Application Signing

From WebOS Internals
Revision as of 16:06, 5 December 2009 by RodWhitby (talk | contribs) (New page: execve("/usr/bin/ApplicationInstallerUtility", ["ApplicationInstallerUtility", "-v", "-n", "-c", "install", "-p", "/home/root/com.accuweather.palm_1.0.5_all.ipk"], [→‎12 vars: ]) = 0 [...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
execve("/usr/bin/ApplicationInstallerUtility", ["ApplicationInstallerUtility", "-v", "-n", "-c", "install", "-p", "/home/root/com.accuweather.palm_1.0.5_all.ipk"], [/* 12 vars */]) = 0
[pid  4427] execve("/usr/bin/arm-none-linux-gnueabi-ar", ["/usr/bin/arm-none-linux-gnueabi-ar", "xv", "/home/root/com.accuweather.palm_1.0.5_all.ipk"], [/* 1 var */]) = 0
[pid  4429] execve("/usr/ bin/openssl", ["openssl", "verify", "-CAfile", "/etc/ssl/certs/appsigning-bundle.crt", "/home/root/com.accuweather.palm_1.0.5_all.ipk_tmpdir/cert.pem"], [/* 12 vars */]) = 0
[pid  4430] execve("/bin/sh", ["sh", "-c", "openssl x509 -in /home/root/com.accuweather.palm_1.0.5_all.ipk_tmpdir/cert.pem -pubkey > /home/root/com.accuweather.palm_1.0.5_all.ipk_tmpdir/pubkey.pem"], [/* 12 vars */]) = 0
[pid  4432] execve("/bin/sh", ["sh", "-c", "/bin/cat /home/root/com.accuweather.palm_1.0.5_all.ipk_tmpdir/control.tar.gz /home/root/com.accuweather.palm_1.0.5_all.ipk_tmpdir/data.tar.gz /home/root/com.accuweather.palm_1.0.5_all.ipk_tmpdir/debian-binary | openssl dgst -sha1 -verify /home/root/com.accuweather.palm_1.0.5_all.ipk_tmpdir/pubkey.pem -signature /home/root/com.accuweather.palm_1.0.5_all.ipk_tmpdir/signature.sha1"], [/* 12 vars */] <unfinished ...>
[pid  4442] execve("/usr/bin/ipkg", ["ipkg", "-o", "/media/cryptofs/apps", "-force-overwrite", "install", "/home/root/com.accuweather.palm_1.0.5_all.ipk"], [/* 12 vars */] <unfinished ...>

An idea is to make a copy of ApplicationInstallerUtility, do a binary sed to replace /etc/ssl/certs/appsigning-bundle.crt with /etc/ssl/certs/trusted-homebrew.crt in the copy, and use that new binary to validate homebrew (especially homebrew that wants to run a postinst or prerm command).