[HTTPS-Everywhere] [GSoC] Progress Report
Red
redwire at riseup.net
Thu Aug 14 18:43:41 PDT 2014
More excellent news for everyone!
I've just now managed to get completely successful run out of the
ruleset updater! That is to say that it is now downloading the new
ruleset database contents, finding they hash to the correct value (I had
to go out of my way a little to test this manually by printing the
hashed value and comparing it to what openssl gave me after fixing the
bug in my python script I mentioned), and is successfully moving the
downloaded file to a permanent location where it is being loaded by
HTTPSRules.init.
You can see the changes I have made in the last four hours in my commit
history:
https://github.com/redwire/https-everywhere/commits/rulesetUpdating
So I'm proud to say that, with this, my Google Summer of Code project
has ended in success! I've also gone through my code and cleaned up a
little, got rid of my test data and updated the comments so that
`rulesetUpdate.js`, which is where the bulk of my work resides, can
hopefully be easily understood and presented in my final report.
There are a couple of things that need to be done for this code to be
deployed to users of the developmental version of the extension.
The first is the insertion of the public key that can be used to verify
signatures of `update.json` into the following part of my module.
https://github.com/redwire/https-everywhere/blob/rulesetUpdating/src/chrome/content/code/rulesetUpdate.js#L18
The process of creating a signing certificate and signing `update.json`
(note: NOT its digest) is now described in
https://github.com/redwire/https-everywhere/blob/rulesetUpdating/doc/updateJSONSpec.md
The second thing that needs doing (or ignoring, if preferred), is the
inclusion of the error reporting discussed a while ago. The idea was
that the extension should probably ping eff.org in the case that certain
critical parts of the ruleset download/verification process fail. The
details of this task have not been decided and aren't necessary for the
ruleset updater to function properly, but there are some TODOs in a
couple places that could be replaced or removed.
The third is that real URLs from which `update.json` and
`update.json.sig` files can be fetched need to be set in the preferences
of the extension at
https://github.com/redwire/https-everywhere/blob/rulesetUpdating/src/defaults/preferences/preferences.js#L22
My hope is that my code can be merged into master now, have these few
remaining details filled out by whoever is in the position to do so
(Jacob, I'm guessing?), and be functioning fine in the development
branch. With that, I will be creating a pull request for my fork's
master branch, which has just been updated with the upstream master
branch and had my rulesetUpdating branch merged into it.
In closing, I want to say thanks to everyone for their support this
Summer. I feel as though I have learned a great deal, struggled with
some interesting (and some frustrating!) challenges, learned a great
deal about developing security-critical software, and improved as a
developer overall.
All the best,
Zack
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 276 bytes
Desc: OpenPGP digital signature
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20140814/98982684/attachment.sig>
More information about the HTTPS-Everywhere
mailing list