Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-10301

Add optional SHA-1 integrity checks to RAPPS packages



    • Type: New Feature
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Fix Version/s: 0.4.0
    • Component/s: Applications
    • Labels:
    • Environment:

      The one you like best, beach or mountain.


      This adds a new SHA1 key-value to RAPPS DB packages. If the key is present the downloaded file will be hashed down to 160 bits using native functions, and checked against the provided digest. Showing a neat message box explaining why it might be corrupted or altered if the hashes don't match.

      Rationale? Well, now that we grab the RAPPS update package by using HTTPS with pinning suddenly you obtain a trusted platform equivalent to signing. If you pair that with expected hashes then third party mirrors running on spotty HTTP, or being in places like China stop being an issue.

      You don't want to go through the hassle of doing it for all the entries? Cool, they are still optional. Don't add them and they won't be checked.

      • It also fixes some random typos and inconsistent shenanigans in the same files.
      • Also fixes the file size localization problem by switching to locale-aware StrFormatByteSizeW on load and straight numeric bytes in the DB entries.
      • Also makes the TLS pinning message a bit more descriptive and accessible.
      • Also, comes with a Spanish translation.

      Batteries not included. Someone should make a script to auto-generate hashes and file sizes that could double as a dead-link linter.


          Issue Links



              • Assignee:
                ThFabba ThFabba
                Swyter Swyter
              • Votes:
                0 Vote for this issue
                4 Start watching this issue


                • Created: