diff options
author | Joey Hess <joeyh@joeyh.name> | 2017-05-04 16:44:38 -0400 |
---|---|---|
committer | Joey Hess <joeyh@joeyh.name> | 2017-05-04 16:44:38 -0400 |
commit | 6d6bb94c3646cdaa44f807b879fea3058387c5ae (patch) | |
tree | 21538c8aac8172b8cab9f721525770853094c626 | |
parent | 18e70a49274033d0598fcdfe830f80b0cc3552f0 (diff) | |
download | debug-me-6d6bb94c3646cdaa44f807b879fea3058387c5ae.tar.gz |
--verify mode
This commit was sponsored by Thom May on Patreon.
-rw-r--r-- | CmdLine.hs | 12 | ||||
-rw-r--r-- | Crypto.hs | 6 | ||||
-rw-r--r-- | debug-me.1 | 4 | ||||
-rw-r--r-- | debug-me.hs | 2 | ||||
-rw-r--r-- | doc/todo/log_file_analysis_mode.mdwn | 2 | ||||
-rw-r--r-- | doc/todo/verify_hash_chain_in_loadLog.mdwn | 2 |
6 files changed, 28 insertions, 0 deletions
@@ -25,6 +25,7 @@ data Mode | WatchMode WatchOpts | GraphvizMode GraphvizOpts | ReplayMode ReplayOpts + | VerifyMode VerifyOpts | ServerMode ServerOpts | ControlMode ControlOpts @@ -54,6 +55,10 @@ data ReplayOpts = ReplayOpts { replayLogFile :: FilePath } +data VerifyOpts = VerifyOpts + { verifyLogFile :: FilePath + } + data ServerOpts = ServerOpts { serverDirectory :: FilePath , serverPort :: Port @@ -72,6 +77,7 @@ parseMode :: Parser Mode parseMode = (UserMode <$> parseuser) <|> (DeveloperMode <$> parsedeveloper) <|> (ReplayMode <$> parsereplay) + <|> (VerifyMode <$> parseverify) <|> (DownloadMode <$> parsedownload) <|> (WatchMode <$> parsewatch) <|> (GraphvizMode <$> parsegraphviz) @@ -112,6 +118,12 @@ parseMode = (UserMode <$> parseuser) <> metavar "logfile" <> help "replay log file" ) + parseverify = VerifyOpts + <$> option str + ( long "verify" + <> metavar "logfile" + <> help "verify log file" + ) parsedownload = DownloadOpts <$> option readurl ( long "download" @@ -44,6 +44,12 @@ instance Hashable t => Signed (Message t) where hashExceptSignature (ActivityMessage a) = hashExceptSignature a hashExceptSignature (ControlMessage c) = hashExceptSignature c +instance Signed AnyMessage where + getSignature (User m) = getSignature m + getSignature (Developer m) = getSignature m + hashExceptSignature (User m) = hashExceptSignature m + hashExceptSignature (Developer m) = hashExceptSignature m + sign :: Signed v => MySessionKey -> v -> Signature sign (MySessionKey sk pk) v = Ed25519Signature $ Val $ convert $ Ed25519.sign sk pk (toSign v) @@ -72,6 +72,10 @@ Replay a debug-me log file with realistic pauses. While this is running, you can press Space to skip forward in the recording to the next point, which is useful when there are long pauses in the recording. +.IP "--verify logfile" +Verify that the log file contains a valid chain of hashes, and valid +signatures. Will exit nonzero if any problem is detected. Displays the +gpg public keys of any developers who interacted with the debug-me session. .IP "--graphviz logfile" Uses graphviz to generate a visualization of a debug-me log file. .IP "--show-hashes" diff --git a/debug-me.hs b/debug-me.hs index c9bbd22..42931c6 100644 --- a/debug-me.hs +++ b/debug-me.hs @@ -8,6 +8,7 @@ module Main where import CmdLine import Graphviz import Replay +import Verify import Server import ControlWindow import qualified Role.User @@ -28,5 +29,6 @@ main = withSocketsDo $ do WatchMode o -> Role.Watcher.run o GraphvizMode o -> graphviz o ReplayMode o -> replay o + VerifyMode o -> verify o ServerMode o -> server o ControlMode o -> controlWindow o diff --git a/doc/todo/log_file_analysis_mode.mdwn b/doc/todo/log_file_analysis_mode.mdwn index 9520ae7..09ebccb 100644 --- a/doc/todo/log_file_analysis_mode.mdwn +++ b/doc/todo/log_file_analysis_mode.mdwn @@ -1,3 +1,5 @@ Add a mode that, given a log file, displays what developer(s) gpg keys signed activity in the log file. For use when a developer did something wrong, to examine the proof. + +> [[done]]; --verify --[[Joey]] diff --git a/doc/todo/verify_hash_chain_in_loadLog.mdwn b/doc/todo/verify_hash_chain_in_loadLog.mdwn index 92f9741..c056e89 100644 --- a/doc/todo/verify_hash_chain_in_loadLog.mdwn +++ b/doc/todo/verify_hash_chain_in_loadLog.mdwn @@ -6,3 +6,5 @@ refuse to use logs that are not valid proofs of a session. Everything else in debug-me checks a session's proof as it goes. And, everything that saves a log file checks the proof as it goes, so perhaps this is not actually necessary? + +> Yeah, let's not. Instead, --verify can be used. [[done]] --[[Joey]] |