front_end_builds 0.1.3 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/controllers/front_end_builds/builds_controller.rb +1 -0
- data/app/models/front_end_builds/build.rb +11 -7
- data/app/models/front_end_builds/pubkey.rb +27 -2
- data/lib/front_end_builds/utils/ssh_pubkey_convert.rb +75 -73
- data/lib/front_end_builds/version.rb +1 -1
- metadata +10 -10
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1542985a803ac72002fd437fc975726ee7dac9cc
|
|
4
|
+
data.tar.gz: 2caa84a2a6c32e72ec08ff5273738778c809eaa1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1af52583c3a5ff0874f0033ca30bc1cfedce894a2d9eaeb9719bc766476c22aa4d47fab82f17c0d30844b9db872c7e28ec4087c49a4619af3748bbf226e4ab15
|
|
7
|
+
data.tar.gz: 9b3bc4d6543bfa161d35d1f130fcfb56fef52918a92f82b4d558ee5b4f866d84ee93b3a686acd21ef93cee77c46754a86129ba5b5f7ed167d8fd5bc3f833ce63
|
|
@@ -6,6 +6,7 @@ module FrontEndBuilds
|
|
|
6
6
|
attr_accessible :branch,
|
|
7
7
|
:sha,
|
|
8
8
|
:endpoint,
|
|
9
|
+
:html,
|
|
9
10
|
:signature
|
|
10
11
|
end
|
|
11
12
|
|
|
@@ -15,7 +16,6 @@ module FrontEndBuilds
|
|
|
15
16
|
validates :app, presence: true
|
|
16
17
|
validates :sha, presence: true
|
|
17
18
|
validates :branch, presence: true
|
|
18
|
-
validates :endpoint, presence: true
|
|
19
19
|
validates :signature, presence: true
|
|
20
20
|
|
|
21
21
|
scope :recent, -> { limit(10).order('created_at desc') }
|
|
@@ -23,9 +23,7 @@ module FrontEndBuilds
|
|
|
23
23
|
def self.find_best(params = {})
|
|
24
24
|
scope = self
|
|
25
25
|
|
|
26
|
-
query = {
|
|
27
|
-
fetched: true
|
|
28
|
-
}
|
|
26
|
+
query = { fetched: true }
|
|
29
27
|
|
|
30
28
|
if params[:app]
|
|
31
29
|
query[:app_id] = params[:app].id
|
|
@@ -81,7 +79,14 @@ module FrontEndBuilds
|
|
|
81
79
|
end
|
|
82
80
|
|
|
83
81
|
def setup!
|
|
84
|
-
|
|
82
|
+
# Fetching no longer makes senses since ember-cli-deploy will
|
|
83
|
+
# directly give the HTML to front end builds. However, in order
|
|
84
|
+
# to support old versions we're going to keep this around for
|
|
85
|
+
# a while.
|
|
86
|
+
fetch! if html.blank?
|
|
87
|
+
|
|
88
|
+
self.fetched = true
|
|
89
|
+
save
|
|
85
90
|
|
|
86
91
|
if automatic_activation? && master?
|
|
87
92
|
activate!
|
|
@@ -97,12 +102,11 @@ module FrontEndBuilds
|
|
|
97
102
|
end
|
|
98
103
|
|
|
99
104
|
def fetch!
|
|
100
|
-
return if fetched?
|
|
105
|
+
return if fetched? || endpoint.blank?
|
|
101
106
|
|
|
102
107
|
html = URI.parse(endpoint).read
|
|
103
108
|
|
|
104
109
|
self.html = html
|
|
105
|
-
self.fetched = true
|
|
106
110
|
save
|
|
107
111
|
end
|
|
108
112
|
|
|
@@ -50,9 +50,34 @@ module FrontEndBuilds
|
|
|
50
50
|
pkey = to_rsa_pkey
|
|
51
51
|
signature = Base64.decode64(build.signature)
|
|
52
52
|
digest = OpenSSL::Digest::SHA256.new
|
|
53
|
-
expected = "#{build.app.name}-#{build.endpoint}"
|
|
54
53
|
|
|
55
|
-
|
|
54
|
+
# If the user submits html were going to expect the
|
|
55
|
+
# signature to match the html they are submitting.
|
|
56
|
+
# However, if the user gives a url where we can download
|
|
57
|
+
# the html, we're going to expect the signature to match
|
|
58
|
+
# the app name and the url.
|
|
59
|
+
if build.endpoint.present?
|
|
60
|
+
expected = "#{build.app.name}-#{build.endpoint}"
|
|
61
|
+
else
|
|
62
|
+
expected = build.html
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
match = expected &&
|
|
66
|
+
signature &&
|
|
67
|
+
pkey.verify(digest, signature, expected)
|
|
68
|
+
# Bug in ruby's OpenSSL implementation.
|
|
69
|
+
# SSL connection with PostgreSQL can fail, after a call to
|
|
70
|
+
# OpenSSL::X509::Certificate#verify with result 'false'. Root cause is
|
|
71
|
+
# the thread local error queue of OpenSSL, that is used to transmit
|
|
72
|
+
# textual error messages to the application after a failed crypto
|
|
73
|
+
# operation. A failure in Certificate#verify leaves some messages on the
|
|
74
|
+
# error queue, which can lead to errors in a SSL communication of other
|
|
75
|
+
# parts of the application. The only solution at the moment is running:
|
|
76
|
+
# OpenSSL.errors.clear after certificate verifying. This clears OpenSSL
|
|
77
|
+
# errors array and keeps database connection alive.
|
|
78
|
+
# From https://bugs.ruby-lang.org/issues/7215
|
|
79
|
+
OpenSSL.errors.clear
|
|
80
|
+
match # return true/false
|
|
56
81
|
end
|
|
57
82
|
|
|
58
83
|
def last_build
|
|
@@ -4,88 +4,90 @@
|
|
|
4
4
|
# https://github.com/mytestbed/omf/blob/master/omf_common/lib/omf_common/auth/ssh_pub_key_convert.rb
|
|
5
5
|
#
|
|
6
6
|
|
|
7
|
-
module FrontEndBuilds
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
7
|
+
module FrontEndBuilds
|
|
8
|
+
module Utils
|
|
9
|
+
# Copyright (c) 2012 National ICT Australia Limited (NICTA).
|
|
10
|
+
# This software may be used and distributed solely under the terms of the MIT license (License).
|
|
11
|
+
# You should find a copy of the License in LICENSE.TXT or at http://opensource.org/licenses/MIT.
|
|
12
|
+
# By downloading or using this software you accept the terms and the liability disclaimer in the License.
|
|
12
13
|
|
|
13
|
-
|
|
14
|
-
|
|
14
|
+
require 'base64'
|
|
15
|
+
require 'openssl'
|
|
15
16
|
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
#
|
|
20
|
-
class SSHPubKeyConvert
|
|
21
|
-
# Unpack a 4-byte unsigned integer from the +bytes+ array.
|
|
17
|
+
# This file provides a converter that accepts an SSH public key string
|
|
18
|
+
# and converts it to an OpenSSL::PKey::RSA object for use in verifying
|
|
19
|
+
# received messages. (DSA support pending).
|
|
22
20
|
#
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
21
|
+
class SSHPubKeyConvert
|
|
22
|
+
# Unpack a 4-byte unsigned integer from the +bytes+ array.
|
|
23
|
+
#
|
|
24
|
+
# Returns a pair (+u32+, +bytes+), where +u32+ is the extracted
|
|
25
|
+
# unsigned integer, and +bytes+ is the remainder of the original
|
|
26
|
+
# +bytes+ array that follows +u32+.
|
|
27
|
+
#
|
|
28
|
+
def self.unpack_u32(bytes)
|
|
29
|
+
return bytes.unpack("N")[0], bytes[4..-1]
|
|
30
|
+
end
|
|
30
31
|
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
32
|
+
# Unpack a string from the +bytes+ array. Exactly +len+ bytes will
|
|
33
|
+
# be extracted.
|
|
34
|
+
#
|
|
35
|
+
# Returns a pair (+string+, +bytes+), where +string+ is the
|
|
36
|
+
# extracted string (of length +len+), and +bytes+ is the remainder
|
|
37
|
+
# of the original +bytes+ array that follows +string+.
|
|
38
|
+
#
|
|
39
|
+
def self.unpack_string(bytes, len)
|
|
40
|
+
return bytes.unpack("A#{len}")[0], bytes[len..-1]
|
|
41
|
+
end
|
|
41
42
|
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
43
|
+
# Convert a string in SSH public key format to a key object
|
|
44
|
+
# suitable for use with OpenSSL. If the key is an RSA key then an
|
|
45
|
+
# OpenSSL::PKey::RSA object is returned. If the key is a DSA key
|
|
46
|
+
# then an OpenSSL::PKey::DSA object is returned. In either case,
|
|
47
|
+
# the object returned is suitable for encrypting data or verifying
|
|
48
|
+
# signatures, but cannot be used for decrypting or signing.
|
|
49
|
+
#
|
|
50
|
+
# The +keystring+ should be a single line, as per an SSH public key
|
|
51
|
+
# file as generated by +ssh-keygen+, or a line from an SSH
|
|
52
|
+
# +authorized_keys+ file.
|
|
53
|
+
#
|
|
54
|
+
def self.convert(keystring)
|
|
55
|
+
(_, b64, _) = keystring.split(' ')
|
|
56
|
+
raise ArgumentError, "Invalid SSH public key '#{keystring}'" if b64.nil?
|
|
56
57
|
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
58
|
+
decoded_key = Base64.decode64(b64)
|
|
59
|
+
(n, bytes) = unpack_u32(decoded_key)
|
|
60
|
+
(keytype, bytes) = unpack_string(bytes, n)
|
|
60
61
|
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
62
|
+
if keytype == "ssh-rsa"
|
|
63
|
+
(n, bytes) = unpack_u32(bytes)
|
|
64
|
+
(estr, bytes) = unpack_string(bytes, n)
|
|
65
|
+
(n, bytes) = unpack_u32(bytes)
|
|
66
|
+
(nstr, bytes) = unpack_string(bytes, n)
|
|
66
67
|
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
68
|
+
key = OpenSSL::PKey::RSA.new
|
|
69
|
+
key.n = OpenSSL::BN.new(nstr, 2)
|
|
70
|
+
key.e = OpenSSL::BN.new(estr, 2)
|
|
71
|
+
key
|
|
72
|
+
elsif keytype == 'ssh-dss'
|
|
73
|
+
(n, bytes) = unpack_u32(bytes)
|
|
74
|
+
(pstr, bytes) = unpack_string(bytes, n)
|
|
75
|
+
(n, bytes) = unpack_u32(bytes)
|
|
76
|
+
(qstr, bytes) = unpack_string(bytes, n)
|
|
77
|
+
(n, bytes) = unpack_u32(bytes)
|
|
78
|
+
(gstr, bytes) = unpack_string(bytes, n)
|
|
79
|
+
(n, bytes) = unpack_u32(bytes)
|
|
80
|
+
(pkstr, bytes) = unpack_string(bytes, n)
|
|
80
81
|
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
82
|
+
key = OpenSSL::PKey::DSA.new
|
|
83
|
+
key.p = OpenSSL::BN.new(pstr, 2)
|
|
84
|
+
key.q = OpenSSL::BN.new(qstr, 2)
|
|
85
|
+
key.g = OpenSSL::BN.new(gstr, 2)
|
|
86
|
+
key.pub_key = OpenSSL::BN.new(pkstr, 2)
|
|
87
|
+
key
|
|
88
|
+
else
|
|
89
|
+
nil
|
|
90
|
+
end
|
|
89
91
|
end
|
|
90
92
|
end
|
|
91
93
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: front_end_builds
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ryan Toronto
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2015-
|
|
12
|
+
date: 2015-11-13 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: sqlite3
|
|
@@ -29,16 +29,16 @@ dependencies:
|
|
|
29
29
|
name: rspec-rails
|
|
30
30
|
requirement: !ruby/object:Gem::Requirement
|
|
31
31
|
requirements:
|
|
32
|
-
- -
|
|
32
|
+
- - '='
|
|
33
33
|
- !ruby/object:Gem::Version
|
|
34
|
-
version:
|
|
34
|
+
version: 3.1.0
|
|
35
35
|
type: :development
|
|
36
36
|
prerelease: false
|
|
37
37
|
version_requirements: !ruby/object:Gem::Requirement
|
|
38
38
|
requirements:
|
|
39
|
-
- -
|
|
39
|
+
- - '='
|
|
40
40
|
- !ruby/object:Gem::Version
|
|
41
|
-
version:
|
|
41
|
+
version: 3.1.0
|
|
42
42
|
- !ruby/object:Gem::Dependency
|
|
43
43
|
name: rspec-its
|
|
44
44
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -99,16 +99,16 @@ dependencies:
|
|
|
99
99
|
name: shoulda-matchers
|
|
100
100
|
requirement: !ruby/object:Gem::Requirement
|
|
101
101
|
requirements:
|
|
102
|
-
- -
|
|
102
|
+
- - '='
|
|
103
103
|
- !ruby/object:Gem::Version
|
|
104
|
-
version:
|
|
104
|
+
version: 2.7.0
|
|
105
105
|
type: :development
|
|
106
106
|
prerelease: false
|
|
107
107
|
version_requirements: !ruby/object:Gem::Requirement
|
|
108
108
|
requirements:
|
|
109
|
-
- -
|
|
109
|
+
- - '='
|
|
110
110
|
- !ruby/object:Gem::Version
|
|
111
|
-
version:
|
|
111
|
+
version: 2.7.0
|
|
112
112
|
- !ruby/object:Gem::Dependency
|
|
113
113
|
name: webmock
|
|
114
114
|
requirement: !ruby/object:Gem::Requirement
|