The aim of the first patch is to remove VSign signature verification,
which requires additional dependency. It is designed to verify
upstream's binary release and is useless on distributions since
distributions neither creates the same binary(requires replicating
upstream's reproducible build and applying no patching) nor generate its
own signature. The original opengpg signature verification is no longer
useful as we no longer create gpg signatures of our binary(gpg
signatures do not include and verify filename or other context
information in our old signature formats, this would allow an attacker
to swap binaries of different versions).
This file can be simply deleted to remove verify command. (patch 1)
In addition to this, to remove dependency on VSign, executable resource
integrity protection is also removed(patch 3). (This is not only
designed to prevent someone from running that in an unsandboxed
electron, but make sure we won't have merge conflict with the user's own
version of these scripts when we update it. So removing it shouldn't
create too many issues in Debian's case.)
To remove dependency on github.com/jhump/protoreflect, an engineering
feature dynamic protojson loading is removed(not very useful for
end-users)(patch 2). It is used to help users with a customized build of
V2Ray that have configuration elements that cannot be represented by
jsonv4 format, not distribution users.
On 5/5/2022 9:48 pm, Antoine Beaupré wrote:
On 2021-11-12 00:16:38, Alois Micard wrote:
Since Go 1.17 is now the defaults on the archive this package
fails to build.
It could be great to update to upstream 4.43.0 and backport the
following commit [1] in order to make the package build again.
I have tried to upgrade to the latest upstream (4.45) today, and failed
at the first patch because it doesn't apply. I refreshed the other two
patches and I'm waiting to hear from upstream (in CC) how to deal with
the first. I pushed my work to the debian/experimental branch on salsa:
https://salsa.debian.org/go-team/packages/golang-v2ray-core/-/merge_requests/new?merge_request%5Bsource_branch%5D=debian%2Fexperimental
a.
From 6f2fa9d9310a5d4371da7a527dd629c0c052982b Mon Sep 17 00:00:00 2001
From: Shelikhoo <xiaokangw...@outlook.com>
Date: Thu, 5 May 2022 22:31:40 +0100
Subject: [PATCH 1/3] Remove upstream signature verification system
---
infra/control/verify.go | 64 -----------------------------------------
1 file changed, 64 deletions(-)
delete mode 100644 infra/control/verify.go
diff --git a/infra/control/verify.go b/infra/control/verify.go
deleted file mode 100644
index 48bed7f3..00000000
--- a/infra/control/verify.go
+++ /dev/null
@@ -1,64 +0,0 @@
-package control
-
-import (
- "flag"
- "os"
-
- "github.com/v2fly/VSign/signerVerify"
-
- "github.com/v2fly/v2ray-core/v4/common"
-)
-
-type VerifyCommand struct{}
-
-func (c *VerifyCommand) Name() string {
- return "verify"
-}
-
-func (c *VerifyCommand) Description() Description {
- return Description{
- Short: "Verify if a binary is officially signed.",
- Usage: []string{
- "v2ctl verify --sig=<sig-file> file...",
- "Verify the file officially signed by V2Ray.",
- },
- }
-}
-
-func (c *VerifyCommand) Execute(args []string) error {
- fs := flag.NewFlagSet(c.Name(), flag.ContinueOnError)
-
- sigFile := fs.String("sig", "", "Path to the signature file")
-
- if err := fs.Parse(args); err != nil {
- return err
- }
-
- target := fs.Arg(0)
- if target == "" {
- return newError("empty file path.")
- }
-
- if *sigFile == "" {
- return newError("empty signature path.")
- }
-
- sigReader, err := os.Open(os.ExpandEnv(*sigFile))
- if err != nil {
- return newError("failed to open file ", *sigFile).Base(err)
- }
-
- files := fs.Args()
-
- err = signerVerify.OutputAndJudge(signerVerify.CheckSignaturesV2Fly(sigReader, files))
-
- if err == nil {
- return nil
- }
-
- return newError("file is not officially signed by V2Ray").Base(err)
-}
-
-func init() {
- common.Must(RegisterCommand(&VerifyCommand{}))
-}
--
2.34.1
From 431fe1de7e15afd50cffe8c70ed7b0a93e0d03fb Mon Sep 17 00:00:00 2001
From: Shelikhoo <xiaokangw...@outlook.com>
Date: Thu, 5 May 2022 22:38:52 +0100
Subject: [PATCH 2/3] Remove engineering dynamic jsonpb loading function
this functionality provided with stock protobuf library in jsonv5
---
go.mod | 1 -
infra/conf/api.go | 12 ------------
infra/conf/services.go | 30 ------------------------------
infra/conf/v2ray.go | 13 -------------
4 files changed, 56 deletions(-)
delete mode 100644 infra/conf/services.go
diff --git a/go.mod b/go.mod
index ff684538..97a3366e 100644
--- a/go.mod
+++ b/go.mod
@@ -7,7 +7,6 @@ require (
github.com/golang/protobuf v1.5.2
github.com/google/go-cmp v0.5.6
github.com/gorilla/websocket v1.4.2
- github.com/jhump/protoreflect v1.9.0
github.com/lucas-clemente/quic-go v0.27.0
github.com/miekg/dns v1.1.43
github.com/pires/go-proxyproto v0.6.1
diff --git a/infra/conf/api.go b/infra/conf/api.go
index 0749e3db..c6ed685c 100644
--- a/infra/conf/api.go
+++ b/infra/conf/api.go
@@ -3,9 +3,6 @@ package conf
import (
"strings"
- "github.com/jhump/protoreflect/desc"
- "github.com/jhump/protoreflect/dynamic"
-
"github.com/v2fly/v2ray-core/v4/app/commander"
loggerservice "github.com/v2fly/v2ray-core/v4/app/log/command"
observatoryservice "github.com/v2fly/v2ray-core/v4/app/observatory/command"
@@ -38,15 +35,6 @@ func (c *APIConfig) Build() (*commander.Config, error) {
case "observatoryservice":
services = append(services, serial.ToTypedMessage(&observatoryservice.Config{}))
default:
- if !strings.HasPrefix(s, "#") {
- continue
- }
- message, err := desc.LoadMessageDescriptor(s[1:])
- if err != nil || message == nil {
- return nil, newError("Cannot find API", s, "").Base(err)
- }
- serviceConfig := dynamic.NewMessage(message)
- services = append(services, serial.ToTypedMessage(serviceConfig))
}
}
diff --git a/infra/conf/services.go b/infra/conf/services.go
deleted file mode 100644
index 5c0451ee..00000000
--- a/infra/conf/services.go
+++ /dev/null
@@ -1,30 +0,0 @@
-package conf
-
-import (
- "encoding/json"
-
- "github.com/golang/protobuf/jsonpb"
- "github.com/jhump/protoreflect/desc"
- "github.com/jhump/protoreflect/dynamic"
-
- "github.com/v2fly/v2ray-core/v4/common/serial"
-)
-
-func (c *Config) BuildServices(service map[string]*json.RawMessage) ([]*serial.TypedMessage, error) {
- var ret []*serial.TypedMessage
- for k, v := range service {
- message, err := desc.LoadMessageDescriptor(k)
- if err != nil || message == nil {
- return nil, newError("Cannot find service", k, "").Base(err)
- }
-
- serviceConfig := dynamic.NewMessage(message)
-
- if err := serviceConfig.UnmarshalJSONPB(&jsonpb.Unmarshaler{AllowUnknownFields: false}, *v); err != nil {
- return nil, newError("Cannot interpret service configure file", k, "").Base(err)
- }
-
- ret = append(ret, serial.ToTypedMessage(serviceConfig))
- }
- return ret, nil
-}
diff --git a/infra/conf/v2ray.go b/infra/conf/v2ray.go
index 1e99f4bc..defb90e2 100644
--- a/infra/conf/v2ray.go
+++ b/infra/conf/v2ray.go
@@ -589,19 +589,6 @@ func (c *Config) Build() (*core.Config, error) {
config.App = append(config.App, serial.ToTypedMessage(r))
}
- // Load Additional Services that do not have a json translator
-
- if msg, err := c.BuildServices(c.Services); err != nil {
- developererr := newError("Loading a V2Ray Features as a service is intended for developers only. " +
- "This is used for developers to prototype new features or for an advanced client to use special features in V2Ray," +
- " instead of allowing end user to enable it without special tool and knowledge.")
- sb := strings.Builder{}
- return nil, newError("Cannot load service").Base(developererr).Base(err).Base(newError(sb.String()))
- } else { // nolint: golint
- // Using a else here is required to keep msg in scope
- config.App = append(config.App, msg...)
- }
-
var inbounds []InboundDetourConfig
if c.InboundConfig != nil {
--
2.34.1
From 5cc70801f257eda6215385eb25886d4b961c2fe9 Mon Sep 17 00:00:00 2001
From: Shelikhoo <xiaokangw...@outlook.com>
Date: Thu, 5 May 2022 22:57:16 +0100
Subject: [PATCH 3/3] Remove secure load integrity protection on debian
On upstream binary distribution channel, file loaded by V2Ray with the intention to execute will be checked. This ensures attacker cannot replace executable resource. Removing this is necessary to remove dependency on VSign.
---
common/platform/securedload/embedded.go | 9 ------
common/platform/securedload/embeddedhash.go | 34 ++-------------------
go.mod | 1 -
3 files changed, 2 insertions(+), 42 deletions(-)
delete mode 100644 common/platform/securedload/embedded.go
diff --git a/common/platform/securedload/embedded.go b/common/platform/securedload/embedded.go
deleted file mode 100644
index c3417637..00000000
--- a/common/platform/securedload/embedded.go
+++ /dev/null
@@ -1,9 +0,0 @@
-package securedload
-
-const allowedHashes = `SHA256 (!#project==v2fly) = ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
-SHA256 (!#version==embedded) = ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
-SHA256 (subscriptions/subscriptionsDefinition.v2flyTemplate) = 3f165dba7de0d7c506fbdff3275ea64b76f307df435316a3ea0914ee957793ab
-SHA256 (browserforwarder/index.html) = 34f2c573724256421ade769bda18eeac85172bf0aaed00d7b90e41e843a2caef
-SHA256 (browserforwarder/index.js) = cb587a075bb0addcdc0d22c9222a48d2c7004b54935b5021379d3d35dc1f2927
-
-`
diff --git a/common/platform/securedload/embeddedhash.go b/common/platform/securedload/embeddedhash.go
index d39df50b..65543e65 100644
--- a/common/platform/securedload/embeddedhash.go
+++ b/common/platform/securedload/embeddedhash.go
@@ -1,17 +1,9 @@
package securedload
import (
- "bytes"
- "crypto/sha256"
- "encoding/hex"
- "path/filepath"
- "strings"
-
- "github.com/v2fly/VSign/insmgr"
- "github.com/v2fly/VSign/signerVerify"
-
"github.com/v2fly/v2ray-core/v4/common/platform"
"github.com/v2fly/v2ray-core/v4/common/platform/filesystem"
+ "path/filepath"
)
type EmbeddedHashProtectedLoader struct {
@@ -24,27 +16,5 @@ func (e EmbeddedHashProtectedLoader) VerifyAndLoad(filename string) ([]byte, err
if err != nil {
return nil, newError("Cannot find file", filename).Base(err)
}
- fileHash := sha256.Sum256(fileContent)
- fileHashAsString := hex.EncodeToString(fileHash[:])
- if fileNameVerified, ok := e.checkedFile[fileHashAsString]; ok {
- for _, filenameVerifiedIndividual := range strings.Split(fileNameVerified, ";") {
- if strings.HasSuffix(filenameVerifiedIndividual, filename) {
- return fileContent, nil
- }
- }
- }
- return nil, newError("Unrecognized file at ", filename, " can not be loaded for execution")
-}
-
-func NewEmbeddedHashProtectedLoader() *EmbeddedHashProtectedLoader {
- instructions := insmgr.ReadAllIns(bytes.NewReader([]byte(allowedHashes)))
- checkedFile, _, ok := signerVerify.CheckAsClient(instructions, "v2fly", true)
- if !ok {
- panic("Embedded Hash data is invalid")
- }
- return &EmbeddedHashProtectedLoader{checkedFile: checkedFile}
-}
-
-func init() {
- RegisterProtectedLoader("embedded", NewEmbeddedHashProtectedLoader())
+ return fileContent, nil
}
diff --git a/go.mod b/go.mod
index 97a3366e..a34ba6f6 100644
--- a/go.mod
+++ b/go.mod
@@ -13,7 +13,6 @@ require (
github.com/seiflotfy/cuckoofilter v0.0.0-20201222105146-bc6005554a0c
github.com/stretchr/testify v1.7.0
github.com/v2fly/BrowserBridge v0.0.0-20210430233438-0570fc1d7d08
- github.com/v2fly/VSign v0.0.0-20201108000810-e2adc24bf848
github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e
go.starlark.net v0.0.0-20210901212718-87f333178d59
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5
--
2.34.1
