luci-mod-system: repo key management

Reject PEM in OPKG; reject non-PEM in APK

Signed-off-by: Paul Donald <[email protected]>

diff --git a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/repokeys.js b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/repokeys.js
index ced175044a04a1f1181546fdfc7a295a9ef42b4e..a5a247abd2d05389d135bfb38e0d52ac56d8eb23 100644 (file)
--- a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/repokeys.js
+++ b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/repokeys.js
@@ -110,6 +110,22 @@ function removeKey(ev) {
        ]);
 }
 
+function isPemFormat(content) {
+       return /-BEGIN ([A-Z ]+)?PUBLIC KEY-/.test(content);
+}
+
+function keyEnvironmentCheck(key) {
+       const isPem = isPemFormat(key);
+
+       // Reject PEM in OPKG; reject non-PEM in APK
+       if (KEYDIR === OPKG_DIR && isPem)
+               return _('This key appears to be in PEM format, which is not supported in an opkg environment.');
+       if (KEYDIR === APK_DIR && !isPem)
+               return _('This key does not appear to be in PEM format, which is required in an apk environment.');
+
+       return null;
+}
+
 function addKey(ev, file, fileContent) {
        const list = findParent(ev.target, '.cbi-dynlist');
        const input = list.querySelector('textarea[type="text"]');
@@ -118,6 +134,14 @@ function addKey(ev, file, fileContent) {
        if (!key.length)
                return;
 
+       const formatError = keyEnvironmentCheck(key);
+       if (formatError) {
+               ui.addTimeLimitedNotification(_('Invalid key format'), [
+                       E('p', formatError)
+               ], 7000, 'warning');
+               return;
+       }
+
        // Prevent duplicates
        const exists = Array.from(list.querySelectorAll('.item')).some(
                item => item.getAttribute('data-key') === normalizeKey(key)