From 05c9ae939002aaff98bf333594e4483f395c2fb3 Mon Sep 17 00:00:00 2001 From: "Tux3 / Mlkj / !Lev.uXFMLA" Date: Thu, 13 Nov 2014 14:09:35 +0100 Subject: [PATCH] Auto-updater: Check timestamps before updating Update the version file format to 2, breaks backward compatibility. --- src/autoupdate.cpp | 30 ++++++++++++++++++------------ src/autoupdate.h | 10 ++++++++-- tools/update-server/genversion.sh | 4 ++-- tools/update-server/version | 1 + 4 files changed, 29 insertions(+), 16 deletions(-) create mode 100644 tools/update-server/version diff --git a/src/autoupdate.cpp b/src/autoupdate.cpp index 185a83bb7..688deb084 100644 --- a/src/autoupdate.cpp +++ b/src/autoupdate.cpp @@ -68,20 +68,22 @@ const QString AutoUpdater::filesURI = AutoUpdater::updateServer+"/qtox/"+AutoUpd bool AutoUpdater::isUpdateAvailable() { - QString newVersion = getUpdateVersion(); - if (newVersion.isEmpty() || newVersion == GIT_VERSION) + VersionInfo newVersion = getUpdateVersion(); + if (newVersion.timestamp <= TIMESTAMP + || newVersion.versionString.isEmpty() || newVersion.versionString == GIT_VERSION) return false; else return true; } -QString AutoUpdater::getUpdateVersion() +AutoUpdater::VersionInfo AutoUpdater::getUpdateVersion() { - QString version; + VersionInfo versionInfo; + versionInfo.timestamp = 0; // Updates only for supported platforms if (platform.isEmpty()) - return version; + return versionInfo; QNetworkAccessManager *manager = new QNetworkAccessManager; QNetworkReply* reply = manager->get(QNetworkRequest(QUrl(checkURI))); @@ -93,20 +95,20 @@ QString AutoUpdater::getUpdateVersion() qWarning() << "AutoUpdater: getUpdateVersion: network error: "<errorString(); reply->deleteLater(); manager->deleteLater(); - return version; + return versionInfo; } QByteArray data = reply->readAll(); reply->deleteLater(); manager->deleteLater(); if (data.size() < (int)(1+crypto_sign_BYTES)) - return version; + return versionInfo; // Check updater protocol version - if ((int)data[0] != '1') + if ((int)data[0] != '2') { qWarning() << "AutoUpdater: getUpdateVersion: Bad version "<<(uint8_t)data[0]; - return version; + return versionInfo; } // Check the signature @@ -118,12 +120,16 @@ QString AutoUpdater::getUpdateVersion() if (crypto_sign_verify_detached(sig, msg, msgData.size(), key) != 0) { qCritical() << "AutoUpdater: getUpdateVersion: RECEIVED FORGED VERSION FILE FROM "< AutoUpdater::parseFlist(QByteArray flistData) diff --git a/src/autoupdate.h b/src/autoupdate.h index c685a88d1..346d9a787 100644 --- a/src/autoupdate.h +++ b/src/autoupdate.h @@ -58,6 +58,12 @@ public: QByteArray data; }; + struct VersionInfo + { + uint64_t timestamp; + QString versionString; + }; + public: /// Connects to the qTox update server, if an updat is found shows a dialog to the user asking to download it /// Runs asynchronously in its own thread, and will return immediatly @@ -66,9 +72,9 @@ public: /// Connects to the qTox update server, returns true if an update is available for download /// Will call getUpdateVersion, and as such may block and processEvents static bool isUpdateAvailable(); - /// Fetch the version string of the last update available from the qTox update server + /// Fetch the version info of the last update available from the qTox update server /// Will try to follow qTox's proxy settings, may block and processEvents - static QString getUpdateVersion(); + static VersionInfo getUpdateVersion(); /// Will try to download an update, if successful returns true and qTox will apply it after a restart /// Will try to follow qTox's proxy settings, may block and processEvents static bool downloadUpdate(); diff --git a/tools/update-server/genversion.sh b/tools/update-server/genversion.sh index 61db4e354..2c34e9641 100644 --- a/tools/update-server/genversion.sh +++ b/tools/update-server/genversion.sh @@ -1,4 +1,4 @@ #!/bin/bash -echo -n 1 > version -./qtox-updater-sign $1 >> version +echo -n 2 > version +./qtox-updater-sign `date +%s`!$1 >> version diff --git a/tools/update-server/version b/tools/update-server/version new file mode 100644 index 000000000..d8263ee98 --- /dev/null +++ b/tools/update-server/version @@ -0,0 +1 @@ +2 \ No newline at end of file