* Updates:

- Add the router version to the zip file comment in the updater - Add a class to extract the zip file comment - Require the sud version header to match the zip file comment to prevent spoofing of the version number, since the version number in the header is not covered by the sud signature.
2011-06-15 13:30:24 +00:00
parent 89191f4014
commit c655d23815
3 changed files with 226 additions and 42 deletions
--- a/build.xml
+++ b/build.xml
@@ -316,31 +316,11 @@
        <ant dir="apps/susimail/" target="poupdate" />
        <ant dir="apps/desktopgui" target="poupdate" />
    </target>
-    <target name="javadoc">
+
+    <target name="javadoc" depends="getReleaseNumber, getBuildNumber" >
        <ant dir="apps/jetty" target="ensureJettylib" />
        <mkdir dir="./build" />
        <mkdir dir="./build/javadoc" />
-        <!-- get release and build version numbers -->
-        <exec executable="grep" outputproperty="versionLine" >
-            <arg value="public final static String VERSION" />
-	    <arg value="core/java/src/net/i2p/CoreVersion.java" />
-        </exec>
-        <exec executable="cut" inputstring="${versionLine}" outputproperty="release.number" >
-            <arg value="-f2" />
-	    <arg value="-d&quot;" />
-        </exec>
-        <exec executable="grep" outputproperty="buildLine" >
-            <arg value="public final static long BUILD" />
-	    <arg value="router/java/src/net/i2p/router/RouterVersion.java" />
-        </exec>
-        <exec executable="cut" inputstring="${buildLine}" outputproperty="build.temp" >
-            <arg value="-f2" />
-	    <arg value="-d=" />
-        </exec>
-        <exec executable="cut" inputstring="${build.temp}" outputproperty="build.number" >
-            <arg value="-f1" />
-	    <arg value="-d;" />
-        </exec>
        <javadoc access="package" 
            destdir="./build/javadoc" 
            packagenames="*" 
@@ -395,6 +375,34 @@
        <echo message="Warning, javadoc embeds timestamps in the output, run with 'TZ=UTC ant javadoc' if you plan to distribute" />
    </target>

+    <target name="getReleaseNumber" >
+        <exec executable="grep" outputproperty="versionLine" failonerror="true" >
+            <arg value="public final static String VERSION" />
+	    <arg value="core/java/src/net/i2p/CoreVersion.java" />
+        </exec>
+        <exec executable="cut" inputstring="${versionLine}" outputproperty="release.number" failonerror="true" >
+            <arg value="-f2" />
+	    <arg value="-d&quot;" />
+        </exec>
+        <echo message="Release number is ${release.number}" />
+    </target>
+
+    <target name="getBuildNumber" >
+        <exec executable="grep" outputproperty="buildLine" >
+            <arg value="public final static long BUILD" />
+	    <arg value="router/java/src/net/i2p/router/RouterVersion.java" />
+        </exec>
+        <exec executable="cut" inputstring="${buildLine}" outputproperty="build.temp" failonerror="true" >
+            <arg value="-f2" />
+	    <arg value="-d=" />
+        </exec>
+        <exec executable="cut" inputstring="${build.temp}" outputproperty="build.number" failonerror="true" >
+            <arg value="-f1" />
+	    <arg value="-d;" />
+        </exec>
+        <echo message="Build number is ${build.number}" />
+    </target>
+
    <target name="clean" depends="pkgclean" >
        <delete dir="./build" />
        <delete file="i2pinstall.exe" failonerror="false" quiet="true" />	
@@ -704,15 +712,22 @@
    <target name="updaterWithJettyFixesAndGeoIP" depends="prepjupdatefixes, prepgeoupdate, preplicenses, zipit" />
    <target name="updaterSmall" depends="prepupdateSmall, zipit" />
    <target name="updaterRouter" depends="prepupdateRouter, zipit" />
-    <target name="zipit">
-        <zip destfile="i2pupdate.zip" basedir="pkg-temp" whenempty="fail" />
+
+    <target name="zipit" depends="getReleaseNumber" >
+        <!--
+             As of release 0.8.8, the router will enforce a zipfile comment equal to the
+             version number in the sud/su2 header, since the version in the header is NOT
+             covered by the signature.
+         -->
+        <zip destfile="i2pupdate.zip" basedir="pkg-temp" whenempty="fail" comment="${release.number}" />
       <!-- just a test, makes almost no difference
        <tar destfile="i2pupdate.tgz" basedir="pkg-temp" compression="gzip" />
        <tar destfile="i2pupdate.tbz" basedir="pkg-temp" compression="bzip2" />
       -->
    </target>
-    <target name="zipit200">
-        <zip destfile="i2pupdate200.zip" basedir="pkg-temp" whenempty="fail" />
+
+    <target name="zipit200" depends="getReleaseNumber" >
+        <zip destfile="i2pupdate200.zip" basedir="pkg-temp" whenempty="fail" comment="${release.number}" />
    </target>

    <target name="pack200">
@@ -979,9 +994,9 @@
    <!-- this is the same dependency as pkg, but with updater200 in the middle,
         since preppkg puts too much stuff in pkg-temp -->
 <!--
-    <target name="release" depends="distclean, updater, updater200, preppkg, installer" >
+    <target name="release" depends="distclean, updater, updater200, preppkg, installer, getReleaseNumber" >
 -->
-    <target name="release" depends="distclean, updaterWithJettyFixesAndJbigi , updater200WithJettyFixes, preppkg, installer" >
+    <target name="release" depends="distclean, updaterWithJettyFixesAndJbigi , updater200WithJettyFixes, preppkg, installer, getReleaseNumber" >
        <echo message="================================================================" />
        <echo message="Did you update these files?" />
        <exec executable="ls" failonerror="true">
@@ -997,15 +1012,7 @@
            <arg value="st" />
        </exec>
        <echo message="If there are any modified files above, stop now!" />
-        <!-- get release version number -->
-        <exec executable="grep" outputproperty="versionLine" failonerror="true" >
-            <arg value="public final static String VERSION" />
-	    <arg value="core/java/src/net/i2p/CoreVersion.java" />
-        </exec>
-        <exec executable="cut" inputstring="${versionLine}" outputproperty="release.number" failonerror="true" >
-            <arg value="-f2" />
-	    <arg value="-d&quot;" />
-        </exec>
+
        <echo message="New version number is ${release.number}" />
        <copy file="i2pupdate.zip" tofile="i2pupdate_${release.number}.zip" />
        <copy file="i2pinstall.exe" tofile="i2pinstall_${release.number}.exe" />
@@ -1036,6 +1043,13 @@
            <arg value="verifysig" />
            <arg value="i2pupdate.sud" />
        </java>
+        <java classname="net.i2p.crypto.TrustedUpdate" fork="true" failonerror="true">
+            <classpath>
+                <pathelement location="build/i2p.jar" />
+            </classpath>
+            <arg value="verifyversion" />
+            <arg value="i2pupdate.sud" />
+        </java>
        <java classname="net.i2p.crypto.TrustedUpdate" fork="true" failonerror="true">
            <classpath>
                <pathelement location="build/i2p.jar" />
@@ -1062,6 +1076,13 @@
            <arg value="verifysig" />
            <arg value="i2pupdate.su2" />
        </java>
+        <java classname="net.i2p.crypto.TrustedUpdate" fork="true" failonerror="true">
+            <classpath>
+                <pathelement location="build/i2p.jar" />
+            </classpath>
+            <arg value="verifyversion" />
+            <arg value="i2pupdate.su2" />
+        </java>
        <java classname="net.i2p.crypto.TrustedUpdate" fork="true" failonerror="true">
            <classpath>
                <pathelement location="build/i2p.jar" />