92f82b4d558ee5b4f866d84ee93b3a686acd21ef93cee77c46754a86129ba5b5f7ed167d8fd5bc3f833ce63
|
|
@@ -6,6 +6,7 @@ module FrontEndBuilds
|
|
|
6
6
|
attr_accessible :branch,
|
|
7
7
|
:sha,
|
|
8
8
|
:endpoint,
|
|
9
|
+
:html,
|
|
9
10
|
:signature
|
|
10
11
|
end
|
|
11
12
|
|
|
@@ -15,7 +16,6 @@ module FrontEndBuilds
|
|
|
15
16
|
validates :app, presence: true
|
|
16
17
|
validates :sha, presence: true
|
|
17
18
|
validates :branch, presence: true
|
|
18
|
-
validates :endpoint, presence: true
|
|
19
19
|
validates :signature, presence: true
|
|
20
20
|
|
|
21
21
|
scope :recent, -> { limit(10).order('created_at desc') }
|
|
@@ -23,9 +23,7 @@ module FrontEndBuilds
|
|
|
23
23
|
def self.find_best(params = {})
|
|
24
24
|
scope = self
|
|
25
25
|
|
|
26
|
-
query = {
|
|
27
|
-
fetched: true
|
|
28
|
-
}
|
|
26
|
+
query = { fetched: true }
|
|
29
27
|
|
|
30
28
|
if params[:app]
|
|
31
29
|
query[:app_id] = params[:app].id
|
|
@@ -81,7 +79,14 @@ module FrontEndBuilds
|
|
|
81
79
|
end
|
|
82
80
|
|
|
83
81
|
def setup!
|
|
84
|
-
|
|
82
|
+
# Fetching no longer makes senses since ember-cli-deploy will
|
|
83
|
+
# directly give the HTML to front end builds. However, in order
|
|
84
|
+
# to support old versions we're going to keep this around for
|
|
85
|
+
# a while.
|
|
86
|
+
fetch! if html.blank?
|
|
87
|
+
|
|
88
|
+
self.fetched = true
|
|
89
|
+
save
|
|
85
90
|
|
|
86
91
|
if automatic_activation? && master?
|
|
87
92
|
activate!
|
|
@@ -97,12 +102,11 @@ module FrontEndBuilds
|
|
|
97
102
|
end
|
|
98
103
|
|
|
99
104
|
def fetch!
|
|
100
|
-
return if fetched?
|
|
105
|
+
return if fetched? || endpoint.blank?
|
|
101
106
|
|
|
102
107
|
html = URI.parse(endpoint).read
|
|
103
108
|
|
|
104
109
|
self.html = html
|
|
105
|
-
self.fetched = true
|
|
106
110
|
save
|
|
107
111
|
end
|
|
108
112
|
|
|
@@ -50,9 +50,34 @@ module FrontEndBuilds
|
|
|
50
50
|
pkey = to_rsa_pkey
|
|
51
51
|
signature = Base64.decode64(build.signature)
|
|
52
52
|
digest = OpenSSL::Digest::SHA256.new
|
|
53
|
-
expected = "#{build.app.name}-#{build.endpoint}"
|
|
54
53
|
|
|
55
|
-
|
|
54
|
+
# If the user submits html were going to expect the
|
|
55
|
+
# signature to match the html they are submitting.
|
|
56
|
+
# However, if the user gives a url where we can download
|
|
57
|
+
# the html, we're going to expect the signature to match
|
|
58
|
+
# the app name and the url.
|
|
59
|
+
if build.endpoint.present?
|
|
60
|
+
expected = "#{build.app.name}-#{build.endpoint}"
|
|
61
|
+
else
|
|
62
|
+
expected = build.html
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
match = expected &&
|
|
66
|
+
signature &&
|
|
67
|
+
pkey.verify(digest, signature, expected)
|
|
68
|
+
# Bug in ruby's OpenSSL implementation.
|
|
69
|
+
# SSL connection with PostgreSQL can fail, after a call to
|
|
70
|
+
# OpenSSL::X509::Certificate#verify with result 'false'. Root cause is
|
|
71
|
+
# the thread local error queue of OpenSSL, that is used to transmit
|
|
72
|
+
# textual error messages to the application after a failed crypto
|
|
73
|
+
# operation. A failure in Certificate#verify leaves some messages on the
|
|
74
|
+
# error queue, which can lead to errors in a SSL communication of other
|
|
75
|
+
# parts of the application. The only solution at the moment is running:
|
|
76
|
+
# OpenSSL.errors.clear after certificate verifying. This clears OpenSSL
|
|
77
|
+
# errors array and keeps database connection alive.
|
|
78
|
+
# From https://bugs.ruby-lang.org/issues/7215
|
|
79
|
+
OpenSSL.errors.clear
|
|
80
|
+
match # return true/false
|
|
56
81
|
end
|
|
57
82
|
|
|
58
83
|
def last_build
|
|
@@ -4,88 +4,90 @@
|
|
|
4
4
|
# https://github.com/mytestbed/omf/blob/master/omf_common/lib/omf_common/auth/ssh_pub_key_convert.rb
|
|
5
5
|
#
|
|
6
6
|
|
|
7
|
-
module FrontEndBuilds
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
7
|
+
module FrontEndBuilds
|
|
8
|
+
module Utils
|
|
9
|
+
# Copyright (c) 2012 National ICT Australia Limited (NICTA).
|
|
10
|
+
# This software may be used and distributed solely under the terms of the MIT license (License).
|
|
11
|
+
# You should find a copy of the License in LICENSE.TXT or at http://opensource.org/licenses/MIT.
|
|
12
|
+
# By downloading or using this software you accept the terms and the liability disclaimer in the License.
|
|
12
13
|
|
|
13
|
-
|
|
14
|
-
|
|
14
|
+
require 'base64'
|
|
15
|
+
require 'openssl'
|
|
15
16
|
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
#
|
|
20
|
-
class SSHPubKeyConvert
|
|
21
|
-
# Unpack a 4-byte unsigned integer from the +bytes+ array.
|
|
17
|
+
# This file provides a converter that accepts an SSH public key string
|
|
18
|
+
# and converts it to an OpenSSL::PKey::RSA object for use in verifying
|
|
19
|
+
# received messages. (DSA support pending).
|
|
22
20
|
#
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
21
|
+
class SSHPubKeyConvert
|
|
22
|
+
# Unpack a 4-byte unsigned integer from the +bytes+ array.
|
|
23
|
+
#
|
|
24
|
+
# Returns a pair (+u32+, +bytes+), where +u32+ is the extracted
|
|
25
|
+
# unsigned integer, and +bytes+ is the remainder of the original
|
|
26
|
+
# +bytes+ array that follows +u32+.
|
|
27
|
+
#
|
|
28
|
+
def self.unpack_u32(bytes)
|
|
29
|
+
return bytes.unpack("N")[0], bytes[4..-1]
|
|
30
|
+
end
|
|
30
31
|
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
32
|
+
# Unpack a string from the +bytes+ array. Exactly +len+ bytes will
|
|
33
|
+
# be extracted.
|
|
34
|
+
#
|
|
35
|
+
# Returns a pair (+string+, +bytes+), where +string+ is the
|
|
36
|
+
# extracted string (of length +len+), and +bytes+ is the remainder
|
|
37
|
+
# of the original +bytes+ array that follows +string+.
|
|
38
|
+
#
|
|
39
|
+
def self.unpack_string(bytes, len)
|
|
40
|
+
return bytes.unpack("A#{len}")[0], bytes[len..-1]
|
|
41
|
+
end
|
|
41
42
|
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
43
|
+
# Convert a string in SSH public key format to a key object
|
|
44
|
+
# suitable for use with OpenSSL. If the key is an RSA key then an
|
|
45
|
+
# OpenSSL::PKey::RSA object is returned. If the key is a DSA key
|
|
46
|
+
# then an OpenSSL::PKey::DSA object is returned. In either case,
|
|
47
|
+
# the object returned is suitable for encrypting data or verifying
|
|
48
|
+
# signatures, but cannot be used for decrypting or signing.
|
|
49
|
+
#
|
|
50
|
+
# The +keystring+ should be a single line, as per an SSH public key
|
|
51
|
+
# file as generated by +ssh-keygen+, or a line from an SSH
|
|
52
|
+
# +authorized_keys+ file.
|
|
53
|
+
#
|
|
54
|
+
def self.convert(keystring)
|
|
55
|
+
(_, b64, _) = keystring.split(' ')
|
|
56
|
+
raise ArgumentError, "Invalid SSH public key '#{keystring}'" if b64.nil?
|
|
56
57
|
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
58
|
+
decoded_key = Base64.decode64(b64)
|
|
59
|
+
(n, bytes) = unpack_u32(decoded_key)
|
|
60
|
+
(keytype, bytes) = unpack_string(bytes, n)
|
|
60
61
|
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
62
|
+
if keytype == "ssh-rsa"
|
|
63
|
+
(n, bytes) = unpack_u32(bytes)
|
|
64
|
+
(estr, bytes) = unpack_string(bytes, n)
|
|
65
|
+
(n, bytes) = unpack_u32(bytes)
|
|
66
|
+
(nstr, bytes) = unpack_string(bytes, n)
|
|
66
67
|
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
68
|
+
key = OpenSSL::PKey::RSA.new
|
|
69
|
+
key.n = OpenSSL::BN.new(nstr, 2)
|
|
70
|
+
key.e = OpenSSL::BN.new(estr, 2)
|
|
71
|
+
key
|
|
72
|
+
elsif keytype == 'ssh-dss'
|
|
73
|
+
(n, bytes) = unpack_u32(bytes)
|
|
74
|
+
(pstr, bytes) = unpack_string(bytes, n)
|
|
75
|
+
(n, bytes) = unpack_u32(bytes)
|
|
76
|
+
(qstr, bytes) = unpack_string(bytes, n)
|
|
77
|
+
(n, bytes) = unpack_u32(bytes)
|
|
78
|
+
(gstr, bytes) = unpack_string(bytes, n)
|
|
79
|
+
(n, bytes) = unpack_u32(bytes)
|
|
80
|
+
(pkstr, bytes) = unpack_string(bytes, n)
|
|
80
81
|
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
82
|
+
key = OpenSSL::PKey::DSA.new
|
|
83
|
+
key.p = OpenSSL::BN.new(pstr, 2)
|
|
84
|
+
key.q = OpenSSL::BN.new(qstr, 2)
|
|
85
|
+
key.g = OpenSSL::BN.new(gstr, 2)
|
|
86
|
+
key.pub_key = OpenSSL::BN.new(pkstr, 2)
|
|
87
|
+
key
|
|
88
|
+
else
|
|
89
|
+
nil
|
|
90
|
+
end
|
|
89
91
|
end
|
|
90
92
|
end
|
|
91
93
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: front_end_builds
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ryan Toronto
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2015-
|
|
12
|
+
date: 2015-11-13 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: sqlite3
|
|
@@ -29,16 +29,16 @@ dependencies:
|
|
|
29
29
|
name: rspec-rails
|
|
30
30
|
requirement: !ruby/object:Gem::Requirement
|
|
31
31
|
requirements:
|
|
32
|
-
- -
|
|
32
|
+
- - '='
|
|
33
33
|
- !ruby/object:Gem::Version
|
|
34
|
-
version:
|
|
34
|
+
version: 3.1.0
|
|
35
35
|
type: :development
|
|
36
36
|
prerelease: false
|
|
37
37
|
version_requirements: !ruby/object:Gem::Requirement
|
|
38
38
|
requirements:
|
|
39
|
-
- -
|
|
39
|
+
- - '='
|
|
40
40
|
- !ruby/object:Gem::Version
|
|
41
|
-
version:
|
|
41
|
+
version: 3.1.0
|
|
42
42
|
- !ruby/object:Gem::Dependency
|
|
43
43
|
name: rspec-its
|
|
44
44
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -99,16 +99,16 @@ dependencies:
|
|
|
99
99
|
name: shoulda-matchers
|
|
100
100
|
requirement: !ruby/object:Gem::Requirement
|
|
101
101
|
requirements:
|
|
102
|
-
- -
|
|
102
|
+
- - '='
|
|
103
103
|
- !ruby/object:Gem::Version
|
|
104
|
-
version:
|
|
104
|
+
version: 2.7.0
|
|
105
105
|
type: :development
|
|
106
106
|
prerelease: false
|
|
107
107
|
version_requirements: !ruby/object:Gem::Requirement
|
|
108
108
|
requirements:
|
|
109
|
-
- -
|
|
109
|
+
- - '='
|
|
110
110
|
- !ruby/object:Gem::Version
|
|
111
|
-
version:
|
|
111
|
+
version: 2.7.0
|
|
112
112
|
- !ruby/object:Gem::Dependency
|
|
113
113
|
name: webmock
|
|
114
114
|
requirement: !ruby/object:Gem::Requirement
|