Hello, everyone. I've been working on getting the last couple of parts of the ruleset updating mechanism finished, and just have a couple of questions I was hoping someone more familiar with extension development and the preferred methodology of the project could answer.
So far the updater can fetch the update.json and update.json.sig files and successfully verifies the authenticity of update.json provided a valid signature. All that really remains is to get the extension to download the new rulesets.sqlite file and replace the old one with it. I've discovered two problems with the method of using a simple XMLHttpRequest to fetch the file, replacing the existing file with the new one's contents (after verifying its hash matches the one provided in update.json), and then reinitializing HTTPSRules. The most pressing issue right now is that of the replacement and reinitialization of the rulesets database. The extension cannot replace files in it's own basepath, so I have been working on moving the database file to the extension's user's profile directory. You can see what I've been working on do this in my commits since Commit 44fb14b in my branch at https://github.com/redwire/https-everywhere/commits/rulesetUpdating The other problem is that the binary nature of rulesets.sqlite is problematic for XHRs. When the file was fetched with a simple XHR, the contents terminated after the SQLite version information at the beginning of the file. When I asked in #extdev on mozilla's IRC network, I was told I would have more luck downloading such a file using the Downloads.jsm module, which you can see I started using in this commit: https://github.com/redwire/https-everywhere/commit/92c765861cbf8a31c99507979ddee674b86b1e3d Tomorrow is the "soft pencil's down" date for Google Summer of Code, but the firm end date isn't until the 18th. I've been "flying solo" on this since the second re-occurrence of the signature verification problem, which I overcame, but I want to really do my best to get this as ready to ship as possible before then. Since I haven't had much direction for a while, I would sincerely appreciate it if anyone could suggest any solutions to these last couple problems, alternative approaches, or even just some general guidance so I don't go too far down one road and have things not work out. Thanks, Zack
signature.asc
Description: OpenPGP digital signature
_______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
