Commit Graph

5106 Commits

Author SHA1 Message Date
Lukas Reschke ea367b598a Use path instead of app id
This change requires the usage of a path instead of the App ID when signing code. This has the advantage that developers can also sign code under a different location to make it easier. (e.g. remove `.git`, …)

Also it adds an example command usage as well as a link to the documentation
2016-01-20 20:38:18 +01:00
Morris Jobke b188de242e Show default placeholder if avatar image can't be fetched
* fixes owncloud/documents#601
* ref #14564
2016-01-20 15:18:57 +01:00
Morris Jobke d6a63016ae move lost controller to core/controller
* lostpassword.css is unneeded since #11696 is merged - 1b50d4f7ce
* js is already in core/js
* css is moved to core/css/lostpassword
* template is moved to core/templates/lostpassword
2016-01-20 10:42:19 +01:00
Morris Jobke c2a1a02fe4 move user controller to core/controller 2016-01-20 10:23:57 +01:00
Morris Jobke 06fe4cabfc move setup controller to core/controller 2016-01-20 10:23:57 +01:00
Morris Jobke b97fe97875 move avatar controller to core/controller 2016-01-20 10:23:52 +01:00
Jenkins for ownCloud f076bfac32 [tx-robot] updated from transifex 2016-01-20 01:54:54 -05:00
Vincent Petry ffba6d0a7e Added system tags GUI in sidebar
Added files details sidebar panel to assign/unassign/rename/delete
system tags.
2016-01-19 16:24:26 +01:00
Vincent Petry 8d41cbb97a Implement toggleselect extension for select2
To make it possible to toggle selected values inside the dropdown
2016-01-19 16:24:26 +01:00
Joas Schilling 56184f799e Make it possible to enable apps for groups only via occ 2016-01-19 14:29:12 +01:00
Joas Schilling 78a02d1b2f Make it possible to disable apps via the console, which are not enabled for the current user 2016-01-19 14:29:01 +01:00
Joas Schilling d2285113a8 Make sure to list "group enabled" apps as enabled
also when they are not enabled for the current user
2016-01-19 14:29:01 +01:00
Morris Jobke 6e096936e5 update JS humanFileSize to use KB instead of kB 2016-01-19 10:51:57 +01:00
Joas Schilling 50557b19b6 Run the command once again 2016-01-18 11:13:25 +01:00
Joas Schilling fc08f71c12 Sort the list before saving 2016-01-18 11:13:09 +01:00
Jenkins for ownCloud 2095a31000 [tx-robot] updated from transifex 2016-01-17 01:54:53 -05:00
Vincent Petry 857c316bda Backbone transport for Webdav 2016-01-16 11:28:04 +01:00
Jenkins for ownCloud 7a239b2642 [tx-robot] updated from transifex 2016-01-16 01:55:18 -05:00
Thomas Müller 4cbed04273 Merge pull request #21370 from owncloud/system-certs-occ
Add occ commands to manager trusted certificates
2016-01-15 14:18:01 +01:00
Jenkins for ownCloud cd840f01ae [tx-robot] updated from transifex 2016-01-15 01:54:57 -05:00
Joas Schilling f2cb03e155 Allow array recursion in get 2016-01-14 15:02:55 +01:00
Joas Schilling a06f0256a9 Allow deleting a nested system config value 2016-01-14 15:02:54 +01:00
Joas Schilling 00ab50defc Retain backwards compatibility 2016-01-14 15:02:54 +01:00
Robin McCorkell b9d384d837 occ config:system:set can now set other value types
Integers, doubles, booleans and even arrays can now be set, with the
--type=... option. Array setting can be specified by passing multiple
name arguments, e.g. `./occ config:system:set redis port --value=123
--type=integer`
2016-01-14 15:02:54 +01:00
Jenkins for ownCloud 205fbcbfa3 [tx-robot] updated from transifex 2016-01-14 01:55:43 -05:00
Robin Appelman c67a09112b Add occ commands to manager trusted certificates 2016-01-13 14:35:37 +01:00
Thomas Müller cc4e4ecf0f Merge pull request #21676 from owncloud/fix-setup-login-input-shadows
fix login/setup page input shadows
2016-01-13 14:19:57 +01:00
Thomas Müller 3d4ec16a5f Merge pull request #21659 from ErikPel/cssfix
Fixed #21542
2016-01-13 10:53:56 +01:00
Thomas Müller b1ee51f255 Merge pull request #21630 from owncloud/add-some-security-headers-as-hardening
Add X-Download-Options and X-Permitted-Cross-Domain-Policies
2016-01-13 10:33:58 +01:00
Erik Pellikka af57fe59b9 Fixed #21542
Changed to 5 pixel
2016-01-13 11:18:59 +02:00
Christoph Wurst ee35cba7f1 fix login/setup page input shadows
fixes #21658
2016-01-13 10:06:21 +01:00
Thomas Müller c5a200c419 Merge pull request #21653 from owncloud/update-license-headers-2016
Update license headers 2016
2016-01-13 08:29:42 +01:00
Jenkins for ownCloud eb90fa78ad [tx-robot] updated from transifex 2016-01-13 01:55:56 -05:00
Thomas Müller 682821c71e Happy new year! 2016-01-12 15:02:18 +01:00
Thomas Müller 2493cfede9 Merge pull request #21640 from owncloud/add-config-to-disable-wellknown-check
Add config switch to disable the .well-known URL check
2016-01-12 14:46:09 +01:00
Lukas Reschke 4d0dcd3c53 Add X-Download-Options and X-Permitted-Cross-Domain-Policies
Two small security hardenings for our IE users and those with Adobe products. Aligns it more with https://github.com/twitter/secureheaders#secureheaders---
2016-01-12 10:37:16 +01:00
Morris Jobke 8b6b042ffd Add config switch to disable the .well-known URL check 2016-01-12 09:53:23 +01:00
Morris Jobke a6c7cdd75e Show the well-known URL check as info instead of error
* ref https://github.com/owncloud/core/pull/21562#issuecomment-170344549
2016-01-12 09:18:20 +01:00
Thomas Müller 3ec8789c77 Merge pull request #21628 from owncloud/deprecated_secure_random_funcions
Replace deprecated function calls to SecureRandom
2016-01-12 09:12:13 +01:00
Jenkins for ownCloud 44e91bb90a [tx-robot] updated from transifex 2016-01-12 01:56:33 -05:00
Roeland Jago Douma 876fb83ddc getMediumStrengthGenerator is deprecated and does not do anything anymore 2016-01-11 20:06:30 +01:00
Jenkins for ownCloud 77a8085f84 [tx-robot] updated from transifex 2016-01-11 01:55:34 -05:00
Jenkins for ownCloud 580deb09f8 [tx-robot] updated from transifex 2016-01-10 01:55:57 -05:00
Thomas Müller c5b2b3a124 Merge pull request #21562 from owncloud/properly-check-for-well-known-redirect
Add check for .well-known URL in the root of the webservers URL
2016-01-09 17:42:11 +01:00
Jenkins for ownCloud 72b34575df [tx-robot] updated from transifex 2016-01-09 01:55:50 -05:00
Morris Jobke 0161928fc3 Add check for .well-known URL in the root of the webservers URL
* fixes #20012
2016-01-08 23:27:29 +01:00
Thomas Müller dfbb24aa92 Merge pull request #21458 from owncloud/login-gradient
add back gradient for log in page in Firefox, fix accidental removal
2016-01-08 18:20:54 +01:00
Thomas Müller 756876b5dc Merge pull request #21548 from owncloud/issue-21511-correctly-display-notify-option-for-shares
Check the correct config for displaying the "notify by email" option
2016-01-08 18:19:09 +01:00
Joas Schilling 334a6d57a3 Check the correct config for displaying the "notify by email" option 2016-01-08 14:15:06 +01:00
Roeland Jago Douma 186e35d954 Verify the path is a file on avatar update
Fixes #21533

Before we just assumed that the passed path was a file. This does not
have to be the case. Thus check if it actually is a file before doing
any more tests.
2016-01-08 10:03:49 +01:00
Jenkins for ownCloud 88c4cba1f5 [tx-robot] updated from transifex 2016-01-08 01:56:39 -05:00
Thomas Müller 1cc6fddead Merge pull request #21498 from owncloud/cleanup-OC_DB
Cleanup OC_DB methods
2016-01-07 20:13:16 +01:00
Joas Schilling c55da1fc8d Add a warning to the app:check-code if the version is missing 2016-01-07 15:04:36 +01:00
Morris Jobke 190cc2bb67 Remove OC_DB::getConnection 2016-01-07 14:54:55 +01:00
Jenkins for ownCloud 27dfa74d89 [tx-robot] updated from transifex 2016-01-07 01:55:48 -05:00
Thomas Müller d3922510d0 Merge pull request #20994 from owncloud/personal-page
improve layout of personal settings page
2016-01-06 17:25:12 +01:00
Thomas Müller b8ecf19650 Merge pull request #21349 from owncloud/web_use_sharee
Webinterface use sharee API
2016-01-06 17:24:52 +01:00
Jenkins for ownCloud c77917f48c [tx-robot] updated from transifex 2016-01-06 01:55:16 -05:00
Jörn Friedrich Dreyer d988685496 Merge pull request #21377 from owncloud/login-submit-button-border-2
Remove unnecessary border from login button
2016-01-05 15:13:06 +01:00
Jan-Christoph Borchardt 8f7ee523fe add back gradient for log in page in Firefox, fix accidental removal 2016-01-05 10:44:10 +01:00
Jenkins for ownCloud d4034ffca0 [tx-robot] updated from transifex 2016-01-05 01:57:14 -05:00
Björn Schießle 58b1221ad3 don't show previous log level in upgrade message 2016-01-04 11:50:07 +01:00
Jenkins for ownCloud 157bb50a39 [tx-robot] updated from transifex 2016-01-04 01:55:05 -05:00
Jenkins for ownCloud 970495a067 [tx-robot] updated from transifex 2015-12-31 01:55:16 -05:00
Roeland Jago Douma 6bd15856b2 Added js tests for the Sharee API usage 2015-12-30 10:46:19 +01:00
Roeland Jago Douma 49031e0744 Fix unit tests 2015-12-30 08:58:04 +01:00
Roeland Jago Douma f99fcd5dd6 Filter out share owner in sharee suggestion list 2015-12-30 08:58:04 +01:00
Roeland Jago Douma fa7996aa8a Web sharing uses sharee endpoint 2015-12-30 08:58:04 +01:00
Christoph Wurst 598883ffa0 Remove unnecessary border from login button 2015-12-29 09:32:40 +01:00
Jan-Christoph Borchardt 640adde3b9 improve layout of personal settings page 2015-12-28 18:50:50 +01:00
Thomas Müller 9c4ab51735 Merge pull request #21364 from owncloud/bring_back_icons_filepicker
Get the icon in javascript for the filepicker
2015-12-28 10:21:58 +01:00
Thomas Müller 245dac7e81 Merge pull request #20992 from owncloud/log-in-noselect
prevent selecting on log in page to solve ugliness on accidental selection
2015-12-28 10:18:30 +01:00
Jenkins for ownCloud 89584716f8 [tx-robot] updated from transifex 2015-12-28 01:55:10 -05:00
Jenkins for ownCloud 6fe60569f5 [tx-robot] updated from transifex 2015-12-27 01:54:38 -05:00
Jenkins for ownCloud 33a83a0926 [tx-robot] updated from transifex 2015-12-25 01:55:16 -05:00
Jan-Christoph Borchardt 1622589ac5 prevent selecting on log in page to solve ugliness on accidental selection 2015-12-24 11:01:31 +01:00
Roeland Jago Douma 2fc458479e [Avatars] Calculate 'sane' hue precissions
We used to get the numeric value of the entrire md5 string which is a
128bit integer. We would then devide this by the maxval of a 128bit int.

There is no need for such huge computations. As we just require a value
between 0 and 255. Thus using two 16 bit values is more than enough to
get the precision we need. By just taking the MSB we get nearly
identical results.
2015-12-24 10:50:12 +01:00
Roeland Jago Douma 9be43e10af Since the server no longer calculates the icon
The server no longer calculates the icon. So we have the js side do it
for us.
2015-12-24 08:59:32 +01:00
Jenkins for ownCloud 9cdc3f0558 [tx-robot] updated from transifex 2015-12-24 01:55:14 -05:00
Lukas Reschke cebeb0e052 Fix unit tests
Fixes https://github.com/owncloud/core/issues/21345
2015-12-23 09:11:22 +01:00
Jenkins for ownCloud 726f7e5fa8 [tx-robot] updated from transifex 2015-12-23 02:02:31 -05:00
Renaud Fortier 83899a5fa1 add _blank to href 2015-12-21 13:28:32 -05:00
Jenkins for ownCloud d0cb4c9ab3 [tx-robot] updated from transifex 2015-12-19 01:55:14 -05:00
Morris Jobke ed98cdf532 Use OCP\Util::getVersion instead of the internal private implementation 2015-12-18 15:26:54 +01:00
Thomas Müller 551e553bf4 Merge pull request #21264 from owncloud/deprecated_oc_user_methods
Cleanup OC_User deprecated methods
2015-12-18 10:15:18 +01:00
Roeland Jago Douma c64e827f00 Since avatar.js is now essentially empty remove it 2015-12-17 16:32:18 +01:00
Roeland Jago Douma 6248bad0f7 Add a default size to the avatar placeholders
This removed the need to do an avatar request on the "empty" row in the
user settings.
2015-12-17 16:30:23 +01:00
Roeland Jago Douma 7e44ea5da0 Remove deprecated function OC_User::getManager
Private deprecated function => removed
Replaced all instances with suggested replacement
2015-12-17 16:18:34 +01:00
Thomas Müller 3bcaaa6c3a Merge pull request #21259 from owncloud/load_big_avatar_only_personal
Only load the big (128x128) avatar on the perosnal page
2015-12-17 16:07:50 +01:00
Thomas Müller 1285b78086 Merge pull request #21200 from owncloud/files-authorizationheader
Use Authorization headers for public webdav in web UI
2015-12-17 15:30:13 +01:00
Thomas Müller e3ed42135d Merge pull request #21240 from owncloud/avatar_speedup
Avatar speedup
2015-12-17 14:43:21 +01:00
Thomas Müller 358b84c21d Merge pull request #21253 from owncloud/deprecated_oc_helper_linkTo
Remove deprecated OC_Helper::linkTo
2015-12-17 14:43:02 +01:00
Roeland Jago Douma a81836a42f Only load the big (128x128) avatar on the perosnal page
Before the code was executed on every page if a user was logged in. Now
only on the personal page. Thus saving a request on all other pages.
2015-12-17 13:55:22 +01:00
Roeland Jago Douma 19eeb23b91 OC_Helper::linkTo is deprecated
Replaced with suggested (and calling body of)
2015-12-17 10:53:21 +01:00
Thomas Müller fa983caeaa Merge pull request #21238 from owncloud/files-fixparsewebdavmtime
Fix files UI mtime parsing from webdav
2015-12-17 10:24:36 +01:00
Jenkins for ownCloud a7cd8103b5 [tx-robot] updated from transifex 2015-12-17 01:55:09 -05:00
Roeland Jago Douma 3e80f14269 [Avatar] Make the avatar controller use the avatar node 2015-12-16 21:41:58 +01:00
Vincent Petry 181ba7b4e1 Fix files UI mtime parsing from webdav 2015-12-16 17:44:16 +01:00
Vincent Petry 595fd9de6e Add davidchambers/base64 JS library 2015-12-14 17:48:30 +01:00
Vincent Petry ab9849e72f Use Authorization headers for public webdav instead of URL
Instead of prepending the token as username in the URL, use the
Authorization header instead. This is because IE9 considers this a
cross-domain call and refuses to do it in the first place.
2015-12-14 17:42:13 +01:00
Thomas Müller 583e696c9e Merge pull request #21163 from owncloud/fix_20839
Files can't have create permissions
2015-12-14 10:25:27 +01:00
Jenkins for ownCloud 74de12c698 [tx-robot] updated from transifex 2015-12-13 01:54:51 -05:00
Jenkins for ownCloud f2ac1a80d8 [tx-robot] updated from transifex 2015-12-12 01:55:39 -05:00
Roeland Jago Douma e8d5eb65c6 Files can't have create permissions
Fixes #20839
2015-12-11 22:28:26 +01:00
Jenkins for ownCloud 078ca149b5 [tx-robot] updated from transifex 2015-12-10 01:55:17 -05:00
Victor Dubiniuk b59285d0d0 Add occ command to get app path 2015-12-09 11:22:13 +01:00
Morris Jobke d39b018893 Allow occ install on OS X - same behaviour as web setup 2015-12-09 10:49:54 +01:00
Jenkins for ownCloud dda9525c4b [tx-robot] updated from transifex 2015-12-09 01:55:14 -05:00
Lukas Reschke 4b293dffe5 Use \OCP\Util::sanitizeHTML instead of \OC_Util::sanitizeHTML 2015-12-08 08:56:47 +01:00
Thomas Müller d6276faff6 Merge pull request #21014 from owncloud/share-unsharelinkpapercut
Fix unshare link click element
2015-12-08 08:39:33 +01:00
Jenkins for ownCloud 736e133c04 [tx-robot] updated from transifex 2015-12-08 01:56:19 -05:00
Thomas Müller b15d77c934 Merge pull request #21015 from owncloud/update-redirecttocorrectpage
Redirect to correct URL after updating
2015-12-07 19:55:45 +01:00
Thomas Müller 4100263bd6 Merge pull request #20996 from owncloud/issue-12215-remove-password-reset-when-not-possible
Issue 12215 remove password reset when not possible
2015-12-07 19:55:26 +01:00
Vincent Petry 69ab047f89 Redirect to correct URL after updating
Now requires a trailing slash to make sure we don't land on the
forbidden page.
2015-12-07 18:08:00 +01:00
Vincent Petry 5567b6cee2 Fix unshare link click element
When clicking on the unshare link (trash icon), the correct link element
needs to be used instead of whatever child was clicked. Then, that
element might contain a visible loading icon.

This fixes the spinner detection and also prevents a full page reload in
case the spinner was visible.
2015-12-07 17:58:17 +01:00
Thomas Müller 77958bb601 Merge pull request #21009 from owncloud/share-forbidlinkshare-duplicatefield
Fix duplicate bogus share field when link sharing is not allowed
2015-12-07 17:49:24 +01:00
Thomas Müller 939ba745ee Merge pull request #20991 from owncloud/disabled-checked-checkbox-css-rules
Disabled checked checkbox css rules
2015-12-07 17:11:26 +01:00
Vincent Petry 6735005be0 Fix duplicate bogus share field when link sharing is not allowed
Whenever link share is not allowed, it was outputting a bogus sharing
field which name would conflict with the regular sharing field.

This fix makes sure that the bogus sharing field with "Resharing not
allowed" message only appears when triggered by removed share
permissions.
2015-12-07 16:53:56 +01:00
Joas Schilling 87bc02c6cd Allow specifying a custom reset-password-url 2015-12-07 15:41:40 +01:00
Joas Schilling f8f3c9ecf9 Remove password reset when the user can not change the password 2015-12-07 15:14:19 +01:00
Joas Schilling 57cd5209ca Add rules for checked+disabled and disabled checkbox style 2015-12-07 14:57:03 +01:00
Thomas Müller 9c550a07ed OC.FilePath has still a valid use case when generating paths to static files what for generateUrl cannot be used for - closes #15604 2015-12-07 12:23:42 +01:00
Thomas Müller cd6bc79c40 Merge pull request #20530 from owncloud/icons-more
add icons for disabled checkbox, radio button, error and colored checkmark
2015-12-07 10:22:49 +01:00
Thomas Müller 30bd915c0e Merge pull request #20480 from owncloud/css-prefixes
CSS prefixes
2015-12-07 10:21:35 +01:00
Thomas Müller f3d49a89fe Merge pull request #11131 from owncloud/use-phpini-wrapper
Replacing ini_get instances with inigetwrapper usages
2015-12-07 10:20:59 +01:00
Jenkins for ownCloud 884946276e [tx-robot] updated from transifex 2015-12-07 01:54:35 -05:00
Jenkins for ownCloud f0b1ba713d [tx-robot] updated from transifex 2015-12-05 01:55:14 -05:00
Roeland Jago Douma 50d862e5d1 [Avatars] JS should not load same avatar twice
Old code first dit an ajax request to the avatar. Then a new image
object with the same src was created and since we do not cache avatars
yet :(  this resulted in 2 sequential requests to the exact same URL

Now if you set the displayname it will first set the placeholder and
then load the avatar in the background. Only once this time!
2015-12-04 10:42:11 +01:00
Jenkins for ownCloud a2848af625 [tx-robot] updated from transifex 2015-12-04 01:56:31 -05:00
Thomas Müller 7fefd4f4d9 Merge pull request #20860 from owncloud/use-user-getEMailAddress-all-over-the-place
User IUser::getEMailAddress() all over the place
2015-12-03 09:21:53 +01:00
Jenkins for ownCloud 5c178a2719 [tx-robot] updated from transifex 2015-12-03 01:55:12 -05:00
Thomas Müller eebe2b9c23 User IUser::getEMailAddress() all over the place 2015-12-02 21:25:05 +01:00
Lukas Reschke 2515cb17be Support pretty URLs
This changeset allows ownCloud to run with pretty URLs, they will be used if mod_rewrite and mod_env are available. This means basically that the `index.php` in the URL is not shown to the user anymore.

Also the not deprecated functions to generate URLs have been modified to support this behaviour, old functions such as `filePath` will still behave as before for compatibility reasons.

Examples:
http://localhost/owncloud/index.php/s/AIDyKbxiRZWAAjP => http://localhost/owncloud/s/AIDyKbxiRZWAAjP
http://localhost/owncloud/index.php/apps/files/ => http://localhost/owncloud/apps/files/

Due to the way our CSS and JS is structured the .htaccess uses some hacks for the final result but could be worse... And I was just annoyed by all that users crying for the removal of `index.php` ;-)
2015-12-01 16:46:07 +01:00
Lukas Reschke 4971015544 Add code integrity check
This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository.

Furthermore, there is a basic implementation to display problems with the code integrity on the update screen.

Code signing basically happens the following way:

- There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release 😉). This certificate is not intended to be used for signing directly and only is used to sign new certificates.
- Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`,  apps need to be signed with a certificate that either has a CN of `core` (shipped apps!)  or the AppID.
- The command generates a signature.json file of the following format:
```json
{
    "hashes": {
        "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d",
        "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9"
    },
    "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----",
    "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl"
}
```
`hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the  certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`.

Steps to do in other PRs, this is already a quite huge one:
- Add nag screen in case the code check fails to ensure that administrators are aware of this.
- Add code verification also to OCC upgrade and unify display code more.
- Add enforced code verification to apps shipped from the appstore with a level of "official"
- Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release
- Add some developer documentation on how devs can request their own certificate
- Check when installing ownCloud
- Add support for CRLs to allow revoking certificates

**Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature:

```
➜  master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt
Successfully signed "core"
```

Then increase the version and you should see something like the following:

![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png)

As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen.

For packaging stable releases this requires the following additional steps as a last action before zipping:
1. Run `./occ integrity:sign-core` once
2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
2015-12-01 11:55:20 +01:00
Jenkins for ownCloud 8421a43df1 [tx-robot] updated from transifex 2015-12-01 01:55:07 -05:00
Morris Jobke 42272de3a6 update bootstrap from 3.3.5 to 3.3.6 2015-11-30 14:12:57 +01:00
Morris Jobke d8aa44d458 update backbone.js from 1.2.1 to 1.2.3 2015-11-30 14:12:48 +01:00
Lukas Reschke f3e9106864 Don't trust update server
In case the update server may deliver malicious content this would allow an adversary to inject arbitrary HTML into the response. So very bad stuff.

While signing the response would be better and something we can also do in the future (considering the code signing work), this is already a good first start.
2015-11-28 12:21:53 +01:00
Jenkins for ownCloud d305412a35 [tx-robot] updated from transifex 2015-11-28 01:55:16 -05:00
Joas Schilling 67a83d8fd6 Add Workflow app to shipped list 2015-11-27 14:26:39 +01:00
Jenkins for ownCloud 39fb320bae [tx-robot] updated from transifex 2015-11-27 01:55:14 -05:00
Jenkins for ownCloud dd18ea611b [tx-robot] updated from transifex 2015-11-26 01:55:22 -05:00
Thomas Müller 906aea4252 Merge pull request #19212 from owncloud/search-shortcut
Add Ctrl+F shortcut for the search bar
2015-11-25 20:02:13 +01:00
Jan-Christoph Borchardt cd88854369 update page: fix heading whitespace and unbold less important sections 2015-11-25 13:16:00 +01:00
Jan-Christoph Borchardt 50780e451b fix error page button text when label too long 2015-11-25 13:08:05 +01:00
Vincent Petry b1ca431852 Fix for parsing pretty printed Webdav responses
Update davclient.js + adjust IE workaround for this
2015-11-24 15:26:53 +01:00
Hendrik Leppelsack f1b0bf0696 add search fallback to browser 2015-11-24 15:01:20 +01:00
Jenkins for ownCloud cb69e6c201 [tx-robot] updated from transifex 2015-11-24 01:56:32 -05:00
Clark Tomlinson 9caf4ffbfc Replacing ini_get instances with inigetwrapper usages 2015-11-23 14:12:31 +01:00
Thomas Müller bf672d7e51 Merge pull request #20222 from owncloud/federated_sharing_auto_complete
federated sharing auto-complete, first step
2015-11-23 10:42:14 +01:00