Make WordPress Core


Ignore:
Timestamp:
03/21/2019 05:48:46 AM (5 years ago)
Author:
tellyworth
Message:

Upgrade/Install: Add experimental package signing to some updates.

This adds code for soft verification of signatures for theme and plugin installs and updates, when provided by the update server. This experimental version does not reject unverified packages or failed signatures; it simply reports anonymous errors so we can evaluate its feasibility and detect incompatibilities.

This code relies on the new sodium_compat library for PHP versions prior to 7.2.

Props dd32, paragoninitiativeenterprises.
See #39309, #45806.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/class-wp-upgrader.php

    r42787 r44954  
    276276        $this->skin->feedback( 'downloading_package', $package );
    277277
    278         $download_file = download_url( $package );
    279 
    280         if ( is_wp_error( $download_file ) ) {
     278        $download_file = download_url( $package, 300, true );
     279
     280        if ( is_wp_error( $download_file ) && ! $download_file->get_error_data( 'softfail-filename' ) ) {
    281281            return new WP_Error( 'download_failed', $this->strings['download_failed'], $download_file->get_error_message() );
    282282        }
     
    732732         */
    733733        $download = $this->download_package( $options['package'] );
     734
     735        // Allow for signature soft-fail.
     736        // WARNING: This may be removed in the future.
     737        if ( is_wp_error( $download ) && $download->get_error_data( 'softfail-filename' ) ) {
     738            // Outout the failure error as a normal feedback, and not as an error:
     739            $this->skin->feedback( $download->get_error_message() );
     740
     741            // Report this failure back to WordPress.org for debugging purposes.
     742            wp_version_check(
     743                array(
     744                    'signature_failure_code' => $download->get_error_code(),
     745                    'signature_failure_data' => $download->get_error_data(),
     746                )
     747            );
     748
     749            // Pretend this error didn't happen.
     750            $download = $download->get_error_data( 'softfail-filename' );
     751        }
     752
    734753        if ( is_wp_error( $download ) ) {
    735754            $this->skin->error( $download );
Note: See TracChangeset for help on using the changeset viewer.