Re: [ease-dev] GSoC Signing Scripts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [ease-dev] GSoC Signing Scripts

From: Christian Pontesegger <christian.pontesegger@xxxxxx>
Date: Sat, 20 Aug 2016 21:54:46 +0200
Delivered-to: ease-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/ease-dev>
List-help: <mailto:ease-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/ease-dev>, <mailto:ease-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/ease-dev>, <mailto:ease-dev-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0

Hi Varun,

signature check belongs to the engine directly. I guess we discussedthat topic already some weeks ago. Think of a main script that iscorrectly signed. When you check that in the launcher you might thinkeverything is fine. Now that script includes a second source thatcontains unsigned code. It would load and execute it without checkingand without informing the user.

User popups would be something that needs to be registered to the enginedirectly which then could run the callback in case of a problem. Thesethings are not in place so far and I really doubt that they will beuntil pencils down by tomorrow.

Regarding your UI problem I would always use a treeviewer over a plaintree. However this is not a pressing topic anymore so we might skip itentirely.


Christian


On 08/20/2016 04:24 AM, Varun Raval wrote:

Hi Christian,
I uploaded the patchset [1] containing calls to SignatureCheck classfrom various script execution entry points.
Initially SignatureCheck class was in org.eclipse.ease.ui.launchingpackage.Since I was not able to call SignatureCheck class fromorg.eclipse.ease packages because of cycle of dependencies, I havekept it in org.eclipse.ease.sign.
Same is the reason for keeping IPreferenceConstants within samepackage, because we need to check for preferences from SignatureCheckclass.
SignatureCheck class was set since long and it is already merged.
The thing remaining was calls to it from script execution entry points.
We also need to show the info of certificates in case of invalid oruntrusted certificates asking user whether he trusts this certificatechain and giving user the option to execute or not.
I am using tree viewer for this.
In case of single certificate it is working fine.
But in case of multiple certificates, tree viewer is showing samecertificate in hierarchy. I have checked that certificates are storedproperly in the data structure that I have prepared, but still, treeviewer is not working.
See 197 line onwards in SignatureCheck class.

[1]: https://git.eclipse.org/r/#/c/79396/

Thanks,

Follow-Ups:
- Re: [ease-dev] GSoC Signing Scripts
  - From: Christian Pontesegger

References:
- [ease-dev] GSoC Signing Scripts
  - From: Christian Pontesegger
- Re: [ease-dev] GSoC Signing Scripts
  - From: Varun Raval

Prev by Date: Re: [ease-dev] GSoC Signing Scripts
Next by Date: Re: [ease-dev] GSoC Signing Scripts
Previous by thread: Re: [ease-dev] GSoC Signing Scripts
Next by thread: Re: [ease-dev] GSoC Signing Scripts
Index(es):
- Date
- Thread

Breadcrumbs