From acdcb6e5b2e86e401f3e1738723a40a5f2b654c5 Mon Sep 17 00:00:00 2001 From: Phil Hagelberg Date: Tue, 12 Aug 2014 11:42:08 -0700 Subject: [PATCH] Don't install insecurely without el-get-allow-insecure. In most cases, we assume any connection is insecure unless the URL starts with "https://", "$USERNAME@", or "ssh". There are a few exceptions: I'm assuming all Emacswiki packages are insecure, and I don't think we can know whether packages installed via Google Go are secure or not. --- el-get-custom.el | 5 +++++ el-get-methods.el | 9 +++++++++ methods/el-get-bzr.el | 3 +++ methods/el-get-cvs.el | 2 ++ methods/el-get-darcs.el | 3 +++ methods/el-get-elpa.el | 2 ++ methods/el-get-emacswiki.el | 1 + methods/el-get-fossil.el | 5 ++++- methods/el-get-git-svn.el | 3 +++ methods/el-get-git.el | 4 ++++ methods/el-get-github.el | 1 + methods/el-get-go.el | 1 + methods/el-get-hg.el | 2 ++ methods/el-get-http.el | 1 + methods/el-get-svn.el | 2 ++ 15 files changed, 43 insertions(+), 1 deletion(-) diff --git a/el-get-custom.el b/el-get-custom.el index db710c0d..54d5ca67 100644 --- a/el-get-custom.el +++ b/el-get-custom.el @@ -613,4 +613,9 @@ platforms where this recipe should apply" ) ,el-get-build-recipe-body)))))) +(defcustom el-get-allow-insecure nil + "Allow packages to be installed over insecure connections." + :group 'el-get + :type 'boolean) + (provide 'el-get-custom) diff --git a/el-get-methods.el b/el-get-methods.el index 646d09fe..2c0f8ee2 100644 --- a/el-get-methods.el +++ b/el-get-methods.el @@ -21,6 +21,15 @@ "methods" (file-name-directory (or load-file-name buffer-file-name)))) +(defun el-get-insecure-check (package url) + (when (and (not el-get-allow-insecure) + (not (string-match "^https://" url)) + (not (string-match "^[-_\.A-Za-z0-9]+@" url)) + (not (string-match "^ssh" url))) + (error (concat "Attempting to clone insecure package " + (el-get-as-string package) + " without `el-get-allow-insecure'.")))) + (require 'el-get-apt-get) (require 'el-get-builtin) (require 'el-get-brew) diff --git a/methods/el-get-bzr.el b/methods/el-get-bzr.el index e063c5c1..31a71530 100644 --- a/methods/el-get-bzr.el +++ b/methods/el-get-bzr.el @@ -26,6 +26,8 @@ (name (format "*bzr branch %s*" package)) (ok (format "Package %s installed" package)) (ko (format "Could not install package %s." package))) + (el-get-insecure-check package url) + (el-get-start-process-list package `((:command-name ,name @@ -44,6 +46,7 @@ (name (format "*bzr pull %s*" package)) (ok (format "Pulled package %s." package)) (ko (format "Could not update package %s." package))) + (el-get-insecure-check package url) (el-get-start-process-list package diff --git a/methods/el-get-cvs.el b/methods/el-get-cvs.el index aa7134cd..410db4ff 100644 --- a/methods/el-get-cvs.el +++ b/methods/el-get-cvs.el @@ -97,6 +97,7 @@ Enable this if you want el-get to honor these settings" (ok (format "Checked out package %s." package)) (ko (format "Could not checkout package %s." package))) + (el-get-insecure-check package url) ;; (message "%S" `(:args ("-d" ,url "checkout" "-d" ,package ,module))) ;; (message "el-get-cvs-checkout: %S" (string= options "login")) @@ -130,6 +131,7 @@ Enable this if you want el-get to honor these settings" (ok (format "Updated package %s." package)) (ko (format "Could not update package %s." package))) + (el-get-insecure-check package url) (el-get-start-process-list package `((:command-name ,name diff --git a/methods/el-get-darcs.el b/methods/el-get-darcs.el index 1b1d940e..669cc161 100644 --- a/methods/el-get-darcs.el +++ b/methods/el-get-darcs.el @@ -27,6 +27,8 @@ (name (format "*darcs get %s*" package)) (ok (format "Package %s installed" package)) (ko (format "Could not install package %s." package))) + (el-get-insecure-check package url) + (el-get-start-process-list package `((:command-name ,name @@ -45,6 +47,7 @@ (name (format "*darcs pull %s*" package)) (ok (format "Pulled package %s." package)) (ko (format "Could not update package %s." package))) + (el-get-insecure-check package url) (el-get-start-process-list package diff --git a/methods/el-get-elpa.el b/methods/el-get-elpa.el index 5a95213e..c61929c5 100644 --- a/methods/el-get-elpa.el +++ b/methods/el-get-elpa.el @@ -139,6 +139,7 @@ the recipe, then return nil." ;; Prepend elpa-repo to `package-archives' for new package.el (package-archives (append (when elpa-repo (list elpa-repo)) (when (boundp 'package-archives) package-archives)))) + (el-get-insecure-check package url) (unless (and elpa-dir (file-directory-p elpa-dir)) ;; package-install does these only for interactive calls @@ -190,6 +191,7 @@ first time.") "Ask elpa to update given PACKAGE." (unless package--initialized (package-initialize t)) + (el-get-insecure-check package url) (when el-get-elpa-do-refresh (package-refresh-contents) (when (eq el-get-elpa-do-refresh 'once) diff --git a/methods/el-get-emacswiki.el b/methods/el-get-emacswiki.el index e913b86e..47691720 100644 --- a/methods/el-get-emacswiki.el +++ b/methods/el-get-emacswiki.el @@ -41,6 +41,7 @@ filename.el ;;; filename.el --- description" (defun el-get-emacswiki-install (package url post-install-fun) "Download a single-file PACKAGE over HTTP from emacswiki." (let ((url (or url (format "%s%s.el" el-get-emacswiki-base-url package)))) + (el-get-insecure-check package "http://insecure") ; insecure even over HTTPS (el-get-http-install package url post-install-fun))) (defun el-get-emacswiki-compute-checksum (package) diff --git a/methods/el-get-fossil.el b/methods/el-get-fossil.el index c57d39ad..bfc6d9d6 100755 --- a/methods/el-get-fossil.el +++ b/methods/el-get-fossil.el @@ -57,6 +57,8 @@ are stored in the package directory" (open-args (list "open" "--nested" (expand-file-name fossil-name fossil-dir) checkout)) (ok (format "Package %s installed." package)) (ko (format "Could not install package %s." package))) + (el-get-insecure-check package url) + (el-get-start-process-list package (list @@ -101,7 +103,8 @@ are stored in the package directory" (update-args (list "update" checkout)) (ok (format "Updated package %s." package)) (ko (format "Could not update package %s." package))) - (message "%s" update-args) + (el-get-insecure-check package url) + (el-get-start-process-list package `((:command-name ,name diff --git a/methods/el-get-git-svn.el b/methods/el-get-git-svn.el index 6941c33f..6e3da51b 100644 --- a/methods/el-get-git-svn.el +++ b/methods/el-get-git-svn.el @@ -30,6 +30,8 @@ (plist-get source :checksum))) (ok (format "Package %s installed." package)) (ko (format "Could not install package %s." package))) + ;; TODO: not sure if it's possible for svn:// URLs to use TLS? + (el-get-insecure-check package url) (el-get-start-process-list package @@ -61,6 +63,7 @@ (r-name (format "*git svn rebase %s*" package)) (r-ok (format "Rebased package %s." package)) (r-ko (format "Could not rebase package %s." package))) + (el-get-insecure-check package url) (el-get-start-process-list package diff --git a/methods/el-get-git.el b/methods/el-get-git.el index 0c981389..7c077e1e 100644 --- a/methods/el-get-git.el +++ b/methods/el-get-git.el @@ -72,6 +72,8 @@ found." (list url pname))) (ok (format "Package %s installed." package)) (ko (format "Could not install package %s." package))) + (el-get-insecure-check package url) + (el-get-start-process-list package (list @@ -117,6 +119,8 @@ found." (pull-args (list "--no-pager" (if checkout "fetch" "pull"))) (ok (format "Pulled package %s." package)) (ko (format "Could not update package %s." package))) + (el-get-insecure-check package url) + (el-get-start-process-list package `((:command-name ,name diff --git a/methods/el-get-github.el b/methods/el-get-github.el index ada7e4df..075e3fbf 100644 --- a/methods/el-get-github.el +++ b/methods/el-get-github.el @@ -80,6 +80,7 @@ USERNAME and REPONAME are strings." (defun el-get-github-clone (package url post-install-fun) "Clone the given package from Github following the URL." + (el-get-insecure-check package url) (el-get-git-clone package (or url (el-get-github-url package)) post-install-fun)) diff --git a/methods/el-get-go.el b/methods/el-get-go.el index aaee78fe..28dd0e97 100644 --- a/methods/el-get-go.el +++ b/methods/el-get-go.el @@ -31,6 +31,7 @@ (name (format "*go get %s*" package)) (ok (format "Package %s installed." package)) (ko (format "Could not install package %s." package))) + ;; TODO: no idea how to check this for insecure connections (unless (file-directory-p pdir) (make-directory pdir)) (setenv "GOPATH" pdir) diff --git a/methods/el-get-hg.el b/methods/el-get-hg.el index f2de5072..786dd0b6 100644 --- a/methods/el-get-hg.el +++ b/methods/el-get-hg.el @@ -35,6 +35,7 @@ (list url pname))) (ok (format "Package %s installed." package)) (ko (format "Could not install package %s." package))) + (el-get-insecure-check package url) (el-get-start-process-list package @@ -59,6 +60,7 @@ (plist-get source :checksum))) (ok (format "Pulled package %s." package)) (ko (format "Could not update package %s." package))) + (el-get-insecure-check package url) (el-get-start-process-list package diff --git a/methods/el-get-http.el b/methods/el-get-http.el index 7aa19457..9f44f329 100644 --- a/methods/el-get-http.el +++ b/methods/el-get-http.el @@ -68,6 +68,7 @@ into the package :localname option or its `file-name-nondirectory' part." (dest (or dest (el-get-http-dest-filename package url)))) (unless (file-directory-p pdir) (make-directory pdir)) + (el-get-insecure-check package url) (if (not el-get-default-process-sync) (url-retrieve url 'el-get-http-retrieve-callback diff --git a/methods/el-get-svn.el b/methods/el-get-svn.el index facc3e00..68220a96 100644 --- a/methods/el-get-svn.el +++ b/methods/el-get-svn.el @@ -36,6 +36,7 @@ (name (format "*svn checkout %s*" package)) (ok (format "Checked out package %s." package)) (ko (format "Could not checkout package %s." package))) + (el-get-insecure-check package url) (el-get-start-process-list package @@ -55,6 +56,7 @@ (name (format "*svn update %s*" package)) (ok (format "Updated package %s." package)) (ko (format "Could not update package %s." package))) + (el-get-insecure-check package url) (el-get-start-process-list package