Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Verify file integrity in chunks #607

Closed
wants to merge 1 commit into from
Closed

feat: Verify file integrity in chunks #607

wants to merge 1 commit into from

Conversation

solracsf
Copy link
Member

@solracsf solracsf commented Feb 26, 2025
edited
Loading

Resolves #598

@solracsf solracsf marked this pull request as ready for review February 26, 2025 14:52
@solracsf solracsf requested a review from Altahrim as a code owner February 26, 2025 14:52
@solracsf solracsf requested a review from come-nc February 26, 2025 14:53
@joshtrichards
Copy link
Member

Note, also see #585 and #505 which #598 appears to be a duplicate of.

joshtrichards
joshtrichards reviewed Feb 26, 2025
View reviewed changes
lib/Updater.php

$signature = base64_decode($response['signature']);

$validSignature = openssl_verify($data, $signature, $certificate, OPENSSL_ALGO_SHA512);
Copy link
Member

@joshtrichards joshtrichards Feb 26, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesn't this chunk the initial read but still populate $data with the entire archive content leading to the same state?

In short, the chunking would only be helpful if openssl_verify itself did it.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah you are right. Using file_get_contents() or a loop that concatenates chunks into a string, ultimately results in the entire file being held in memory at once...

I'm closing this because i've thinked it wrongly, I'll try to provide a better PR later. Thanks 👍

@solracsf solracsf closed this Feb 26, 2025
@solracsf solracsf deleted the verifyIntChunks branch February 26, 2025 17:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joshtrichards joshtrichards joshtrichards left review comments

@Altahrim Altahrim Awaiting requested review from Altahrim Altahrim is a code owner

@come-nc come-nc Awaiting requested review from come-nc

Assignees
No one assigned
Labels
3. to review enhancement feature: integrity Step 5
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Rewrite verifyIntegrity() to work with less memory
2 participants
@solracsf @joshtrichards