twb
/
neatoDeploy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

signatures...

Browse Source
main
Robert 2 years ago
parent 8f3f93d8c6
commit 786a17fc61
10 changed files with 123 additions and 21 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      .gitignore
  2. 2
      app/just_testing.sh
  3. 8
      app/neato.php
  4. 14
      build/compile-phar.php
  5. 5
      build/install_neato.sh
  6. 25
      build/make-sums.sh
  7. 23
      build/neato_deploy.sh
  8. 4
      build/neato_deploy_php_cli.ini
  9. 5
      build/neato_php_cli_phar.ini
  10. 50
      make-installer.sh

4
.gitignore vendored
Unescape View File

@ -9,3 +9,7 @@ neatoDeploy.phar
neato_deploy.tar.gz.self neato_deploy.tar.gz.self
phpstan.neon phpstan.neon
composer.lock composer.lock
build/neatoDeploy.phar.pubkey
build/neatoDeploy.phar.sig
build/private.pem
build/sumfiles.sig

2
app/just_testing.sh
Unescape View File

@ -3,4 +3,4 @@ if [ ! -L deploy_files ]; then
ln -s ../deploy_files . ln -s ../deploy_files .
fi fi
php -c build/neatoDeploy.ini -f neato.php $@ php -c build/neato_deploy_php_cli.ini -f neato.php $@

8
app/neato.php
Unescape View File

@ -6,7 +6,11 @@ error_reporting(E_ALL);
$cwd = getcwd(); $cwd = getcwd();
$pk = "@ghsP4JAuhCUxEGpk2y;mP"; // XOR for sha256sum, CHANGE ME!! $pk = file_get_contents($cwd . "/sumfiles.sig");
if ($pk === false) {
echo "No Signatures for sum file checking!";
exit(1);
}
if (!isset($argv[1])) { if (!isset($argv[1])) {
echo 'Please give Script to run, example: ./neato_deploy.sh apache' . PHP_EOL; echo 'Please give Script to run, example: ./neato_deploy.sh apache' . PHP_EOL;
@ -103,7 +107,7 @@ if (file_exists($cwd . '/deploy_files/deploy_' . $file.'.php')) {
} }
if ($skipdeploy) { if ($skipdeploy) {
echo "Skipping Deploy php file...\r\n"; echo "Skipping running of Deploy php file...\r\n";
exit(0); exit(0);
} }

14
build/compile-phar.php
Unescape View File

@ -17,23 +17,27 @@ $phar = new Phar($pharFile);
// start buffering. Mandatory to modify stub to add shebang // start buffering. Mandatory to modify stub to add shebang
$phar->startBuffering(); $phar->startBuffering();
// Create the default stub from main.php entrypoint
$defaultStub = $phar->createDefaultStub('neato.php');
// Add the rest of the apps files // Add the rest of the apps files
$phar->buildFromDirectory( $phar->buildFromDirectory(
__DIR__ . '/../app', // Base APP folder __DIR__ . '/../app', // Base APP folder
'/\.php$/', // Regular expression to include only PHP files '/\.php$/', // Regular expression to include only PHP files
); );
$phar->stopBuffering();
//$phar->setSignatureAlgorithm(Phar::SHA512);
$private_key = file_get_contents("private.pem");
$phar->setSignatureAlgorithm(Phar::OPENSSL, $private_key);
// Create the default stub from main.php entrypoint
$defaultStub = $phar->createDefaultStub('neato.php');
// Customize the stub to add the shebang // Customize the stub to add the shebang
$stub = "\n" . $defaultStub; $stub = "\n" . $defaultStub;
// Add the stub // Add the stub
$phar->setStub($stub); $phar->setStub($stub);
$phar->stopBuffering();
// plus - compressing it into gzip // plus - compressing it into gzip
$phar->compressFiles(Phar::GZ); $phar->compressFiles(Phar::GZ);

5
build/install_neato.sh
Unescape View File

@ -11,7 +11,7 @@ fi
current_directory=$(pwd) current_directory=$(pwd)
target_directory="/opt/neatoDeploy" target_directory="/opt/neatoDeploy"
if [ "$current_directory" == "$target_directory" ]; then if [ "$current_directory" == "$target_directory" ] || [ "$current_directory" == "$target_directory/build" ]; then
/usr/bin/echo "Do not run this script inside of source folder /opt/neatoDeploy/build!" /usr/bin/echo "Do not run this script inside of source folder /opt/neatoDeploy/build!"
exit 1 exit 1
fi fi
@ -19,8 +19,11 @@ fi
/usr/bin/mkdir -p /opt/neatoDeployments/deploy_files /usr/bin/mkdir -p /opt/neatoDeployments/deploy_files
/usr/bin/mv neato_deploy_php_cli.ini /opt/neatoDeployments/ /usr/bin/mv neato_deploy_php_cli.ini /opt/neatoDeployments/
/usr/bin/mv neatoDeploy.phar /opt/neatoDeployments/ /usr/bin/mv neatoDeploy.phar /opt/neatoDeployments/
/usr/bin/mv neatoDeploy.phar.pubkey /opt/neatoDeployments/
/usr/bin/mv neatoDeploy.phar.sig /opt/neatoDeployments/
/usr/bin/mv neato_deploy.sh /opt/neatoDeployments/ /usr/bin/mv neato_deploy.sh /opt/neatoDeployments/
/usr/bin/mv make-sums.sh /opt/neatoDeployments/ /usr/bin/mv make-sums.sh /opt/neatoDeployments/
/usr/bin/mv sumfiles.sig /opt/neatoDeployments/
/usr/bin/mv deploy_files/deploy_*.php /opt/neatoDeployments/deploy_files/ /usr/bin/mv deploy_files/deploy_*.php /opt/neatoDeployments/deploy_files/
/usr/bin/rmdir deploy_files /usr/bin/rmdir deploy_files

25
build/make-sums.sh
Unescape View File

@ -2,14 +2,35 @@
if [ ! -d sums ]; then if [ ! -d sums ]; then
mkdir sums mkdir sums
fi fi
if which "openssl" >/dev/null 2>&1; then
file_to_verify="/opt/neatoDeployments/neatoDeploy.phar"
signature_file="/opt/neatoDeployments/neatoDeploy.phar.sig"
public_key_file="neatoDeploy.phar.pubkey"
# Verify the signature
openssl dgst -sha256 -verify "$public_key_file" -signature "$signature_file" "$file_to_verify"
# Check the exit code to determine the verification result
if [ $? -eq 0 ]; then
echo "Signature is valid."
else
echo "Signature is not valid."
exit 1
fi
else
echo "openssl is not installed!!"
fi
for file in deploy_files/deploy_*.php; do for file in deploy_files/deploy_*.php; do
if [ -f "$file" ]; then if [ -f "$file" ]; then
echo -e "Making sum file for: $file \r\n" echo -e "Making sum file for: $file \r\n"
# Remove "deploy_" from the beginning and ".php" from the end # Remove "deploy_" from the beginning and ".php" from the end
new_file_name=$(echo "$file" | sed 's/^deploy_//;s/\.php$//') new_file_name=$(echo "$file" | sed 's/deploy_files\///;s/^deploy_//;s/\.php$//')
php -c /opt/neatoDeployments/neatoDeploy.ini -f /opt/neatoDeployments/neatoDeploy.phar "$new_file_name" -marksafe -skipdeploy php -c /opt/neatoDeployments/neato_deploy_php_cli.ini -f /opt/neatoDeployments/neatoDeploy.phar "$new_file_name" -marksafe -skipdeploy
fi fi
done done

23
build/neato_deploy.sh
Unescape View File

@ -1,2 +1,23 @@
#!/bin/bash #!/bin/bash
php -c /opt/neatoDeployments/neatoDeploy.ini -f /opt/neatoDeployments/neatoDeploy.phar $@
if which "openssl" >/dev/null 2>&1; then
file_to_verify="/opt/neatoDeployments/neatoDeploy.phar"
signature_file="/opt/neatoDeployments/neatoDeploy.phar.sig"
public_key_file="neatoDeploy.phar.pubkey"
# Verify the signature
openssl dgst -sha256 -verify "$public_key_file" -signature "$signature_file" "$file_to_verify"
# Check the exit code to determine the verification result
if [ $? -eq 0 ]; then
echo "Signature is valid."
else
echo "Signature is not valid."
exit 1
fi
else
echo "openssl is not installed!!"
fi
php -c /opt/neatoDeployments/neato_deploy_php_cli.ini -f /opt/neatoDeployments/neatoDeploy.phar $@

4
build/neato_deploy_php_cli.ini
Unescape View File

@ -6,9 +6,8 @@ zlib.output_compression = Off
implicit_flush = Off implicit_flush = Off
serialize_precision = -1 serialize_precision = -1
open_basedir = open_basedir =
; exec,shell_exec, preg_replace,
disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,passthru,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source,eval,assert,create_function,telnet disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,passthru,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source,eval,assert,create_function,telnet
disable_classes = ReflectionFunction disable_classes =
zend.enable_gc = On zend.enable_gc = On
expose_php = Off expose_php = Off
max_execution_time = 0 max_execution_time = 0
@ -33,3 +32,4 @@ default_socket_timeout = 60
cli_server.color = On cli_server.color = On
[Phar] [Phar]
phar.readonly = On phar.readonly = On
phar.require_hash = On

5
build/neato_php_cli_phar.ini
Unescape View File

@ -6,8 +6,8 @@ zlib.output_compression = Off
implicit_flush = Off implicit_flush = Off
serialize_precision = -1 serialize_precision = -1
open_basedir = open_basedir =
disable_functions = disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,passthru,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source,eval,assert,create_function,telnet
disable_classes = disable_classes = ReflectionFunction
zend.enable_gc = On zend.enable_gc = On
expose_php = Off expose_php = Off
max_execution_time = 0 max_execution_time = 0
@ -32,3 +32,4 @@ default_socket_timeout = 60
cli_server.color = On cli_server.color = On
[Phar] [Phar]
phar.readonly = Off phar.readonly = Off
phar.require_hash = On

50
make-installer.sh
Unescape View File

@ -1,11 +1,55 @@
#!/bin/bash #!/bin/bash
pushd build pushd build || exit 2
generate_password() {
# Define character sets for the password
uppercase="ABCDEFGHIJKLMNOPQRSTUVWXYZ"
lowercase="abcdefghijklmnopqrstuvwxyz"
numbers="0123456789"
special_chars="!@#$%-^&*(_)+=?"
# Combine character sets
all_chars="${uppercase}${lowercase}${numbers}${special_chars}"
# Use /dev/urandom to generate random bytes and base64 encode them
password=$(head /dev/urandom | tr -dc "$all_chars" | head -c 16)
echo "$password" > sumfiles.sig
}
if [ ! -f "sumfiles.sig" ]; then
generate_password
fi
if [ ! -f "private.pem" ]; then
openssl genrsa -out private.pem 4096
openssl rsa -in private.pem -pubout -out neatoDeploy.phar.pubkey
fi
/usr/bin/php -c neato_php_cli_phar.ini -f compile-phar.php /usr/bin/php -c neato_php_cli_phar.ini -f compile-phar.php
if [ $? -eq 0 ]; then
echo "Cool -> Created PHAR file!"
else
echo "ERROR: Unable to make PHAR file!"
exit 1
fi
file_to_sign="neatoDeploy.phar"
private_key_file="private.pem"
signature_output_file="neatoDeploy.phar.sig"
# Sign the file
openssl dgst -sha256 -sign "$private_key_file" -out "$signature_output_file" "$file_to_sign"
if [ $? -eq 0 ]; then
echo "Made signature."
else
echo "Unable to make signature!!"
fi
/usr/bin/chmod +x install_neato.sh /usr/bin/chmod +x install_neato.sh
TAR_FILE=neato_deploy.tar.gz TAR_FILE=neato_deploy.tar.gz
/usr/bin/tar -czvf $TAR_FILE install_neato.sh make-sums.sh neatoDeploy.phar neato_deploy_php_cli.ini neato_deploy.sh ../deploy_files/deploy_*.php /usr/bin/tar -czvf $TAR_FILE install_neato.sh make-sums.sh sumfiles.sig neatoDeploy.phar.sig neatoDeploy.phar.pubkey neatoDeploy.phar neato_deploy_php_cli.ini neato_deploy.sh ../deploy_files/deploy_*.php
EXIT_COMMAND="./install_neato.sh" EXIT_COMMAND="./install_neato.sh"
@ -18,4 +62,4 @@ SELF_EXTRACTABLE="$TAR_FILE.self"
/usr/bin/cat $TAR_FILE >> $SELF_EXTRACTABLE /usr/bin/cat $TAR_FILE >> $SELF_EXTRACTABLE
/usr/bin/chmod a+x $SELF_EXTRACTABLE /usr/bin/chmod a+x $SELF_EXTRACTABLE
/usr/bin/mv $SELF_EXTRACTABLE .. /usr/bin/mv $SELF_EXTRACTABLE ..
popd popd || exit 2
Write Preview
Loading…
Cancel
Save