diff --git a/manifest b/manifest index c9adbcf..5ca9fdc 100644 --- a/manifest +++ b/manifest @@ -1,2 +1,2 @@ -{"build":166,"description":"optional global immutability","files":{"LICENSES":"f3549d84d66eb53dd4a421a4341d77d3d217c1b117d67e3be8f5211adcda0952","autorun.lua":"d7369c6bfbe4dc6d7acad131eac7a77669c9e09766a421e52885dbe6bf506a79","bin/5rot26.lua":"91b66cd6d4b33081b25c456142dd7efcb894e819e842693c9e1e17ff48872ff5","bin/ccemux.lua":"239476f58835b86bbcac31ce8af3c3acd3d198a55ab9ada78c62fbf358625a98","bin/chronometer.lua":"db5363993a04382145aef7db2fbe262f0bf10697a589e1e2d2f9ce0f87430dd8","bin/kristminer.lua":"7e7f9fe2a6493d584ad6926cda915e02c1c3d800dc209680898ce930d0bb0e6f","bin/livegps.lua":"c3d17d495cda01aa1261e4c4fcd43439b29af422671972117ec34f68e32c5bba","bin/loading.lua":"c85f7aa1765170325155b921c1fceeb62643f552f12d41b529a22af3a67f5a97","bin/potatoflight.lua":"2fbb0b6f8d78728d8cb0ec64af1bc598bd00cb55f202378e7acdb86bba71efd1","bin/potatoplex.lua":"86c9e7597bbe23d7de7e7f1bfc976d0b94dcdf3af9e6c7c6c9b18b98596898c8","bin/relay.lua":"261ae6c220b83506e3326e8f2b091d246baae458ff0d2ee87512be2c4e35a75d","bin/tryhaskell.lua":"07810d85145da65a3e434154c79d5a9d72f2dcbe59c8d6829040fb925df878ec","potatobios.lua":"917f799d7f5d1f9f5e5a1fb445cc63c783a85725021588764791597c54be9588","signing-key.tbl":"b32af5229c23af3bc03d538e42751b26044e404a7b1af064ed89894efe421607","startup":"f17bfb9b4322c4467dc9170d50827f2d75717e5c3125d734f21f3406657917bc","update-key.hex":"8d8afb7a45833bb7d68f929421ad60a211d4d73e0ee03b24dc0106ba1de2e1a0","xlib/00_cbor.lua":"464b075e4f094b8db42506bd4bdaad0db87699ea7fbf80e5b87739b4aa9279af","xlib/01_skynet.lua":"bde95ed86f3108ec56624367deea3e2694c8cfcd9eac220a21bad0b56c8a999b"},"timestamp":1598892967} -{"hash":"4ef034f001bcce35351410f99e81ab44262b359b79e694a9efc619127c9658a1","sig":"778c0e4bf05b89311aff8dd441e561aacce5ddeb188dfb73c2ba16f76d52df7c7498867c63f54dda9436"} \ No newline at end of file +{"build":170,"description":"stack overflow fix for CraftOS-PC - corrected","files":{"LICENSES":"f3549d84d66eb53dd4a421a4341d77d3d217c1b117d67e3be8f5211adcda0952","autorun.lua":"53a7f2b2692bd42a29f8559293447d413e58dc7fee7f2990a007624a62991562","bin/5rot26.lua":"91b66cd6d4b33081b25c456142dd7efcb894e819e842693c9e1e17ff48872ff5","bin/ccemux.lua":"239476f58835b86bbcac31ce8af3c3acd3d198a55ab9ada78c62fbf358625a98","bin/chronometer.lua":"db5363993a04382145aef7db2fbe262f0bf10697a589e1e2d2f9ce0f87430dd8","bin/kristminer.lua":"7e7f9fe2a6493d584ad6926cda915e02c1c3d800dc209680898ce930d0bb0e6f","bin/livegps.lua":"c3d17d495cda01aa1261e4c4fcd43439b29af422671972117ec34f68e32c5bba","bin/loading.lua":"c85f7aa1765170325155b921c1fceeb62643f552f12d41b529a22af3a67f5a97","bin/potatoflight.lua":"2fbb0b6f8d78728d8cb0ec64af1bc598bd00cb55f202378e7acdb86bba71efd1","bin/potatoplex.lua":"86c9e7597bbe23d7de7e7f1bfc976d0b94dcdf3af9e6c7c6c9b18b98596898c8","bin/relay.lua":"261ae6c220b83506e3326e8f2b091d246baae458ff0d2ee87512be2c4e35a75d","bin/tryhaskell.lua":"07810d85145da65a3e434154c79d5a9d72f2dcbe59c8d6829040fb925df878ec","potatobios.lua":"042bcbd6bf50730b6f01fad2f4280e7793f3542a5a5325420e8d098cf2052682","signing-key.tbl":"b32af5229c23af3bc03d538e42751b26044e404a7b1af064ed89894efe421607","startup":"f17bfb9b4322c4467dc9170d50827f2d75717e5c3125d734f21f3406657917bc","update-key.hex":"8d8afb7a45833bb7d68f929421ad60a211d4d73e0ee03b24dc0106ba1de2e1a0","xlib/00_cbor.lua":"464b075e4f094b8db42506bd4bdaad0db87699ea7fbf80e5b87739b4aa9279af","xlib/01_skynet.lua":"bde95ed86f3108ec56624367deea3e2694c8cfcd9eac220a21bad0b56c8a999b"},"timestamp":1599139938} +{"hash":"38483033b4969ebff82a55d6ac62d31da30ee38378cfdcff600980fe54aa8acd","sig":"109588062d87c0e573d85e89f2e73fb27c51e398323f58b7338fa06314ad1b5a687eab78cb9b2793021b"} \ No newline at end of file diff --git a/src/lib/sha256.lua b/src/lib/sha256.lua index 7a73582..7d3844e 100644 --- a/src/lib/sha256.lua +++ b/src/lib/sha256.lua @@ -125,9 +125,17 @@ local function toBytes(t, n) return setmetatable(b, mt) end +local function to_bytes(s) + local out = {} + for i = 1, #s do + out[i] = string.byte(s, i) + end + return out +end + local function digest(data) local data = data or "" - data = type(data) == "table" and {upack(data)} or {tostring(data):byte(1,-1)} + data = type(data) == "table" and {upack(data)} or to_bytes(tostring(data)) data = preprocess(data) local C = {upack(H)} @@ -136,8 +144,8 @@ local function digest(data) end local function hmac(data, key) - local data = type(data) == "table" and {upack(data)} or {tostring(data):byte(1,-1)} - local key = type(key) == "table" and {upack(key)} or {tostring(key):byte(1,-1)} + local data = type(data) == "table" and {upack(data)} or to_bytes(tostring(data)) + local key = type(key) == "table" and {upack(key)} or to_bytes(tostring(key)) local blocksize = 64 diff --git a/src/main.lua b/src/main.lua index c13a3fc..f29b9cb 100644 --- a/src/main.lua +++ b/src/main.lua @@ -644,9 +644,9 @@ function safe_json_serialize(x, prev) elseif t == "boolean" then return tostring(x) elseif x == nil then - return nil + return "null" else - return ("%q"):format(tostring(x)) + return json.encode(tostring(x)) end end @@ -849,7 +849,8 @@ local function download_files(manifest_data, needed_files) local h = assert(http.get(url, nil, true)) local x = h.readAll() h.close() - if manifest_data.files[file] ~= hexize(sha256(x)) then error("hash mismatch on " .. file .. " - " .. url) end + local hexsha = hexize(sha256(x)) + if manifest_data.files[file] ~= hexsha then error(("hash mismatch on %s %s (expected %s, got %s)"):format(file, url, manifest_data.files[file], hexsha)) end fwrite(file, x) count = count + 1 end) @@ -1215,18 +1216,22 @@ local function run_with_sandbox() print("Short hash", potatOS.build) print("Full hash", potatOS.full_build) local mfst = potatOS.registry.get "potatOS.current_manifest" -print("Counter", mfst.build) -print("Built at (local time)", os.date("%Y-%m-%d %X", mfst.timestamp)) -print("Downloaded from", mfst.manifest_URL) -local verified = mfst.verified -if verified == nil then verified = "false [no signature]" -else - if verified == true then verified = "true" +if mfst then + print("Counter", mfst.build) + print("Built at (local time)", os.date("%Y-%m-%d %X", mfst.timestamp)) + print("Downloaded from", mfst.manifest_URL) + local verified = mfst.verified + if verified == nil then verified = "false [no signature]" else - verified = ("false %s"):format(tostring(mfst.verification_error)) + if verified == true then verified = "true" + else + verified = ("false %s"):format(tostring(mfst.verification_error)) + end end + print("Signature verified:", verified) +else + print "Manifest not found in registry. Extended data unavailable." end -print("Signature verified:", verified) ]], ["/rom/programs/id.lua"] = [[ print("ID", os.getComputerID()) diff --git a/src/potatobios.lua b/src/potatobios.lua index b93d577..fc52e61 100644 --- a/src/potatobios.lua +++ b/src/potatobios.lua @@ -209,6 +209,7 @@ This incident has been reported.]], thing, category, category_descriptions[categ end return true end +local check_safe = potatOS.check_safe -- This flag is set... near the end of boot, or something... to enable code safety checking. local boot_done = false @@ -230,7 +231,7 @@ function load(code, file, ...) return function() return ret end end if boot_done then - local ok, replace_with = potatOS.check_safe(code) + local ok, replace_with = check_safe(code) if not ok then return replace_with end end if potatOS.registry.get "potatOS.protocol_epsilon" then @@ -1788,14 +1789,14 @@ if potatOS.registry.get "potatOS.hide_peripherals" then function peripheral.getNames() return {} end end -if potatOS.registry.get "potatOS.immutable_global_scope" then - setmetatable(_G, { __newindex = function(_, x) error(("cannot set _G[%q] - _G is immutable"):format(tostring(x)), 0) end }) -end - if meta then _G.meta = meta.new() end if _G.textutilsprompt then textutils.prompt = _G.textutilsprompt end +if potatOS.registry.get "potatOS.immutable_global_scope" then + setmetatable(_G, { __newindex = function(_, x) error(("cannot set _G[%q] - _G is immutable"):format(tostring(x)), 0) end }) +end + if process then process.spawn(keyboard_shortcuts, "kbsd") if http.websocket then process.spawn(skynet.listen, "skynetd") process.spawn(potatoNET, "systemd-potatod") end