More excellent news for everyone! I've just now managed to get completely successful run out of the ruleset updater! That is to say that it is now downloading the new ruleset database contents, finding they hash to the correct value (I had to go out of my way a little to test this manually by printing the hashed value and comparing it to what openssl gave me after fixing the bug in my python script I mentioned), and is successfully moving the downloaded file to a permanent location where it is being loaded by HTTPSRules.init.
You can see the changes I have made in the last four hours in my commit history: https://github.com/redwire/https-everywhere/commits/rulesetUpdating So I'm proud to say that, with this, my Google Summer of Code project has ended in success! I've also gone through my code and cleaned up a little, got rid of my test data and updated the comments so that `rulesetUpdate.js`, which is where the bulk of my work resides, can hopefully be easily understood and presented in my final report. There are a couple of things that need to be done for this code to be deployed to users of the developmental version of the extension. The first is the insertion of the public key that can be used to verify signatures of `update.json` into the following part of my module. https://github.com/redwire/https-everywhere/blob/rulesetUpdating/src/chrome/content/code/rulesetUpdate.js#L18 The process of creating a signing certificate and signing `update.json` (note: NOT its digest) is now described in https://github.com/redwire/https-everywhere/blob/rulesetUpdating/doc/updateJSONSpec.md The second thing that needs doing (or ignoring, if preferred), is the inclusion of the error reporting discussed a while ago. The idea was that the extension should probably ping eff.org in the case that certain critical parts of the ruleset download/verification process fail. The details of this task have not been decided and aren't necessary for the ruleset updater to function properly, but there are some TODOs in a couple places that could be replaced or removed. The third is that real URLs from which `update.json` and `update.json.sig` files can be fetched need to be set in the preferences of the extension at https://github.com/redwire/https-everywhere/blob/rulesetUpdating/src/defaults/preferences/preferences.js#L22 My hope is that my code can be merged into master now, have these few remaining details filled out by whoever is in the position to do so (Jacob, I'm guessing?), and be functioning fine in the development branch. With that, I will be creating a pull request for my fork's master branch, which has just been updated with the upstream master branch and had my rulesetUpdating branch merged into it. In closing, I want to say thanks to everyone for their support this Summer. I feel as though I have learned a great deal, struggled with some interesting (and some frustrating!) challenges, learned a great deal about developing security-critical software, and improved as a developer overall. All the best, Zack
signature.asc
Description: OpenPGP digital signature
_______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
