2015-01-19 13:56:04 +03:00
/ * *
* Copyright ( c ) 2015 Lukas Reschke < lukas @ owncloud . com >
*
* This file is licensed under the Affero General Public License version 3
* or later .
*
* See the COPYING - README file .
*
* /
describe ( 'OC.SetupChecks tests' , function ( ) {
var suite = this ;
2015-03-03 15:59:03 +03:00
var protocolStub ;
2015-01-19 13:56:04 +03:00
beforeEach ( function ( ) {
2015-03-03 15:59:03 +03:00
protocolStub = sinon . stub ( OC , 'getProtocol' ) ;
2015-01-19 13:56:04 +03:00
suite . server = sinon . fakeServer . create ( ) ;
} ) ;
afterEach ( function ( ) {
suite . server . restore ( ) ;
2015-03-03 15:59:03 +03:00
protocolStub . restore ( ) ;
2015-01-19 13:56:04 +03:00
} ) ;
describe ( 'checkWebDAV' , function ( ) {
it ( 'should fail with another response status code than 201 or 207' , function ( done ) {
var async = OC . SetupChecks . checkWebDAV ( ) ;
suite . server . requests [ 0 ] . respond ( 200 ) ;
async . done ( function ( data , s , x ) {
2015-07-29 18:40:42 +03:00
expect ( data ) . toEqual ( [ {
2017-11-24 14:10:04 +03:00
msg : 'Your web server is not yet properly set up to allow file synchronization, because the WebDAV interface seems to be broken.' ,
2015-07-29 18:40:42 +03:00
type : OC . SetupChecks . MESSAGE _TYPE _ERROR
} ] ) ;
2015-03-03 15:59:03 +03:00
done ( ) ;
2015-01-19 13:56:04 +03:00
} ) ;
} ) ;
it ( 'should return no error with a response status code of 207' , function ( done ) {
var async = OC . SetupChecks . checkWebDAV ( ) ;
suite . server . requests [ 0 ] . respond ( 207 ) ;
async . done ( function ( data , s , x ) {
expect ( data ) . toEqual ( [ ] ) ;
2015-03-03 15:59:03 +03:00
done ( ) ;
2015-01-19 13:56:04 +03:00
} ) ;
} ) ;
it ( 'should return no error with a response status code of 401' , function ( done ) {
var async = OC . SetupChecks . checkWebDAV ( ) ;
suite . server . requests [ 0 ] . respond ( 401 ) ;
async . done ( function ( data , s , x ) {
expect ( data ) . toEqual ( [ ] ) ;
2015-03-03 15:59:03 +03:00
done ( ) ;
2015-01-19 13:56:04 +03:00
} ) ;
} ) ;
} ) ;
2016-01-09 00:32:11 +03:00
describe ( 'checkWellKnownUrl' , function ( ) {
it ( 'should fail with another response status code than 207' , function ( done ) {
2018-10-10 11:40:30 +03:00
var async = OC . SetupChecks . checkWellKnownUrl ( '/.well-known/caldav' , 'http://example.org/PLACEHOLDER' , true ) ;
2016-01-09 00:32:11 +03:00
suite . server . requests [ 0 ] . respond ( 200 ) ;
async . done ( function ( data , s , x ) {
expect ( data ) . toEqual ( [ {
2018-10-10 11:40:30 +03:00
msg : 'Your web server is not properly set up to resolve "/.well-known/caldav". Further information can be found in the <a href="http://example.org/admin-setup-well-known-URL" rel="noreferrer noopener">documentation</a>.' ,
2016-01-12 11:15:57 +03:00
type : OC . SetupChecks . MESSAGE _TYPE _INFO
2016-01-09 00:32:11 +03:00
} ] ) ;
done ( ) ;
} ) ;
} ) ;
it ( 'should return no error with a response status code of 207' , function ( done ) {
2018-10-10 11:40:30 +03:00
var async = OC . SetupChecks . checkWellKnownUrl ( '/.well-known/caldav' , 'http://example.org/PLACEHOLDER' , true ) ;
2016-01-09 00:32:11 +03:00
suite . server . requests [ 0 ] . respond ( 207 ) ;
async . done ( function ( data , s , x ) {
expect ( data ) . toEqual ( [ ] ) ;
done ( ) ;
} ) ;
} ) ;
2016-01-12 11:53:23 +03:00
it ( 'should return no error when no check should be run' , function ( done ) {
2018-10-10 11:40:30 +03:00
var async = OC . SetupChecks . checkWellKnownUrl ( '/.well-known/caldav' , 'http://example.org/PLACEHOLDER' , false ) ;
2016-01-12 11:53:23 +03:00
async . done ( function ( data , s , x ) {
expect ( data ) . toEqual ( [ ] ) ;
done ( ) ;
} ) ;
} ) ;
2016-01-09 00:32:11 +03:00
} ) ;
2016-02-01 20:14:10 +03:00
describe ( 'checkDataProtected' , function ( ) {
oc _dataURL = "data" ;
it ( 'should return an error if data directory is not protected' , function ( done ) {
var async = OC . SetupChecks . checkDataProtected ( ) ;
2016-12-05 19:09:23 +03:00
suite . server . requests [ 0 ] . respond ( 200 , { 'Content-Type' : 'text/plain' } , '' ) ;
2016-02-01 20:14:10 +03:00
async . done ( function ( data , s , x ) {
expect ( data ) . toEqual ( [
{
2017-11-24 14:10:04 +03:00
msg : 'Your data directory and files are probably accessible from the Internet. The .htaccess file is not working. It is strongly recommended that you configure your web server so that the data directory is no longer accessible, or move the data directory outside the web server document root.' ,
2016-02-01 20:14:10 +03:00
type : OC . SetupChecks . MESSAGE _TYPE _ERROR
} ] ) ;
done ( ) ;
} ) ;
} ) ;
it ( 'should not return an error if data directory is protected' , function ( done ) {
var async = OC . SetupChecks . checkDataProtected ( ) ;
suite . server . requests [ 0 ] . respond ( 403 ) ;
async . done ( function ( data , s , x ) {
expect ( data ) . toEqual ( [ ] ) ;
done ( ) ;
} ) ;
} ) ;
it ( 'should return an error if data directory is a boolean' , function ( done ) {
oc _dataURL = false ;
var async = OC . SetupChecks . checkDataProtected ( ) ;
async . done ( function ( data , s , x ) {
expect ( data ) . toEqual ( [ ] ) ;
done ( ) ;
} ) ;
} ) ;
} ) ;
2015-01-19 13:56:04 +03:00
describe ( 'checkSetup' , function ( ) {
it ( 'should return an error if server has no internet connection' , function ( done ) {
var async = OC . SetupChecks . checkSetup ( ) ;
suite . server . requests [ 0 ] . respond (
200 ,
{
'Content-Type' : 'application/json'
} ,
2015-07-25 21:18:32 +03:00
JSON . stringify ( {
isUrandomAvailable : true ,
serverHasInternetConnection : false ,
2017-08-01 12:16:04 +03:00
memcacheDocs : 'https://docs.nextcloud.com/server/go.php?to=admin-performance' ,
2015-10-02 17:17:56 +03:00
forwardedForHeadersWorking : true ,
isCorrectMemcachedPHPModuleInstalled : true ,
Add code integrity check
This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository.
Furthermore, there is a basic implementation to display problems with the code integrity on the update screen.
Code signing basically happens the following way:
- There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates.
- Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID.
- The command generates a signature.json file of the following format:
```json
{
"hashes": {
"/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d",
"/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9"
},
"certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----",
"signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl"
}
```
`hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`.
Steps to do in other PRs, this is already a quite huge one:
- Add nag screen in case the code check fails to ensure that administrators are aware of this.
- Add code verification also to OCC upgrade and unify display code more.
- Add enforced code verification to apps shipped from the appstore with a level of "official"
- Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release
- Add some developer documentation on how devs can request their own certificate
- Check when installing ownCloud
- Add support for CRLs to allow revoking certificates
**Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature:
```
➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt
Successfully signed "core"
```
Then increase the version and you should see something like the following:
![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png)
As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen.
For packaging stable releases this requires the following additional steps as a last action before zipping:
1. Run `./occ integrity:sign-core` once
2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
2015-11-03 22:26:06 +03:00
hasPassedCodeIntegrityCheck : true ,
2017-02-15 09:40:36 +03:00
isOpcacheProperlySetup : true ,
2017-12-13 14:53:12 +03:00
isSettimelimitAvailable : true ,
hasFreeTypeSupport : true
2015-07-25 21:18:32 +03:00
} )
2015-01-19 13:56:04 +03:00
) ;
async . done ( function ( data , s , x ) {
2015-07-29 17:41:22 +03:00
expect ( data ) . toEqual ( [
{
2017-11-24 14:10:04 +03:00
msg : 'This server has no working Internet connection: Multiple endpoints could not be reached. This means that some of the features like mounting external storage, notifications about updates or installation of third-party apps will not work. Accessing files remotely and sending of notification emails might not work, either. Establish a connection from this server to the Internet to enjoy all features.' ,
2015-07-29 18:40:42 +03:00
type : OC . SetupChecks . MESSAGE _TYPE _WARNING
} , {
2017-11-24 14:10:04 +03:00
msg : 'No memory cache has been configured. To enhance performance, please configure a memcache, if available. Further information can be found in the <a href="https://docs.nextcloud.com/server/go.php?to=admin-performance" rel="noreferrer noopener">documentation</a>.' ,
2015-07-29 17:41:22 +03:00
type : OC . SetupChecks . MESSAGE _TYPE _INFO
} ] ) ;
2015-03-03 15:59:03 +03:00
done ( ) ;
2015-01-19 13:56:04 +03:00
} ) ;
} ) ;
it ( 'should return an error if server has no internet connection and data directory is not protected' , function ( done ) {
var async = OC . SetupChecks . checkSetup ( ) ;
suite . server . requests [ 0 ] . respond (
200 ,
{
'Content-Type' : 'application/json'
} ,
2015-07-25 21:18:32 +03:00
JSON . stringify ( {
isUrandomAvailable : true ,
serverHasInternetConnection : false ,
2017-08-01 12:16:04 +03:00
memcacheDocs : 'https://docs.nextcloud.com/server/go.php?to=admin-performance' ,
2015-10-02 17:17:56 +03:00
forwardedForHeadersWorking : true ,
isCorrectMemcachedPHPModuleInstalled : true ,
Add code integrity check
This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository.
Furthermore, there is a basic implementation to display problems with the code integrity on the update screen.
Code signing basically happens the following way:
- There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates.
- Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID.
- The command generates a signature.json file of the following format:
```json
{
"hashes": {
"/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d",
"/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9"
},
"certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----",
"signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl"
}
```
`hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`.
Steps to do in other PRs, this is already a quite huge one:
- Add nag screen in case the code check fails to ensure that administrators are aware of this.
- Add code verification also to OCC upgrade and unify display code more.
- Add enforced code verification to apps shipped from the appstore with a level of "official"
- Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release
- Add some developer documentation on how devs can request their own certificate
- Check when installing ownCloud
- Add support for CRLs to allow revoking certificates
**Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature:
```
➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt
Successfully signed "core"
```
Then increase the version and you should see something like the following:
![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png)
As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen.
For packaging stable releases this requires the following additional steps as a last action before zipping:
1. Run `./occ integrity:sign-core` once
2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
2015-11-03 22:26:06 +03:00
hasPassedCodeIntegrityCheck : true ,
2017-02-15 09:40:36 +03:00
isOpcacheProperlySetup : true ,
2017-12-13 14:53:12 +03:00
isSettimelimitAvailable : true ,
hasFreeTypeSupport : true
2015-07-25 21:18:32 +03:00
} )
2015-03-26 16:51:33 +03:00
) ;
async . done ( function ( data , s , x ) {
2015-07-29 17:41:22 +03:00
expect ( data ) . toEqual ( [
2015-07-29 18:40:42 +03:00
{
2017-11-24 14:10:04 +03:00
msg : 'This server has no working Internet connection: Multiple endpoints could not be reached. This means that some of the features like mounting external storage, notifications about updates or installation of third-party apps will not work. Accessing files remotely and sending of notification emails might not work, either. Establish a connection from this server to the Internet to enjoy all features.' ,
2015-07-29 18:40:42 +03:00
type : OC . SetupChecks . MESSAGE _TYPE _WARNING
} ,
2015-07-29 17:41:22 +03:00
{
2017-11-24 14:10:04 +03:00
msg : 'No memory cache has been configured. To enhance performance, please configure a memcache, if available. Further information can be found in the <a href="https://docs.nextcloud.com/server/go.php?to=admin-performance" rel="noreferrer noopener">documentation</a>.' ,
2015-07-29 18:40:42 +03:00
type : OC . SetupChecks . MESSAGE _TYPE _INFO
2015-07-29 17:41:22 +03:00
} ] ) ;
2015-03-26 16:51:33 +03:00
done ( ) ;
} ) ;
} ) ;
it ( 'should return an error if server has no internet connection and data directory is not protected and memcache is available' , function ( done ) {
var async = OC . SetupChecks . checkSetup ( ) ;
suite . server . requests [ 0 ] . respond (
200 ,
{
'Content-Type' : 'application/json' ,
} ,
2015-07-25 21:18:32 +03:00
JSON . stringify ( {
isUrandomAvailable : true ,
serverHasInternetConnection : false ,
isMemcacheConfigured : true ,
2015-10-02 17:17:56 +03:00
forwardedForHeadersWorking : true ,
isCorrectMemcachedPHPModuleInstalled : true ,
Add code integrity check
This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository.
Furthermore, there is a basic implementation to display problems with the code integrity on the update screen.
Code signing basically happens the following way:
- There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates.
- Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID.
- The command generates a signature.json file of the following format:
```json
{
"hashes": {
"/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d",
"/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9"
},
"certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----",
"signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl"
}
```
`hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`.
Steps to do in other PRs, this is already a quite huge one:
- Add nag screen in case the code check fails to ensure that administrators are aware of this.
- Add code verification also to OCC upgrade and unify display code more.
- Add enforced code verification to apps shipped from the appstore with a level of "official"
- Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release
- Add some developer documentation on how devs can request their own certificate
- Check when installing ownCloud
- Add support for CRLs to allow revoking certificates
**Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature:
```
➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt
Successfully signed "core"
```
Then increase the version and you should see something like the following:
![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png)
As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen.
For packaging stable releases this requires the following additional steps as a last action before zipping:
1. Run `./occ integrity:sign-core` once
2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
2015-11-03 22:26:06 +03:00
hasPassedCodeIntegrityCheck : true ,
2017-02-15 09:40:36 +03:00
isOpcacheProperlySetup : true ,
2017-12-13 14:53:12 +03:00
isSettimelimitAvailable : true ,
hasFreeTypeSupport : true
2015-07-25 21:18:32 +03:00
} )
2015-01-19 13:56:04 +03:00
) ;
async . done ( function ( data , s , x ) {
2015-07-29 18:40:42 +03:00
expect ( data ) . toEqual ( [
{
2017-11-24 14:10:04 +03:00
msg : 'This server has no working Internet connection: Multiple endpoints could not be reached. This means that some of the features like mounting external storage, notifications about updates or installation of third-party apps will not work. Accessing files remotely and sending of notification emails might not work, either. Establish a connection from this server to the Internet to enjoy all features.' ,
2015-07-29 18:40:42 +03:00
type : OC . SetupChecks . MESSAGE _TYPE _WARNING
2016-02-01 20:14:10 +03:00
}
] ) ;
2015-03-03 15:59:03 +03:00
done ( ) ;
2015-01-19 13:56:04 +03:00
} ) ;
} ) ;
2015-05-26 15:11:38 +03:00
it ( 'should return an error if /dev/urandom is not accessible' , function ( done ) {
var async = OC . SetupChecks . checkSetup ( ) ;
suite . server . requests [ 0 ] . respond (
200 ,
{
'Content-Type' : 'application/json' ,
} ,
2015-07-25 21:18:32 +03:00
JSON . stringify ( {
isUrandomAvailable : false ,
securityDocs : 'https://docs.owncloud.org/myDocs.html' ,
serverHasInternetConnection : true ,
isMemcacheConfigured : true ,
2015-10-02 17:17:56 +03:00
forwardedForHeadersWorking : true ,
isCorrectMemcachedPHPModuleInstalled : true ,
Add code integrity check
This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository.
Furthermore, there is a basic implementation to display problems with the code integrity on the update screen.
Code signing basically happens the following way:
- There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates.
- Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID.
- The command generates a signature.json file of the following format:
```json
{
"hashes": {
"/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d",
"/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9"
},
"certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----",
"signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl"
}
```
`hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`.
Steps to do in other PRs, this is already a quite huge one:
- Add nag screen in case the code check fails to ensure that administrators are aware of this.
- Add code verification also to OCC upgrade and unify display code more.
- Add enforced code verification to apps shipped from the appstore with a level of "official"
- Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release
- Add some developer documentation on how devs can request their own certificate
- Check when installing ownCloud
- Add support for CRLs to allow revoking certificates
**Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature:
```
➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt
Successfully signed "core"
```
Then increase the version and you should see something like the following:
![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png)
As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen.
For packaging stable releases this requires the following additional steps as a last action before zipping:
1. Run `./occ integrity:sign-core` once
2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
2015-11-03 22:26:06 +03:00
hasPassedCodeIntegrityCheck : true ,
2017-02-15 09:40:36 +03:00
isOpcacheProperlySetup : true ,
2017-12-13 14:53:12 +03:00
isSettimelimitAvailable : true ,
hasFreeTypeSupport : true
2015-07-25 21:18:32 +03:00
} )
2015-05-26 15:11:38 +03:00
) ;
async . done ( function ( data , s , x ) {
2015-07-29 18:40:42 +03:00
expect ( data ) . toEqual ( [ {
2017-11-24 14:10:04 +03:00
msg : '/dev/urandom is not readable by PHP which is highly discouraged for security reasons. Further information can be found in the <a href="https://docs.owncloud.org/myDocs.html" rel="noreferrer noopener">documentation</a>.' ,
2015-07-29 18:40:42 +03:00
type : OC . SetupChecks . MESSAGE _TYPE _WARNING
} ] ) ;
2015-05-26 15:11:38 +03:00
done ( ) ;
} ) ;
} ) ;
2015-03-26 16:51:33 +03:00
2015-10-02 17:17:56 +03:00
it ( 'should return an error if the wrong memcache PHP module is installed' , function ( done ) {
var async = OC . SetupChecks . checkSetup ( ) ;
suite . server . requests [ 0 ] . respond (
200 ,
{
'Content-Type' : 'application/json' ,
} ,
JSON . stringify ( {
isUrandomAvailable : true ,
securityDocs : 'https://docs.owncloud.org/myDocs.html' ,
serverHasInternetConnection : true ,
isMemcacheConfigured : true ,
forwardedForHeadersWorking : true ,
isCorrectMemcachedPHPModuleInstalled : false ,
Add code integrity check
This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository.
Furthermore, there is a basic implementation to display problems with the code integrity on the update screen.
Code signing basically happens the following way:
- There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates.
- Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID.
- The command generates a signature.json file of the following format:
```json
{
"hashes": {
"/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d",
"/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9"
},
"certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----",
"signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl"
}
```
`hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`.
Steps to do in other PRs, this is already a quite huge one:
- Add nag screen in case the code check fails to ensure that administrators are aware of this.
- Add code verification also to OCC upgrade and unify display code more.
- Add enforced code verification to apps shipped from the appstore with a level of "official"
- Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release
- Add some developer documentation on how devs can request their own certificate
- Check when installing ownCloud
- Add support for CRLs to allow revoking certificates
**Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature:
```
➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt
Successfully signed "core"
```
Then increase the version and you should see something like the following:
![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png)
As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen.
For packaging stable releases this requires the following additional steps as a last action before zipping:
1. Run `./occ integrity:sign-core` once
2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
2015-11-03 22:26:06 +03:00
hasPassedCodeIntegrityCheck : true ,
2017-02-15 09:40:36 +03:00
isOpcacheProperlySetup : true ,
2017-12-13 14:53:12 +03:00
isSettimelimitAvailable : true ,
hasFreeTypeSupport : true
2015-10-02 17:17:56 +03:00
} )
) ;
async . done ( function ( data , s , x ) {
expect ( data ) . toEqual ( [ {
2017-10-19 13:16:04 +03:00
msg : 'Memcached is configured as distributed cache, but the wrong PHP module "memcache" is installed. \\OC\\Memcache\\Memcached only supports "memcached" and not "memcache". See the <a href="https://code.google.com/p/memcached/wiki/PHPClientComparison" rel="noreferrer noopener">memcached wiki about both modules</a>.' ,
2015-10-02 17:17:56 +03:00
type : OC . SetupChecks . MESSAGE _TYPE _WARNING
} ] ) ;
done ( ) ;
} ) ;
} ) ;
2015-07-25 21:18:32 +03:00
it ( 'should return an error if the forwarded for headers are not working' , function ( done ) {
var async = OC . SetupChecks . checkSetup ( ) ;
suite . server . requests [ 0 ] . respond (
200 ,
{
'Content-Type' : 'application/json' ,
} ,
JSON . stringify ( {
isUrandomAvailable : true ,
serverHasInternetConnection : true ,
isMemcacheConfigured : true ,
forwardedForHeadersWorking : false ,
2015-10-02 17:17:56 +03:00
reverseProxyDocs : 'https://docs.owncloud.org/foo/bar.html' ,
isCorrectMemcachedPHPModuleInstalled : true ,
Add code integrity check
This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository.
Furthermore, there is a basic implementation to display problems with the code integrity on the update screen.
Code signing basically happens the following way:
- There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates.
- Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID.
- The command generates a signature.json file of the following format:
```json
{
"hashes": {
"/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d",
"/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9"
},
"certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----",
"signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl"
}
```
`hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`.
Steps to do in other PRs, this is already a quite huge one:
- Add nag screen in case the code check fails to ensure that administrators are aware of this.
- Add code verification also to OCC upgrade and unify display code more.
- Add enforced code verification to apps shipped from the appstore with a level of "official"
- Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release
- Add some developer documentation on how devs can request their own certificate
- Check when installing ownCloud
- Add support for CRLs to allow revoking certificates
**Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature:
```
➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt
Successfully signed "core"
```
Then increase the version and you should see something like the following:
![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png)
As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen.
For packaging stable releases this requires the following additional steps as a last action before zipping:
1. Run `./occ integrity:sign-core` once
2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
2015-11-03 22:26:06 +03:00
hasPassedCodeIntegrityCheck : true ,
2017-02-15 09:40:36 +03:00
isOpcacheProperlySetup : true ,
2017-12-13 14:53:12 +03:00
isSettimelimitAvailable : true ,
hasFreeTypeSupport : true
2015-07-25 21:18:32 +03:00
} )
) ;
async . done ( function ( data , s , x ) {
2015-08-18 15:42:57 +03:00
expect ( data ) . toEqual ( [ {
2017-11-24 14:10:04 +03:00
msg : 'The reverse proxy header configuration is incorrect, or you are accessing Nextcloud from a trusted proxy. If not, this is a security issue and can allow an attacker to spoof their IP address as visible to the Nextcloud. Further information can be found in the <a href="https://docs.owncloud.org/foo/bar.html" rel="noreferrer noopener">documentation</a>.' ,
2015-08-18 15:42:57 +03:00
type : OC . SetupChecks . MESSAGE _TYPE _WARNING
} ] ) ;
2015-07-25 21:18:32 +03:00
done ( ) ;
} ) ;
} ) ;
2017-03-16 14:30:21 +03:00
it ( 'should return an error if set_time_limit is unavailable' , function ( done ) {
var async = OC . SetupChecks . checkSetup ( ) ;
suite . server . requests [ 0 ] . respond (
200 ,
{
'Content-Type' : 'application/json' ,
} ,
JSON . stringify ( {
isUrandomAvailable : true ,
serverHasInternetConnection : true ,
isMemcacheConfigured : true ,
forwardedForHeadersWorking : true ,
reverseProxyDocs : 'https://docs.owncloud.org/foo/bar.html' ,
isCorrectMemcachedPHPModuleInstalled : true ,
hasPassedCodeIntegrityCheck : true ,
isOpcacheProperlySetup : true ,
2017-12-13 14:53:12 +03:00
isSettimelimitAvailable : false ,
hasFreeTypeSupport : true
2017-03-16 14:30:21 +03:00
} )
) ;
async . done ( function ( data , s , x ) {
expect ( data ) . toEqual ( [ {
2017-11-24 14:10:04 +03:00
msg : 'The PHP function "set_time_limit" is not available. This could result in scripts being halted mid-execution, breaking your installation. Enabling this function is strongly recommended.' ,
2017-03-16 14:30:21 +03:00
type : OC . SetupChecks . MESSAGE _TYPE _WARNING
} ] ) ;
done ( ) ;
} ) ;
} ) ;
2015-01-19 13:56:04 +03:00
it ( 'should return an error if the response has no statuscode 200' , function ( done ) {
var async = OC . SetupChecks . checkSetup ( ) ;
suite . server . requests [ 0 ] . respond (
500 ,
{
'Content-Type' : 'application/json'
} ,
2016-02-01 20:14:10 +03:00
JSON . stringify ( { data : { serverHasInternetConnection : false } } )
2015-01-19 13:56:04 +03:00
) ;
async . done ( function ( data , s , x ) {
2015-07-29 18:40:42 +03:00
expect ( data ) . toEqual ( [ {
msg : 'Error occurred while checking server setup' ,
type : OC . SetupChecks . MESSAGE _TYPE _ERROR
} ] ) ;
2015-03-03 15:59:03 +03:00
done ( ) ;
2015-01-19 13:56:04 +03:00
} ) ;
} ) ;
2015-07-28 11:06:26 +03:00
it ( 'should return an error if the php version is no longer supported' , function ( done ) {
var async = OC . SetupChecks . checkSetup ( ) ;
suite . server . requests [ 0 ] . respond (
200 ,
{
'Content-Type' : 'application/json' ,
} ,
2015-07-25 21:18:32 +03:00
JSON . stringify ( {
isUrandomAvailable : true ,
securityDocs : 'https://docs.owncloud.org/myDocs.html' ,
serverHasInternetConnection : true ,
isMemcacheConfigured : true ,
forwardedForHeadersWorking : true ,
2015-10-02 17:17:56 +03:00
phpSupported : { eol : true , version : '5.4.0' } ,
isCorrectMemcachedPHPModuleInstalled : true ,
Add code integrity check
This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository.
Furthermore, there is a basic implementation to display problems with the code integrity on the update screen.
Code signing basically happens the following way:
- There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates.
- Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID.
- The command generates a signature.json file of the following format:
```json
{
"hashes": {
"/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d",
"/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9"
},
"certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----",
"signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl"
}
```
`hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`.
Steps to do in other PRs, this is already a quite huge one:
- Add nag screen in case the code check fails to ensure that administrators are aware of this.
- Add code verification also to OCC upgrade and unify display code more.
- Add enforced code verification to apps shipped from the appstore with a level of "official"
- Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release
- Add some developer documentation on how devs can request their own certificate
- Check when installing ownCloud
- Add support for CRLs to allow revoking certificates
**Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature:
```
➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt
Successfully signed "core"
```
Then increase the version and you should see something like the following:
![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png)
As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen.
For packaging stable releases this requires the following additional steps as a last action before zipping:
1. Run `./occ integrity:sign-core` once
2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
2015-11-03 22:26:06 +03:00
hasPassedCodeIntegrityCheck : true ,
2017-02-15 09:40:36 +03:00
isOpcacheProperlySetup : true ,
2017-12-13 14:53:12 +03:00
isSettimelimitAvailable : true ,
hasFreeTypeSupport : true
2015-07-25 21:18:32 +03:00
} )
2015-07-28 11:06:26 +03:00
) ;
async . done ( function ( data , s , x ) {
2015-08-18 15:42:57 +03:00
expect ( data ) . toEqual ( [ {
2017-11-24 14:10:04 +03:00
msg : 'You are currently running PHP 5.4.0. Upgrade your PHP version to take advantage of <a href="https://secure.php.net/supported-versions.php" rel="noreferrer noopener">performance and security updates provided by the PHP Group</a> as soon as your distribution supports it.' ,
2015-08-18 15:42:57 +03:00
type : OC . SetupChecks . MESSAGE _TYPE _INFO
} ] ) ;
2015-07-28 11:06:26 +03:00
done ( ) ;
} ) ;
} ) ;
2017-02-15 09:40:36 +03:00
it ( 'should return an info if server has no proper opcache' , function ( done ) {
var async = OC . SetupChecks . checkSetup ( ) ;
suite . server . requests [ 0 ] . respond (
200 ,
{
'Content-Type' : 'application/json'
} ,
JSON . stringify ( {
isUrandomAvailable : true ,
securityDocs : 'https://docs.owncloud.org/myDocs.html' ,
serverHasInternetConnection : true ,
isMemcacheConfigured : true ,
forwardedForHeadersWorking : true ,
isCorrectMemcachedPHPModuleInstalled : true ,
hasPassedCodeIntegrityCheck : true ,
isOpcacheProperlySetup : false ,
phpOpcacheDocumentation : 'https://example.org/link/to/doc' ,
2017-12-13 14:53:12 +03:00
isSettimelimitAvailable : true ,
hasFreeTypeSupport : true
2017-02-15 09:40:36 +03:00
} )
) ;
async . done ( function ( data , s , x ) {
expect ( data ) . toEqual ( [ {
2017-11-24 14:10:04 +03:00
msg : 'The PHP OPcache is not properly configured. <a href="https://example.org/link/to/doc" rel="noreferrer noopener">For better performance it is recommended</a> to use the following settings in the <code>php.ini</code>:' + "<pre><code>opcache.enable=1\nopcache.enable_cli=1\nopcache.interned_strings_buffer=8\nopcache.max_accelerated_files=10000\nopcache.memory_consumption=128\nopcache.save_comments=1\nopcache.revalidate_freq=1</code></pre>" ,
2017-02-15 09:40:36 +03:00
type : OC . SetupChecks . MESSAGE _TYPE _INFO
} ] ) ;
done ( ) ;
} ) ;
} ) ;
2017-12-13 14:53:12 +03:00
it ( 'should return an info if server has no freetype support' , function ( done ) {
var async = OC . SetupChecks . checkSetup ( ) ;
suite . server . requests [ 0 ] . respond (
200 ,
{
'Content-Type' : 'application/json'
} ,
JSON . stringify ( {
isUrandomAvailable : true ,
securityDocs : 'https://docs.owncloud.org/myDocs.html' ,
serverHasInternetConnection : true ,
isMemcacheConfigured : true ,
forwardedForHeadersWorking : true ,
isCorrectMemcachedPHPModuleInstalled : true ,
hasPassedCodeIntegrityCheck : true ,
isOpcacheProperlySetup : true ,
phpOpcacheDocumentation : 'https://example.org/link/to/doc' ,
isSettimelimitAvailable : true ,
hasFreeTypeSupport : false
} )
) ;
async . done ( function ( data , s , x ) {
expect ( data ) . toEqual ( [ {
msg : 'Your PHP does not have freetype support. This will result in broken profile pictures and settings interface.' ,
type : OC . SetupChecks . MESSAGE _TYPE _INFO
} ] ) ;
done ( ) ;
} ) ;
} ) ;
2015-01-19 13:56:04 +03:00
} ) ;
describe ( 'checkGeneric' , function ( ) {
it ( 'should return an error if the response has no statuscode 200' , function ( done ) {
var async = OC . SetupChecks . checkGeneric ( ) ;
suite . server . requests [ 0 ] . respond (
500 ,
{
'Content-Type' : 'application/json'
}
) ;
async . done ( function ( data , s , x ) {
2015-07-29 18:40:42 +03:00
expect ( data ) . toEqual ( [ {
msg : 'Error occurred while checking server setup' ,
type : OC . SetupChecks . MESSAGE _TYPE _ERROR
} , {
msg : 'Error occurred while checking server setup' ,
type : OC . SetupChecks . MESSAGE _TYPE _ERROR
} ] ) ;
2015-03-03 15:59:03 +03:00
done ( ) ;
2015-01-19 13:56:04 +03:00
} ) ;
} ) ;
it ( 'should return all errors if all headers are missing' , function ( done ) {
2015-03-03 15:59:03 +03:00
protocolStub . returns ( 'https' ) ;
2015-01-19 13:56:04 +03:00
var async = OC . SetupChecks . checkGeneric ( ) ;
suite . server . requests [ 0 ] . respond (
200 ,
{
'Content-Type' : 'application/json' ,
2015-06-15 11:39:25 +03:00
'Strict-Transport-Security' : 'max-age=15768000'
2015-01-19 13:56:04 +03:00
}
) ;
async . done ( function ( data , s , x ) {
2015-07-29 18:40:42 +03:00
expect ( data ) . toEqual ( [
{
2017-11-24 14:10:04 +03:00
msg : 'The "X-XSS-Protection" HTTP header is not set to "1; mode=block". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.' ,
2015-07-29 18:40:42 +03:00
type : OC . SetupChecks . MESSAGE _TYPE _WARNING
} , {
2017-11-24 14:10:04 +03:00
msg : 'The "X-Content-Type-Options" HTTP header is not set to "nosniff". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.' ,
2015-07-29 18:40:42 +03:00
type : OC . SetupChecks . MESSAGE _TYPE _WARNING
} , {
2017-11-24 14:10:04 +03:00
msg : 'The "X-Robots-Tag" HTTP header is not set to "none". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.' ,
2015-07-29 18:40:42 +03:00
type : OC . SetupChecks . MESSAGE _TYPE _WARNING
} , {
2017-11-24 14:10:04 +03:00
msg : 'The "X-Frame-Options" HTTP header is not set to "SAMEORIGIN". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.' ,
2015-07-29 18:40:42 +03:00
type : OC . SetupChecks . MESSAGE _TYPE _WARNING
2016-01-11 23:20:42 +03:00
} , {
2017-11-24 14:10:04 +03:00
msg : 'The "X-Download-Options" HTTP header is not set to "noopen". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.' ,
2016-01-11 23:20:42 +03:00
type : OC . SetupChecks . MESSAGE _TYPE _WARNING
} , {
2017-11-24 14:10:04 +03:00
msg : 'The "X-Permitted-Cross-Domain-Policies" HTTP header is not set to "none". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.' ,
2016-01-11 23:20:42 +03:00
type : OC . SetupChecks . MESSAGE _TYPE _WARNING
} ,
] ) ;
2015-03-03 15:59:03 +03:00
done ( ) ;
2015-01-19 13:56:04 +03:00
} ) ;
} ) ;
it ( 'should return only some errors if just some headers are missing' , function ( done ) {
2015-03-03 15:59:03 +03:00
protocolStub . returns ( 'https' ) ;
2015-01-19 13:56:04 +03:00
var async = OC . SetupChecks . checkGeneric ( ) ;
suite . server . requests [ 0 ] . respond (
200 ,
{
'X-Robots-Tag' : 'none' ,
'X-Frame-Options' : 'SAMEORIGIN' ,
2016-01-11 23:20:42 +03:00
'Strict-Transport-Security' : 'max-age=15768000;preload' ,
'X-Download-Options' : 'noopen' ,
'X-Permitted-Cross-Domain-Policies' : 'none' ,
2015-01-19 13:56:04 +03:00
}
) ;
async . done ( function ( data , s , x ) {
2015-07-29 18:40:42 +03:00
expect ( data ) . toEqual ( [ {
2017-11-24 14:10:04 +03:00
msg : 'The "X-XSS-Protection" HTTP header is not set to "1; mode=block". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.' ,
2015-07-29 18:40:42 +03:00
type : OC . SetupChecks . MESSAGE _TYPE _WARNING ,
} , {
2017-11-24 14:10:04 +03:00
msg : 'The "X-Content-Type-Options" HTTP header is not set to "nosniff". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.' ,
2015-07-29 18:40:42 +03:00
type : OC . SetupChecks . MESSAGE _TYPE _WARNING
} ] ) ;
2015-03-03 15:59:03 +03:00
done ( ) ;
2015-01-19 13:56:04 +03:00
} ) ;
} ) ;
it ( 'should return none errors if all headers are there' , function ( done ) {
2015-03-03 15:59:03 +03:00
protocolStub . returns ( 'https' ) ;
2015-01-19 13:56:04 +03:00
var async = OC . SetupChecks . checkGeneric ( ) ;
suite . server . requests [ 0 ] . respond (
200 ,
{
'X-XSS-Protection' : '1; mode=block' ,
'X-Content-Type-Options' : 'nosniff' ,
'X-Robots-Tag' : 'none' ,
'X-Frame-Options' : 'SAMEORIGIN' ,
2016-01-11 23:20:42 +03:00
'Strict-Transport-Security' : 'max-age=15768000' ,
'X-Download-Options' : 'noopen' ,
'X-Permitted-Cross-Domain-Policies' : 'none' ,
2015-01-19 13:56:04 +03:00
}
) ;
async . done ( function ( data , s , x ) {
expect ( data ) . toEqual ( [ ] ) ;
2015-03-03 15:59:03 +03:00
done ( ) ;
2015-01-19 13:56:04 +03:00
} ) ;
} ) ;
} ) ;
it ( 'should return a SSL warning if HTTPS is not used' , function ( done ) {
2015-03-03 15:59:03 +03:00
protocolStub . returns ( 'http' ) ;
2015-01-19 13:56:04 +03:00
var async = OC . SetupChecks . checkGeneric ( ) ;
suite . server . requests [ 0 ] . respond ( 200 ,
{
'X-XSS-Protection' : '1; mode=block' ,
'X-Content-Type-Options' : 'nosniff' ,
'X-Robots-Tag' : 'none' ,
2016-01-11 23:20:42 +03:00
'X-Frame-Options' : 'SAMEORIGIN' ,
'X-Download-Options' : 'noopen' ,
'X-Permitted-Cross-Domain-Policies' : 'none' ,
2015-01-19 13:56:04 +03:00
}
) ;
async . done ( function ( data , s , x ) {
2015-07-29 18:40:42 +03:00
expect ( data ) . toEqual ( [ {
2017-11-24 14:10:04 +03:00
msg : 'Accessing site insecurely via HTTP. You are strongly adviced to set up your server to require HTTPS instead, as described in the <a href="http://localhost/index.php/settings/admin/tips-tricks">security tips</a>.' ,
2015-07-29 18:40:42 +03:00
type : OC . SetupChecks . MESSAGE _TYPE _WARNING
} ] ) ;
2015-03-26 17:30:00 +03:00
done ( ) ;
2015-01-19 13:56:04 +03:00
} ) ;
} ) ;
it ( 'should return an error if the response has no statuscode 200' , function ( done ) {
var async = OC . SetupChecks . checkGeneric ( ) ;
suite . server . requests [ 0 ] . respond (
500 ,
{
'Content-Type' : 'application/json'
} ,
2016-02-01 20:14:10 +03:00
JSON . stringify ( { data : { serverHasInternetConnection : false } } )
2015-01-19 13:56:04 +03:00
) ;
async . done ( function ( data , s , x ) {
2015-07-29 18:40:42 +03:00
expect ( data ) . toEqual ( [ {
msg : 'Error occurred while checking server setup' ,
type : OC . SetupChecks . MESSAGE _TYPE _ERROR
} , {
msg : 'Error occurred while checking server setup' ,
type : OC . SetupChecks . MESSAGE _TYPE _ERROR
} ] ) ;
2015-03-26 17:30:00 +03:00
done ( ) ;
2015-01-19 13:56:04 +03:00
} ) ;
} ) ;
it ( 'should return a SSL warning if SSL used without Strict-Transport-Security-Header' , function ( done ) {
2015-03-03 15:59:03 +03:00
protocolStub . returns ( 'https' ) ;
2015-01-19 13:56:04 +03:00
var async = OC . SetupChecks . checkGeneric ( ) ;
suite . server . requests [ 0 ] . respond ( 200 ,
{
'X-XSS-Protection' : '1; mode=block' ,
'X-Content-Type-Options' : 'nosniff' ,
'X-Robots-Tag' : 'none' ,
2016-01-11 23:20:42 +03:00
'X-Frame-Options' : 'SAMEORIGIN' ,
'X-Download-Options' : 'noopen' ,
'X-Permitted-Cross-Domain-Policies' : 'none' ,
2015-01-19 13:56:04 +03:00
}
) ;
async . done ( function ( data , s , x ) {
2015-07-29 18:40:42 +03:00
expect ( data ) . toEqual ( [ {
2017-11-24 14:10:04 +03:00
msg : 'The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the <a rel="noreferrer noopener" href="http://localhost/index.php/settings/admin/tips-tricks">security tips</a>.' ,
2015-07-29 18:40:42 +03:00
type : OC . SetupChecks . MESSAGE _TYPE _WARNING
} ] ) ;
2015-03-26 17:30:00 +03:00
done ( ) ;
2015-01-19 13:56:04 +03:00
} ) ;
} ) ;
it ( 'should return a SSL warning if SSL used with to small Strict-Transport-Security-Header' , function ( done ) {
2015-03-03 15:59:03 +03:00
protocolStub . returns ( 'https' ) ;
2015-01-19 13:56:04 +03:00
var async = OC . SetupChecks . checkGeneric ( ) ;
suite . server . requests [ 0 ] . respond ( 200 ,
{
2016-04-13 09:40:49 +03:00
'Strict-Transport-Security' : 'max-age=15551999' ,
2015-01-19 13:56:04 +03:00
'X-XSS-Protection' : '1; mode=block' ,
'X-Content-Type-Options' : 'nosniff' ,
'X-Robots-Tag' : 'none' ,
2016-01-11 23:20:42 +03:00
'X-Frame-Options' : 'SAMEORIGIN' ,
'X-Download-Options' : 'noopen' ,
'X-Permitted-Cross-Domain-Policies' : 'none' ,
2015-01-19 13:56:04 +03:00
}
) ;
async . done ( function ( data , s , x ) {
2015-07-29 18:40:42 +03:00
expect ( data ) . toEqual ( [ {
2017-11-24 14:10:04 +03:00
msg : 'The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the <a rel="noreferrer noopener" href="http://localhost/index.php/settings/admin/tips-tricks">security tips</a>.' ,
2015-07-29 18:40:42 +03:00
type : OC . SetupChecks . MESSAGE _TYPE _WARNING
} ] ) ;
2015-03-03 15:59:03 +03:00
done ( ) ;
2015-01-19 13:56:04 +03:00
} ) ;
} ) ;
it ( 'should return a SSL warning if SSL used with to a bogus Strict-Transport-Security-Header' , function ( done ) {
2015-03-03 15:59:03 +03:00
protocolStub . returns ( 'https' ) ;
2015-01-19 13:56:04 +03:00
var async = OC . SetupChecks . checkGeneric ( ) ;
suite . server . requests [ 0 ] . respond ( 200 ,
{
'Strict-Transport-Security' : 'iAmABogusHeader342' ,
'X-XSS-Protection' : '1; mode=block' ,
'X-Content-Type-Options' : 'nosniff' ,
'X-Robots-Tag' : 'none' ,
2016-01-11 23:20:42 +03:00
'X-Frame-Options' : 'SAMEORIGIN' ,
'X-Download-Options' : 'noopen' ,
'X-Permitted-Cross-Domain-Policies' : 'none' ,
2015-01-19 13:56:04 +03:00
}
) ;
async . done ( function ( data , s , x ) {
2015-07-29 18:40:42 +03:00
expect ( data ) . toEqual ( [ {
2017-11-24 14:10:04 +03:00
msg : 'The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the <a rel="noreferrer noopener" href="http://localhost/index.php/settings/admin/tips-tricks">security tips</a>.' ,
2015-07-29 18:40:42 +03:00
type : OC . SetupChecks . MESSAGE _TYPE _WARNING
} ] ) ;
2015-03-03 15:59:03 +03:00
done ( ) ;
2015-01-19 13:56:04 +03:00
} ) ;
} ) ;
it ( 'should return no SSL warning if SSL used with to exact the minimum Strict-Transport-Security-Header' , function ( done ) {
2015-03-03 15:59:03 +03:00
protocolStub . returns ( 'https' ) ;
2015-01-19 13:56:04 +03:00
var async = OC . SetupChecks . checkGeneric ( ) ;
suite . server . requests [ 0 ] . respond ( 200 , {
2015-06-15 11:39:25 +03:00
'Strict-Transport-Security' : 'max-age=15768000' ,
2015-01-19 13:56:04 +03:00
'X-XSS-Protection' : '1; mode=block' ,
'X-Content-Type-Options' : 'nosniff' ,
'X-Robots-Tag' : 'none' ,
2016-01-11 23:20:42 +03:00
'X-Frame-Options' : 'SAMEORIGIN' ,
'X-Download-Options' : 'noopen' ,
'X-Permitted-Cross-Domain-Policies' : 'none' ,
2015-01-19 13:56:04 +03:00
} ) ;
async . done ( function ( data , s , x ) {
expect ( data ) . toEqual ( [ ] ) ;
2015-03-03 15:59:03 +03:00
done ( ) ;
2015-01-19 13:56:04 +03:00
} ) ;
} ) ;
it ( 'should return no SSL warning if SSL used with to more than the minimum Strict-Transport-Security-Header' , function ( done ) {
2015-03-03 15:59:03 +03:00
protocolStub . returns ( 'https' ) ;
2015-01-19 13:56:04 +03:00
var async = OC . SetupChecks . checkGeneric ( ) ;
suite . server . requests [ 0 ] . respond ( 200 , {
2015-06-15 11:39:25 +03:00
'Strict-Transport-Security' : 'max-age=99999999' ,
2015-01-19 13:56:04 +03:00
'X-XSS-Protection' : '1; mode=block' ,
'X-Content-Type-Options' : 'nosniff' ,
'X-Robots-Tag' : 'none' ,
2016-01-11 23:20:42 +03:00
'X-Frame-Options' : 'SAMEORIGIN' ,
'X-Download-Options' : 'noopen' ,
'X-Permitted-Cross-Domain-Policies' : 'none' ,
2015-01-19 13:56:04 +03:00
} ) ;
async . done ( function ( data , s , x ) {
expect ( data ) . toEqual ( [ ] ) ;
2015-03-03 15:59:03 +03:00
done ( ) ;
2015-01-19 13:56:04 +03:00
} ) ;
} ) ;
it ( 'should return no SSL warning if SSL used with to more than the minimum Strict-Transport-Security-Header and includeSubDomains parameter' , function ( done ) {
2015-03-03 15:59:03 +03:00
protocolStub . returns ( 'https' ) ;
2015-01-19 13:56:04 +03:00
var async = OC . SetupChecks . checkGeneric ( ) ;
suite . server . requests [ 0 ] . respond ( 200 , {
2015-06-15 11:39:25 +03:00
'Strict-Transport-Security' : 'max-age=99999999; includeSubDomains' ,
'X-XSS-Protection' : '1; mode=block' ,
'X-Content-Type-Options' : 'nosniff' ,
'X-Robots-Tag' : 'none' ,
2016-01-11 23:20:42 +03:00
'X-Frame-Options' : 'SAMEORIGIN' ,
'X-Download-Options' : 'noopen' ,
'X-Permitted-Cross-Domain-Policies' : 'none' ,
2015-06-15 11:39:25 +03:00
} ) ;
async . done ( function ( data , s , x ) {
expect ( data ) . toEqual ( [ ] ) ;
done ( ) ;
} ) ;
} ) ;
it ( 'should return no SSL warning if SSL used with to more than the minimum Strict-Transport-Security-Header and includeSubDomains and preload parameter' , function ( done ) {
protocolStub . returns ( 'https' ) ;
var async = OC . SetupChecks . checkGeneric ( ) ;
suite . server . requests [ 0 ] . respond ( 200 , {
'Strict-Transport-Security' : 'max-age=99999999; preload; includeSubDomains' ,
2015-01-19 13:56:04 +03:00
'X-XSS-Protection' : '1; mode=block' ,
'X-Content-Type-Options' : 'nosniff' ,
'X-Robots-Tag' : 'none' ,
2016-01-11 23:20:42 +03:00
'X-Frame-Options' : 'SAMEORIGIN' ,
'X-Download-Options' : 'noopen' ,
'X-Permitted-Cross-Domain-Policies' : 'none' ,
2015-01-19 13:56:04 +03:00
} ) ;
async . done ( function ( data , s , x ) {
expect ( data ) . toEqual ( [ ] ) ;
2015-03-03 15:59:03 +03:00
done ( ) ;
2015-01-19 13:56:04 +03:00
} ) ;
} ) ;
} ) ;