public/dropshell
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Update 2 files
All checks were successful
Build-Test-Publish / build (linux/amd64) (push) Successful in 41s
Details
Build-Test-Publish / build (linux/arm64) (push) Successful in 1m15s
Details

Browse Source
This commit is contained in:
Your Name
2025-09-01 21:10:16 +12:00
parent 622ea5d83d
commit 01db396d2e
2 changed files with 41 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
source/src/services.cpp
View File

@@ -139,6 +139,8 @@ namespace dropshell
{ // determine if the service template hash matches the template hash.
auto it = variables.find("TEMPLATE_HASH");
service.service_template_hash_match = false;
if (it == variables.end())
error << "Variable TEMPLATE_HASH not found in the service " << filenames::template_info_env << " for "<<server_name << " - "<< service.template_name << std::endl;
else if (tinfo.is_set())
@@ -148,12 +150,12 @@ namespace dropshell
if (!template_hash_str.empty())
service_template_hash = std::stoull(template_hash_str);
service.service_template_hash_match = (service_template_hash == tinfo.hash());
//debug << "Service template hash: " << service_template_hash << " == " << tinfo.hash() << std::endl;
debug << "Service template hash: " << service_template_hash << " == " << tinfo.hash() << std::endl;
}
else
{
// Template not available yet, can't check hash
service.service_template_hash_match = false;
debug << "Couldn't check template hash as the template info is not available (yet?)" << std::endl;
}
}

41
source/src/templates.cpp
View File

@@ -303,6 +303,40 @@
// Clean up the .tgz file
std::filesystem::remove(temp_tgz);
// Calculate actual hash of extracted template
uint64_t actual_hash = hash_directory_recursive(template_cache_dir.string());
// Verify the extracted template hash matches what registry claimed
if (!registry_hash.empty()) {
// Convert registry hash string to uint64_t for comparison
uint64_t expected_hash = 0;
try {
expected_hash = std::stoull(registry_hash);
} catch (const std::exception& e) {
error << "Invalid hash format from registry: " << registry_hash << std::endl;
std::filesystem::remove_all(template_cache_dir);
return template_info();
}
// Compare hashes
if (actual_hash != expected_hash) {
error << "Template hash verification failed!" << std::endl;
error << "Expected hash: " << expected_hash << std::endl;
error << "Actual hash: " << actual_hash << std::endl;
error << "The downloaded template '" << template_name << "' may be corrupted or tampered with." << std::endl;
// Remove the corrupted template
std::filesystem::remove_all(template_cache_dir);
return template_info();
}
debug << "Template hash verified successfully: " << actual_hash << std::endl;
} else {
warning << "Registry did not provide hash for template '" << template_name << "' - calculating hash for future verification" << std::endl;
// Use the calculated hash for future comparisons
registry_hash = std::to_string(actual_hash);
}
// Generate .template_info.env if it doesn't exist
std::filesystem::path template_info_env_path = template_cache_dir / "config" / filenames::template_info_env;
if (!std::filesystem::exists(template_info_env_path)) {
@@ -316,9 +350,8 @@
info_file << "TEMPLATE_SOURCE=registry" << std::endl;
info_file << "TEMPLATE_REGISTRY=" << mRegistry.name << std::endl;
info_file << "TEMPLATE_VERSION=" << registry_version << std::endl;
if (!registry_hash.empty()) {
info_file << "TEMPLATE_HASH=" << registry_hash << std::endl;
}
// Always write the actual calculated hash
info_file << "TEMPLATE_HASH=" << actual_hash << std::endl;
info_file.close();
}
@@ -326,7 +359,7 @@
nlohmann::json cache_json;
cache_json["template"] = template_name;
cache_json["version"] = registry_version;
cache_json["hash"] = registry_hash;
cache_json["hash"] = std::to_string(actual_hash); // Store actual calculated hash
cache_json["registry"] = mRegistry.name;
cache_json["last_updated"] = std::chrono::system_clock::to_time_t(std::chrono::system_clock::now());