Created
September 26, 2011 18:24
-
-
Save katanacrimson/1242961 to your computer and use it in GitHub Desktop.
logic for refactored whitefire (extends emberlabs/materia) - loading phar addons
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on load: | |
- compare hardcoded signature file in code to signatures.phar pubkey against before using signatures file | |
- identify user-supplied signature files | |
( new addons are dropped into a temporary dir for verification ) | |
for addons being loaded from temporary dir: | |
if no pubkey file for phar: | |
if loading with LOAD_PARANOID: | |
- refuse to load addon | |
if loading with LOAD_WARY: | |
- warn about unsigned phar | |
if loading with LOAD_BLIND: | |
- move to loadable directory | |
- check pubkey file for phar (if any) against signatures phar | |
if present: | |
- move phar+pubkey to loadable directory | |
if not present: | |
- check extended signatures, see if it is defined in user-supplied signature files | |
if present: | |
if loading with LOAD_WARY or LOAD_PARANOID: | |
- warn about nonstandard signature somehow | |
- move to loadable directory | |
if loading with LOAD_BLIND: | |
- move to loadable directory | |
if not present: | |
- refuse to load addon | |
for addons being loaded from clean phar dir (those that have been verified previously): | |
- just load the damn thing | |
if signature is valid: | |
- use the code | |
if signature is invalid: | |
- go batshit insane, panic, OH GOD SOMETHING IS WRONG WHAT DID YOU DO etc. etc. | |
for addons being loaded from includes dir (NOT phars): | |
if loading with LOAD_PARANOID: | |
- refuse to load addon | |
if loading with LOAD_WARY: | |
- warn about includes loading, unsigned code | |
- use the code | |
if loading with LOAD_BLIND: | |
- use the code |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment