Skip to content

@damianb /gist:1242961
Created

Embed URL

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
logic for refactored whitefire (extends emberlabs/materia) - loading phar addons
on load:
- compare hardcoded signature file in code to signatures.phar pubkey against before using signatures file
- identify user-supplied signature files
( new addons are dropped into a temporary dir for verification )
for addons being loaded from temporary dir:
if no pubkey file for phar:
if loading with LOAD_PARANOID:
- refuse to load addon
if loading with LOAD_WARY:
- warn about unsigned phar
if loading with LOAD_BLIND:
- move to loadable directory
- check pubkey file for phar (if any) against signatures phar
if present:
- move phar+pubkey to loadable directory
if not present:
- check extended signatures, see if it is defined in user-supplied signature files
if present:
if loading with LOAD_WARY or LOAD_PARANOID:
- warn about nonstandard signature somehow
- move to loadable directory
if loading with LOAD_BLIND:
- move to loadable directory
if not present:
- refuse to load addon
for addons being loaded from clean phar dir (those that have been verified previously):
- just load the damn thing
if signature is valid:
- use the code
if signature is invalid:
- go batshit insane, panic, OH GOD SOMETHING IS WRONG WHAT DID YOU DO etc. etc.
for addons being loaded from includes dir (NOT phars):
if loading with LOAD_PARANOID:
- refuse to load addon
if loading with LOAD_WARY:
- warn about includes loading, unsigned code
- use the code
if loading with LOAD_BLIND:
- use the code
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.