Update QDK to https://github.com/qnap-dev/QDK/archive/refs/tags/v2.3.…

…11.zip
rednoah · May 8, 2021 · 960b521 · 960b521
1 parent f7f0c26
commit 960b521
Show file tree

Hide file tree

Showing 31 changed files with 74 additions and 36 deletions.
diff --git a/QDK/README.md b/QDK/README.md
@@ -3,7 +3,7 @@ The project is fork qnap SDK 2.2.4
 
 # QDK Download Link:
 
-https://download.qnap.com/QPKG/QDK/QDK_2.3.10.zip
+https://download.qnap.com/QPKG/QDK/QDK_2.3.11.zip
 
 # QPKG Development Guidelines
 ----------------------------------
@@ -39,7 +39,7 @@ https://github.com/fcwu/docker-qdk2
 
 https://github.com/qeek-dev/create-dpkg
 
-# How to install QDK in Ubuntu
+# How to install QDK on Ubuntu
 
 ```
 sudo ./InstallToUbuntu.sh install
@@ -55,6 +55,13 @@ https://www.gitbook.com/book/edhongcy/qdk-quick-start-guide/details
 
 # Update new feature
 
+2.3.11
+
+    -Force to use codesigning.qnap.com:5001 instead of 172.17.21.68:5000
+    -Add preliminary support for newer code signing mechanism for 3rd party qpkg
+    -Fix one minor bug while handling anti-tampering error
+    -Fix qpkg install failed keep file in nas
+
 2.3.10
 
     -Support 3rd party self signed mechanism

diff --git a/QDK/icons/QDK.gif b/QDK/icons/QDK.gif
diff --git a/QDK/icons/QDK_80.gif b/QDK/icons/QDK_80.gif
diff --git a/QDK/icons/QDK_gray.gif b/QDK/icons/QDK_gray.gif
diff --git a/QDK/package_routines b/QDK/package_routines
diff --git a/QDK/qpkg.cfg b/QDK/qpkg.cfg
@@ -1,10 +1,8 @@
 QPKG_NAME="QDK"
-QPKG_VER="2.3.10"
+QPKG_VER="2.3.11"
 QPKG_AUTHOR="micke"
 QPKG_LICENSE="GPLv2+"
 QPKG_SUMMARY="QDK (QPKG Development Kit) is used to create QPKG packages."
 
 QPKG_SERVICE_PROGRAM="qdk"
 QPKG_RC_NUM="181"
-
-#QPKG_CONFIG="/etc/config/qdk.conf"
diff --git a/QDK/shared/bin/qbuild b/QDK/shared/bin/qbuild
@@ -521,9 +521,14 @@ do_code_signing(){
 	fi
 	[ -z "$QNAP_CODE_SIGNING_SERVER_IP" ] && QNAP_CODE_SIGNING_SERVER_IP=$DEFAULT_QNAP_CODE_SIGNING_SERVER_IP
 	[ -z "$QNAP_CODE_SIGNING_SERVER_PORT" ] && QNAP_CODE_SIGNING_SERVER_PORT=$DEFAULT_QNAP_CODE_SIGNING_SERVER_PORT
-	$CS_PYTHON "${QDK_SCRIPTS_DIR}/codesigning_qpkg.py" cwd="`pwd`" buildpath=$build_dir csv="${QNAP_CODE_SIGNING_CSV}" server=${QNAP_CODE_SIGNING_SERVER_IP}:${QNAP_CODE_SIGNING_SERVER_PORT} >code_signing.log 2>&1
-	if [ $? != 0 ]; then
-		err_msg "$QDK_QPKG_FILE: Failed to add anti-tamper support"
+	if [ "$QNAP_CODE_SIGNING_SERVER_IP" = "172.17.21.68" ]; then
+		msg "$QPKG_NAME: Do not used 172.17.21.68:5000 anymore. Please use codesigning.qnap.com.tw:5001. You also need to check the DNS setting on your build environment so that codesigning.qnap.com.tw can be resolved properly"
+		QNAP_CODE_SIGNING_SERVER_IP="codesigning.qnap.com.tw"
+		QNAP_CODE_SIGNING_SERVER_PORT="5001"
+	fi
+	$CS_PYTHON "${QDK_SCRIPTS_DIR}/codesigning_qpkg.py" cwd="`pwd`" buildpath=$build_dir csv="${QNAP_CODE_SIGNING_CSV}" server=${QNAP_CODE_SIGNING_SERVER_IP}:${QNAP_CODE_SIGNING_SERVER_PORT} 2>&1 | tee -a code_signing.log
+	if [ ${PIPESTATUS[0]} != 0 ]; then
+		err_msg "$QPKG_NAME: Failed to add anti-tamper support"
 	fi
 }
 
@@ -734,13 +739,11 @@ add_qpkg_header(){
 			else
 				if [ -x "/usr/local/sbin/notify" ]; then
 					/usr/local/sbin/notify send -A A039 -C C001 -M 50 -l error -t 3 "[{0}] {1} install failed due to QTS application install volume not found." "$PREFIX" "$QPKG_DISPLAY_NAME"
-					set_progress_fail
-					exit
+					echo -1 > /tmp/update_process && exit 1
 				else
 					$log_tool "[$PREFIX] Failed to install $QPKG_DISPLAY_NAME. The selected installation volume is missing."
-					set_progress_fail
 				fi
-				exit
+				echo -1 > /tmp/update_process && exit 1
 			fi
 		fi
 		return 0
@@ -752,13 +755,11 @@ add_qpkg_header(){
 		else
 			if [ -x "/usr/local/sbin/notify" ]; then
 				/usr/local/sbin/notify send -A A039 -C C001 -M 50 -l error -t 3 "[{0}] {1} install failed due to QTS application install volume not found." "$PREFIX" "$QPKG_DISPLAY_NAME"
-				set_progress_fail
-				exit
+				echo -1 > /tmp/update_process && exit 1
 			else
 				$log_tool "[$PREFIX] Failed to install $QPKG_DISPLAY_NAME. The selected installation volume is missing."
-				set_progress_fail
 			fi
-			exit
+			echo -1 > /tmp/update_process && exit 1
 		fi
 	fi
 	}
@@ -768,15 +769,13 @@ add_qpkg_header(){
 		/bin/cat >>$QDK_QPKG_FILE <<-EOF
 		wrong_arch(){
 			if [ -x "/usr/local/sbin/notify" ]; then
-				/usr/local/sbin/notify send -A A039 -C C001 -M 51 -l error -t 3 "[{0}] {1} {2} install failed due to the platform is imcompatable. Please use correct package for installation." "$PREFIX" "$QPKG_DISPLAY_NAME" "$QPKG_VER"
-				set_progress_fail
-				exit
+				/usr/local/sbin/notify send -A A039 -C C001 -M 51 -l error -t 3 "[{0}] {1} {2} install failed due to the platform is incompatible. Please use correct package for installation." "$PREFIX" "$QPKG_DISPLAY_NAME" "$QPKG_VER"
+				echo -1 > /tmp/update_process && exit 1
 			else
 				local wrong_arch_msg="$wrong_arch"
 				echo "Installation Abort." && echo "\$wrong_arch_msg"
 				$log_tool "[$PREFIX] Failed to install $QPKG_DISPLAY_NAME $QPKG_VER. Installation package is incompatible. Use the correct package."
-				set_progress_fail
-				echo -1 > /tmp/update_process && exit
+				echo -1 > /tmp/update_process && exit 1
 			fi
 		}
 		arch_ok(){
@@ -922,6 +921,11 @@ add_qpkg_signature(){
 		verbose_msg "Connecting to code signing server to create digital signature..."
 		[ -z "$QNAP_CODE_SIGNING_SERVER_IP" ] && QNAP_CODE_SIGNING_SERVER_IP=$DEFAULT_QNAP_CODE_SIGNING_SERVER_IP
 		[ -z "$QNAP_CODE_SIGNING_SERVER_PORT" ] && QNAP_CODE_SIGNING_SERVER_PORT=$DEFAULT_QNAP_CODE_SIGNING_SERVER_PORT
+		if [ "$QNAP_CODE_SIGNING_SERVER_IP" = "172.17.21.68" ]; then
+			msg "$QPKG_NAME: Do not used 172.17.21.68:5000 anymore. Please use codesigning.qnap.com.tw:5001. You also need to check the DNS setting on your build environment so that codesigning.qnap.com.tw can be resolved properly"
+			QNAP_CODE_SIGNING_SERVER_IP="codesigning.qnap.com.tw"
+			QNAP_CODE_SIGNING_SERVER_PORT="5001"
+		fi
 		openssl dgst -sha1 -binary "${QDK_QPKG_FILE}" > "${QDK_QPKG_FILE}.sha"
 		$CS_PYTHON "${QDK_SCRIPTS_DIR}/codesigning_qpkg_cms.py" \
 			cwd="`pwd`" server=${QNAP_CODE_SIGNING_SERVER_IP}:${QNAP_CODE_SIGNING_SERVER_PORT} \
@@ -951,8 +955,14 @@ add_qpkg_signature(){
 		elif [ "$DO_CODE_SIGNING_OFFLINE" = "TRUE" ]; then
 			verbose_msg "Creating code signing digital signature..."
 			openssl dgst -sha1 -binary "${QDK_QPKG_FILE}" > "${QDK_QPKG_FILE}.sha"
-			openssl cms -sign -in "${QDK_QPKG_FILE}.sha" -binary -nodetach -out "${QDK_QPKG_FILE}.msg" \
-				-signer certificate -inkey private_key 2>/dev/null
+			if [ -f "ca_certs" ]; then
+				openssl cms -sign -in "${QDK_QPKG_FILE}.sha" -binary -nodetach -out "${QDK_QPKG_FILE}.msg" \
+				-signer certificate -inkey private_key \
+				-certfile ca_certs 2>/dev/null
+			else
+				openssl cms -sign -in "${QDK_QPKG_FILE}.sha" -binary -nodetach -out "${QDK_QPKG_FILE}.msg" \
+					-signer certificate -inkey private_key 2>/dev/null
+			fi
 			local err_code=$?
 			if [ $err_code = "2" ]; then
 				warn_msg "Failed to open certificate or private key"
@@ -1591,16 +1601,21 @@ add_code_signing(){
 	# Source the configuration file to make all its fields available.
 	. "$code_signing_cfg" || err_msg "$code_signing_cfg: corrupt configuration file"
 
-	if [ -z "$PRIVATE_KEY" ]; then
+	if [ "x${QNAP_CODE_SIGNING}" = "x1" ]; then
 		# Connecting to server
 		[ -z "$QNAP_CODE_SIGNING_SERVER_IP" ] && QNAP_CODE_SIGNING_SERVER_IP=$DEFAULT_QNAP_CODE_SIGNING_SERVER_IP
 		[ -z "$QNAP_CODE_SIGNING_SERVER_PORT" ] && QNAP_CODE_SIGNING_SERVER_PORT=$DEFAULT_QNAP_CODE_SIGNING_SERVER_PORT
 		[ -n "$QPKG_NAME" ] || err_msg "$code_signing_cfg: QPKG_NAME not provided"
 		[ -n "$QPKG_VER" ] || err_msg "$code_signing_cfg: QPKG_VER not provided"
+		if [ "$QNAP_CODE_SIGNING_SERVER_IP" = "172.17.21.68" ]; then
+			msg "$QPKG_NAME: Do not used 172.17.21.68:5000 anymore. Please use codesigning.qnap.com.tw:5001. You also need to check the DNS setting on your build environment so that codesigning.qnap.com.tw can be resolved properly"
+			QNAP_CODE_SIGNING_SERVER_IP="codesigning.qnap.com.tw"
+			QNAP_CODE_SIGNING_SERVER_PORT="5001"
+		fi
 	else
 		# 3rd party, not connected to server, sign using local certificate and private key
-                [ -f "$QNAP_CERT" ] || err_msg "$code_signing_cfg: QNAP_CERT $QNAP_CERT cannot be found"
-                [ -f "$PRIVATE_KEY" ] || err_msg "$code_signing_cfg: PRIVATE_KEY $PRIVATE_KEY cannot be found"
+		[ -f "$QNAP_CERT" ] || err_msg "$code_signing_cfg: QNAP_CERT $QNAP_CERT cannot be found"
+		[ -f "$PRIVATE_KEY" ] || err_msg "$code_signing_cfg: PRIVATE_KEY $PRIVATE_KEY cannot be found"
 	fi
 
 	local qpkg_data_file="${qpkg}.data"
@@ -1618,15 +1633,21 @@ add_code_signing(){
 	#eval "$dd_cmd"
 	openssl dgst -sha1 -binary "${qpkg}.$$" > "${qpkg}.sha"
 
-	if [ -z "$PRIVATE_KEY" ]; then
+	if [ "x${QNAP_CODE_SIGNING}" = "x1" ]; then
 		# Send qpkg digest to server
 		verbose_msg "Connecting to code signing server to create digital signature..."
 		$CS_PYTHON "${QDK_SCRIPTS_DIR}/codesigning_qpkg_cms.py" server=${QNAP_CODE_SIGNING_SERVER_IP}:${QNAP_CODE_SIGNING_SERVER_PORT} qpkgname=${QPKG_NAME} version=${QPKG_VER} in="${qpkg}.sha" out="${qpkg}.msg" 2>&1 | tee -a code_signing.log
 	else
 		# 3rd party, not connected to server, sign using local certificate and private key
 		verbose_msg "Creating code signing digital signature..."
-		openssl cms -sign -in "${qpkg}.sha" -binary -nodetach -out "${qpkg}.msg" \
+		if [ -f "${CA_CERTS}" ]; then
+			openssl cms -sign -in "${qpkg}.sha" -binary -nodetach -out "${qpkg}.msg" \
+				-signer ${QNAP_CERT} -inkey ${PRIVATE_KEY} \
+				-certfile ${CA_CERTS} 2>/dev/null
+		else
+			openssl cms -sign -in "${qpkg}.sha" -binary -nodetach -out "${qpkg}.msg" \
 				-signer ${QNAP_CERT} -inkey ${PRIVATE_KEY} 2>/dev/null
+		fi
 		local err_code=$?
 		if [ $err_code = "2" ]; then
 			warn_msg "Failed to open certificate or private key"
@@ -1663,6 +1684,11 @@ add_code_signing(){
 verify_code_signing_online(){
 	[ -z "$QNAP_CODE_SIGNING_SERVER_IP" ] && QNAP_CODE_SIGNING_SERVER_IP=$DEFAULT_QNAP_CODE_SIGNING_SERVER_IP
 	[ -z "$QNAP_CODE_SIGNING_SERVER_PORT" ] && QNAP_CODE_SIGNING_SERVER_PORT=$DEFAULT_QNAP_CODE_SIGNING_SERVER_PORT
+	if [ "$QNAP_CODE_SIGNING_SERVER_IP" = "172.17.21.68" ]; then
+		msg "$QPKG_NAME: Do not used 172.17.21.68:5000 anymore. Please use codesigning.qnap.com.tw:5001. You also need to check the DNS setting on your build environment so that codesigning.qnap.com.tw can be resolved properly"
+		QNAP_CODE_SIGNING_SERVER_IP="codesigning.qnap.com.tw"
+		QNAP_CODE_SIGNING_SERVER_PORT="5001"
+	fi
 
 	local curl_cmd=
 	local output=
@@ -1755,17 +1781,24 @@ verify_code_signing_offline(){
 	openssl cms -verify -in $1 -CAfile $ca_cert 2>/dev/null > $verify_dgst_file
 	$CMD_CMP $2 $verify_dgst_file 2>/dev/null
 	if [ $? -eq 0 ]; then
-		msg "Code signing digital signature verification successful"
+		msg "Code signing digital signature verification successful (QNAP-issued certificate)"
 		ret=0
 	else
 		openssl cms -verify -in $1 -CAfile $ca_cert_2 2>/dev/null > $verify_dgst_file
 		$CMD_CMP $2 $verify_dgst_file 2>/dev/null
 		if [ $? -eq 0 ]; then
-			msg "Code signing digital signature verification successful"
+			msg "Code signing digital signature verification successful (QNAP-issued certificate)"
 			ret=0
 		else
-			msg "Code signing digital signature verification failed"
-			ret=1
+			openssl cms -verify -purpose any -CApath /etc/ssl/certs/ -in $1 > $verify_dgst_file
+			$CMD_CMP $2 $verify_dgst_file 2>/dev/null
+			if [ $? -eq 0 ]; then
+				msg "Code signing digital signature verification successful (non QNAP-issued certificate)"
+				ret=0
+			else
+				msg "Code signing digital signature verification failed"
+				ret=1
+			fi
 		fi
 	fi
 	/bin/rm $verify_dgst_file
@@ -1804,7 +1837,7 @@ verify_code_signing(){
 	/bin/dd if=$qpkg bs=1 skip=$code_signing_pos count=$code_signing_len 2>/dev/null > $signature_file
 
 	local ret=
-	if [ ! -f "private_key" ] && [ -z "$QNAP_CA_CERT" ]; then
+	if [ "x${QNAP_CODE_SIGNING}" = "x1"  ]; then
 		verify_code_signing_online ${signature_file} ${dgst_file}
 		ret=$?
 	else

diff --git a/QDK/shared/doc/HowToAddNewARCH.txt b/QDK/shared/doc/HowToAddNewARCH.txt
diff --git a/QDK/shared/qdk.conf b/QDK/shared/qdk.conf
@@ -1,3 +1,3 @@
-QDK_VERSION=2.3.10
+QDK_VERSION=2.3.11
 QDK_PATH_P=`pwd | awk 'BEGIN { FS = "QDK" } ; { print $1 }'`
 QDK_PATH="${QDK_PATH_P}/QDK"
diff --git a/QDK/shared/scripts/ca_cert3 b/QDK/shared/scripts/ca_cert3
diff --git a/QDK/shared/scripts/ca_cert3_2 b/QDK/shared/scripts/ca_cert3_2
diff --git a/QDK/shared/scripts/code_signing.cfg b/QDK/shared/scripts/code_signing.cfg
@@ -1,4 +1,4 @@
 QPKG_NAME="QDK"
-QPKG_VER="2.3.10"
+QPKG_VER="2.3.11"
 QNAP_CODE_SIGNING_SERVER_IP=codesigning.qnap.com.tw
 QNAP_CODE_SIGNING_SERVER_PORT=5001
diff --git a/QDK/shared/scripts/codesigning_cert.pem b/QDK/shared/scripts/codesigning_cert.pem
diff --git a/QDK/shared/scripts/codesigning_common.py b/QDK/shared/scripts/codesigning_common.py
diff --git a/QDK/shared/scripts/codesigning_qpkg.py b/QDK/shared/scripts/codesigning_qpkg.py
diff --git a/QDK/shared/scripts/codesigning_qpkg_cms.py b/QDK/shared/scripts/codesigning_qpkg_cms.py
diff --git a/QDK/shared/scripts/qinstall.sh b/QDK/shared/scripts/qinstall.sh
@@ -5,7 +5,7 @@
 #
 # A QPKG installation script for QDK
 #
-# QDK V.2.3.10
+# QDK V.2.3.11
 #
 # Copyright (C) 2009,2010 QNAP Systems, Inc.
 # Copyright (C) 2010,2011 Michael Nordstrom

diff --git a/QDK/shared/template/arm-x19/.gitkeep b/QDK/shared/template/arm-x19/.gitkeep
diff --git a/QDK/shared/template/arm-x31/.gitkeep b/QDK/shared/template/arm-x31/.gitkeep
diff --git a/QDK/shared/template/arm-x41/.gitkeep b/QDK/shared/template/arm-x41/.gitkeep
diff --git a/QDK/shared/template/arm_64/.gitkeep b/QDK/shared/template/arm_64/.gitkeep
diff --git a/QDK/shared/template/config/.gitkeep b/QDK/shared/template/config/.gitkeep
diff --git a/QDK/shared/template/icons/.gitkeep b/QDK/shared/template/icons/.gitkeep
diff --git a/QDK/shared/template/package_routines b/QDK/shared/template/package_routines
diff --git a/QDK/shared/template/qpkg.cfg b/QDK/shared/template/qpkg.cfg
diff --git a/QDK/shared/template/shared/.gitkeep b/QDK/shared/template/shared/.gitkeep
diff --git a/QDK/shared/template/x86/.gitkeep b/QDK/shared/template/x86/.gitkeep
diff --git a/QDK/shared/template/x86_64/.gitkeep b/QDK/shared/template/x86_64/.gitkeep
diff --git a/QDK/shared/template/x86_ce53xx/.gitkeep b/QDK/shared/template/x86_ce53xx/.gitkeep
diff --git a/QDK/src/Makefile b/QDK/src/Makefile
diff --git a/QDK/src/qpkg_encrypt.c b/QDK/src/qpkg_encrypt.c