summaryrefslogtreecommitdiffstats
path: root/core/register_command.php
Commit message (Collapse)AuthorAgeFilesLines
* CLI commands to check app and core signaturesVictor Dubiniuk2016-02-051-0/+7
|
* Use path instead of app idLukas Reschke2016-01-201-1/+2
| | | | | | This change requires the usage of a path instead of the App ID when signing code. This has the advantage that developers can also sign code under a different location to make it easier. (e.g. remove `.git`, …) Also it adds an example command usage as well as a link to the documentation
* Make it possible to enable apps for groups only via occJoas Schilling2016-01-191-1/+1
|
* Make it possible to disable apps via the console, which are not enabled for ↵Joas Schilling2016-01-191-1/+1
| | | | the current user
* Make sure to list "group enabled" apps as enabledJoas Schilling2016-01-191-1/+1
| | | | also when they are not enabled for the current user
* Add occ commands to manager trusted certificatesRobin Appelman2016-01-131-0/+4
|
* Happy new year!Thomas Müller2016-01-121-2/+4
|
* Add occ command to get app pathVictor Dubiniuk2015-12-091-0/+1
|
* Add code integrity checkLukas Reschke2015-12-011-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository. Furthermore, there is a basic implementation to display problems with the code integrity on the update screen. Code signing basically happens the following way: - There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates. - Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID. - The command generates a signature.json file of the following format: ```json { "hashes": { "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d", "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9" }, "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----", "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl" } ``` `hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`. Steps to do in other PRs, this is already a quite huge one: - Add nag screen in case the code check fails to ensure that administrators are aware of this. - Add code verification also to OCC upgrade and unify display code more. - Add enforced code verification to apps shipped from the appstore with a level of "official" - Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release - Add some developer documentation on how devs can request their own certificate - Check when installing ownCloud - Add support for CRLs to allow revoking certificates **Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature: ``` ➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt Successfully signed "core" ``` Then increase the version and you should see something like the following: ![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png) As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen. For packaging stable releases this requires the following additional steps as a last action before zipping: 1. Run `./occ integrity:sign-core` once 2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
* Always pass in ILoggerThomas Müller2015-10-091-1/+1
|
* deduplicate @xenopathicMorris Jobke2015-10-061-1/+0
|
* update licence headers via scriptMorris Jobke2015-10-051-0/+2
|
* [App Code Check] add check for version and mandatory fieldsMorris Jobke2015-09-241-1/+2
| | | | | * ref #17598 * including unit tests for mandatory fields/versions
* occ script to disable encryption and to decrypt all files againBjoern Schiessle2015-09-151-0/+7
|
* Introduce mimetype DB update occ commandRobin McCorkell2015-09-041-1/+2
|
* Move maintenance:mimetypesjs to sublocation, cleanup codeRobin McCorkell2015-09-011-1/+1
|
* make system root of key storage configurableBjoern Schiessle2015-08-301-0/+17
|
* Merge pull request #18423 from owncloud/occ_encrypt_allBjörn Schießle2015-08-281-0/+1
|\ | | | | occ command line tool to encrypt all files
| * occ tool to encrypt all filesBjoern Schiessle2015-08-261-0/+1
| |
* | Introduce occ command to manage owncloud log backendRobin McCorkell2015-08-191-0/+1
| | | | | | | | log:owncloud can set/display the log filename and log file rotation size
* | Introduce occ command for logging managementRobin McCorkell2015-08-191-0/+2
|/ | | | log:manage can set/display the log backend, log level and log timezone
* [command] single user mode - use config object & add testsMorris Jobke2015-07-091-1/+1
|
* Add commands to get, set and delete app config valuesJoas Schilling2015-07-071-0/+3
|
* Add a command to import an json array into the configJoas Schilling2015-07-071-0/+1
|
* Add a command to delete a system configJoas Schilling2015-07-071-0/+1
|
* Add a command to get a config valueJoas Schilling2015-07-071-0/+1
|
* Add a command to set a system config valueJoas Schilling2015-07-071-0/+1
|
* Add a command to list existing configsJoas Schilling2015-07-071-0/+2
|
* Sort registration of commands alphabeticallyJoas Schilling2015-07-071-13/+17
|
* Javascript mimetype icon resolverRoeland Jago Douma2015-07-061-0/+1
| | | | | | | | | | | | | | | | | This makes it possible to retrieve the icon for mimetypes in javascript. It makes no additional queries to the server to retrieve the mimetype. * config/mimetypealiases.json added * mimetype.js: this is where the logic resides to convert from mimetype to icon url * mimetypelist.js: generated file with a list of mimetype mapping (aliases) and the list of icon files * ./occ maintenance:mimetypesjs : new command for occ to gernerate mimetypes.js * unit tests updated and still work * javascript tests added * theming support * folder of the theme is now present in javascript (OC.theme.folder)
* update license headers and authorsMorris Jobke2015-06-251-0/+1
|
* Merge pull request #16035 from ↵Thomas Müller2015-05-071-1/+1
|\ | | | | | | | | owncloud/issue-15975-occ-encryption-enable-warning-no-module Display a message when there is a problem with the default module
| * Display a message when there is a problem with the default moduleJoas Schilling2015-05-041-1/+1
| |
* | Add an occ command to get the status of encryptionJoas Schilling2015-05-041-0/+1
|/
* Add occ commands to manage the encryption modulesJoas Schilling2015-04-271-0/+4
|
* Unify the output of the user commands and use DIJoas Schilling2015-04-231-4/+4
|
* Adding check command to validate server environment - fixes #15429Thomas Müller2015-04-081-0/+1
|
* Allow app:check-code and l10n:createjs commands when not installedRobin McCorkell2015-04-011-2/+2
|
* Update license headersJenkins for ownCloud2015-03-261-4/+22
|
* Add a console command user:add to create users over the consoleJoas Schilling2015-03-111-0/+1
|
* Allow configuring background job mode from the consoleChristian Kampka2015-03-021-0/+3
|
* Revert "Updating license headers"Morris Jobke2015-02-261-23/+4
| | | | This reverts commit 6a1a4880f0d556fb090f19a5019fec31916f5c36.
* implement command maintenance:installThomas Müller2015-02-231-16/+21
|
* Updating license headersJenkins for ownCloud2015-02-231-5/+23
|
* implement php code checker to detect usage of not allowed private APIs - ↵Thomas Müller2015-02-101-0/+1
| | | | including console command to check local code to be used by developers
* inject and use user manager to delete command instead of using old static ↵Arthur Schiwon2015-01-071-1/+1
| | | | oc_user way
* LDAP User Cleanup: Port from stable7 without further adjustementsArthur Schiwon2014-12-191-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | LDAP User Cleanup background job for user clean up adjust user backend for clean up register background job remove dead code dependency injection make Helper non-static for proper testing check whether it is OK to run clean up job. Do not forget to pass arguments. use correct method to get the config from server methods can be private, proper indirect testing is given no automatic user deletion make limit readable for test purposes make method less complex add first tests let preferences accept limit and offset for getUsersForValue DI via constructor does not work for background jobs after detecting, now we have retrieving deleted users and their details we need this method to be public for now finalize export method, add missing getter clean up namespaces and get rid of unnecessary files helper is not static anymore cleanup according to scrutinizer add cli tool to show deleted users uses are necessary after recent namespace change also remove user from mappings table on deletion add occ command to delete users fix use statement improve output big fixes / improvements PHP doc return true in userExists early for cleaning up deleted users bump version control state and interval with one config.php setting, now ldapUserCleanupInterval. 0 will disable it. enabled by default. improve doc rename cli method to be consistent with others introduce ldapUserCleanupInterval in sample config don't show last login as unix epoche start when no login happend less log output consistent namespace for OfflineUser rename GarbageCollector to DeletedUsersIndex and move it to user subdir fix unit tests add tests for deleteUser more test adjustements Conflicts: apps/user_ldap/ajax/clearMappings.php apps/user_ldap/appinfo/app.php apps/user_ldap/lib/access.php apps/user_ldap/lib/helper.php apps/user_ldap/tests/helper.php core/register_command.php lib/private/preferences.php lib/private/user.php add ldap:check-user to check user existance on the fly Conflicts: apps/user_ldap/lib/helper.php forgotten file PHPdoc fixes, no code change and don't forget to adjust tests
* drop dependency of some commands on old config objectMorris Jobke2014-11-201-3/+3
|
* adding console command to generate javascript translation files based on ↵Thomas Müller2014-10-291-0/+1
| | | | | | existing php translation files read server side translations from json files
* no loner use deprecated class \OC_ConfigThomas Müller2014-09-221-1/+1
|