Merge pull request #22111 from owncloud/use-intermediate-certificate

Use intermediate root authority + sign other release channels

2 files changed, 21 insertions, 10 deletions

diff --git a/lib/private/integritycheck/checker.php b/lib/private/integritycheck/checker.php
index c256fe66d32..e6f9f9a1457 100644
--- a/lib/private/integritycheck/checker.php
+++ b/lib/private/integritycheck/checker.php
@@ -90,6 +90,8 @@ class Checker {
 		// FIXME: Once the signing server is instructed to sign daily, beta and
 		// RCs as well these need to be included also.
 		$signedChannels = [
+			'daily',
+			'testing',
 			'stable',
 		];
 		if(!in_array($this->environmentHelper->getChannel(), $signedChannels, true)) {
@@ -113,16 +115,22 @@ class Checker {
 	 * Enumerates all files belonging to the folder. Sensible defaults are excluded.
 	 *
 	 * @param string $folderToIterate
+	 * @param string $root
 	 * @return \RecursiveIteratorIterator
 	 * @throws \Exception
 	 */
-	private function getFolderIterator($folderToIterate) {
+	private function getFolderIterator($folderToIterate, $root = '') {
 		$dirItr = new \RecursiveDirectoryIterator(
 			$folderToIterate,
 			\RecursiveDirectoryIterator::SKIP_DOTS
 		);
+		if($root === '') {
+			$root = \OC::$SERVERROOT;
+		}
+		$root = rtrim($root, '/');
+
 		$excludeGenericFilesIterator = new ExcludeFileByNameFilterIterator($dirItr);
-		$excludeFoldersIterator = new ExcludeFoldersByPathFilterIterator($excludeGenericFilesIterator);
+		$excludeFoldersIterator = new ExcludeFoldersByPathFilterIterator($excludeGenericFilesIterator, $root);
 
 		return new \RecursiveIteratorIterator(
 			$excludeFoldersIterator,
@@ -234,14 +242,16 @@ class Checker {
 	 *
 	 * @param X509 $certificate
 	 * @param RSA $rsa
+	 * @param string $path
 	 */
 	public function writeCoreSignature(X509 $certificate,
-									   RSA $rsa) {
-		$iterator = $this->getFolderIterator($this->environmentHelper->getServerRoot());
-		$hashes = $this->generateHashes($iterator, $this->environmentHelper->getServerRoot());
+									   RSA $rsa,
+									   $path) {
+		$iterator = $this->getFolderIterator($path, $path);
+		$hashes = $this->generateHashes($iterator, $path);
 		$signatureData = $this->createSignatureData($hashes, $certificate, $rsa);
 		$this->fileAccessHelper->file_put_contents(
-				$this->environmentHelper->getServerRoot() . '/core/signature.json',
+				$path . '/core/signature.json',
 				json_encode($signatureData, JSON_PRETTY_PRINT)
 		);
 	}
diff --git a/lib/private/integritycheck/iterator/excludefoldersbypathfilteriterator.php b/lib/private/integritycheck/iterator/excludefoldersbypathfilteriterator.php
index c3994197fc6..67bcd423b68 100644
--- a/lib/private/integritycheck/iterator/excludefoldersbypathfilteriterator.php
+++ b/lib/private/integritycheck/iterator/excludefoldersbypathfilteriterator.php
@@ -24,7 +24,7 @@ namespace OC\IntegrityCheck\Iterator;
 class ExcludeFoldersByPathFilterIterator extends \RecursiveFilterIterator {
 	private $excludedFolders = [];
 
-	public function __construct(\RecursiveIterator $iterator) {
+	public function __construct(\RecursiveIterator $iterator, $root = '') {
 		parent::__construct($iterator);
 
 		$appFolders = \OC::$APPSROOTS;
@@ -33,9 +33,10 @@ class ExcludeFoldersByPathFilterIterator extends \RecursiveFilterIterator {
 		}
 
 		$this->excludedFolders = array_merge([
-			rtrim(\OC::$server->getConfig()->getSystemValue('datadirectory', \OC::$SERVERROOT . '/data'), '/'),
-			rtrim(\OC::$SERVERROOT.'/themes', '/'),
-			rtrim(\OC::$SERVERROOT.'/config', '/'),
+			rtrim($root . '/data', '/'),
+			rtrim($root .'/themes', '/'),
+			rtrim($root.'/config', '/'),
+			rtrim($root.'/apps', '/'),
 		], $appFolders);
 	}