mirror of
https://github.com/v2fly/v2ray-core.git
synced 2024-09-28 06:46:14 -04:00
added necessary infrastructure
This commit is contained in:
parent
57b4214284
commit
2d778239a3
20
.github/workflows/release.yml
vendored
20
.github/workflows/release.yml
vendored
@ -170,6 +170,12 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
path: build_artifacts
|
path: build_artifacts
|
||||||
|
|
||||||
|
- name: Create extra package
|
||||||
|
run: |
|
||||||
|
pushd ./release/extra/
|
||||||
|
zip -9vr ../../build_artifacts/v2ray-extra.zip .
|
||||||
|
popd
|
||||||
|
|
||||||
- name: Generate shasum
|
- name: Generate shasum
|
||||||
run: |
|
run: |
|
||||||
go get -v github.com/v2fly/V2BuildAssist/v2buildutil
|
go get -v github.com/v2fly/V2BuildAssist/v2buildutil
|
||||||
@ -205,6 +211,11 @@ jobs:
|
|||||||
name: Release.unsigned.dgst
|
name: Release.unsigned.dgst
|
||||||
path: build_artifacts/Release.unsigned.dgst
|
path: build_artifacts/Release.unsigned.dgst
|
||||||
|
|
||||||
|
- uses: actions/upload-artifact@v2
|
||||||
|
with:
|
||||||
|
name: v2ray-extra.zip
|
||||||
|
path: build_artifacts/v2ray-extra.zip
|
||||||
|
|
||||||
- name: Upload Release.unsigned related files
|
- name: Upload Release.unsigned related files
|
||||||
uses: svenstaro/upload-release-action@v2
|
uses: svenstaro/upload-release-action@v2
|
||||||
if: github.event_name == 'release'
|
if: github.event_name == 'release'
|
||||||
@ -213,3 +224,12 @@ jobs:
|
|||||||
file_glob: true
|
file_glob: true
|
||||||
file: build_artifacts/Release.unsigned*
|
file: build_artifacts/Release.unsigned*
|
||||||
tag: ${{ github.ref }}
|
tag: ${{ github.ref }}
|
||||||
|
|
||||||
|
- name: Upload extra package
|
||||||
|
uses: svenstaro/upload-release-action@v2
|
||||||
|
if: github.event_name == 'release'
|
||||||
|
with:
|
||||||
|
repo_token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
file_glob: true
|
||||||
|
file: build_artifacts/v2ray-extra.zip
|
||||||
|
tag: ${{ github.ref }}
|
||||||
|
6
common/platform/securedload/embedded.go
Normal file
6
common/platform/securedload/embedded.go
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
package securedload
|
||||||
|
|
||||||
|
const allowedHashes = `SHA256 (!#project==v2fly) = ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
|
||||||
|
SHA256 (!#version==embedded) = ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
|
||||||
|
SHA256 (subscriptions/subscriptionsDefinition.v2flyTemplate) = 3f165dba7de0d7c506fbdff3275ea64b76f307df435316a3ea0914ee957793ab
|
||||||
|
`
|
47
common/platform/securedload/embeddedhash.go
Normal file
47
common/platform/securedload/embeddedhash.go
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
package securedload
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"crypto/sha256"
|
||||||
|
"encoding/hex"
|
||||||
|
"github.com/v2fly/VSign/insmgr"
|
||||||
|
"github.com/v2fly/VSign/signerVerify"
|
||||||
|
"github.com/v2fly/v2ray-core/v4/common/platform"
|
||||||
|
"github.com/v2fly/v2ray-core/v4/common/platform/filesystem"
|
||||||
|
"strings"
|
||||||
|
)
|
||||||
|
|
||||||
|
type EmbeddedHashProtectedLoader struct {
|
||||||
|
checkedFile map[string]string
|
||||||
|
}
|
||||||
|
|
||||||
|
func (e EmbeddedHashProtectedLoader) VerifyAndLoad(filename string) ([]byte, error) {
|
||||||
|
filecontent, err := filesystem.ReadFile(platform.GetAssetLocation(filename))
|
||||||
|
if err != nil {
|
||||||
|
return nil, newError("Cannot find file", filename).Base(err)
|
||||||
|
}
|
||||||
|
fileHash := sha256.Sum256(filecontent)
|
||||||
|
fileHashAsString := hex.EncodeToString(fileHash[:])
|
||||||
|
if filenameverified, ok := e.checkedFile[fileHashAsString]; ok {
|
||||||
|
for _, filenameVerifiedIndividual := range strings.Split(filenameverified, ";") {
|
||||||
|
if strings.HasSuffix(filenameVerifiedIndividual, filename) {
|
||||||
|
return filecontent, nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
return nil, newError("Unrecognized file at ", filename, " can not be loaded for execution")
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewEmbeddedHashProtectedLoader() *EmbeddedHashProtectedLoader {
|
||||||
|
instructions := insmgr.ReadAllIns(bytes.NewReader([]byte(allowedHashes)))
|
||||||
|
checkedFile, _, ok := signerVerify.CheckAsClient(instructions, "v2fly", true)
|
||||||
|
if !ok {
|
||||||
|
panic("Embedded Hash data is invalid")
|
||||||
|
}
|
||||||
|
return &EmbeddedHashProtectedLoader{checkedFile: checkedFile}
|
||||||
|
}
|
||||||
|
|
||||||
|
func init() {
|
||||||
|
RegisterProtectedLoader("embedded", NewEmbeddedHashProtectedLoader())
|
||||||
|
}
|
9
common/platform/securedload/errors.generated.go
Normal file
9
common/platform/securedload/errors.generated.go
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
package securedload
|
||||||
|
|
||||||
|
import "github.com/v2fly/v2ray-core/v4/common/errors"
|
||||||
|
|
||||||
|
type errPathObjHolder struct{}
|
||||||
|
|
||||||
|
func newError(values ...interface{}) *errors.Error {
|
||||||
|
return errors.New(values...).WithPathObj(errPathObjHolder{})
|
||||||
|
}
|
13
common/platform/securedload/file.go
Normal file
13
common/platform/securedload/file.go
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
package securedload
|
||||||
|
|
||||||
|
func GetAssetSecured(name string) ([]byte, error) {
|
||||||
|
var err error
|
||||||
|
for k, v := range knownProtectedLoader {
|
||||||
|
if loadedData, errLoad := v.VerifyAndLoad(name); errLoad == nil {
|
||||||
|
return loadedData, nil
|
||||||
|
} else {
|
||||||
|
err = newError(k, " is not loading executable file").Base(errLoad)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return nil, err
|
||||||
|
}
|
3
common/platform/securedload/securedload.go
Normal file
3
common/platform/securedload/securedload.go
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
package securedload
|
||||||
|
|
||||||
|
//go:generate go run github.com/v2fly/v2ray-core/v4/common/errors/errorgen
|
14
common/platform/securedload/verify.go
Normal file
14
common/platform/securedload/verify.go
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
package securedload
|
||||||
|
|
||||||
|
type ProtectedLoader interface {
|
||||||
|
VerifyAndLoad(filename string) ([]byte, error)
|
||||||
|
}
|
||||||
|
|
||||||
|
var knownProtectedLoader map[string]ProtectedLoader
|
||||||
|
|
||||||
|
func RegisterProtectedLoader(name string, sv ProtectedLoader) {
|
||||||
|
if knownProtectedLoader == nil {
|
||||||
|
knownProtectedLoader = map[string]ProtectedLoader{}
|
||||||
|
}
|
||||||
|
knownProtectedLoader[name] = sv
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user