Upgrade/Install: Add more context in signature verify failures.

This includes version numbers and signature counts in error reports, to help diagnose isolated failures that have no apparent cause.

Props dd32.
See #39309.

Built from https://develop.svn.wordpress.org/trunk@45112


git-svn-id: http://core.svn.wordpress.org/trunk@44921 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
tellyworth 2019-04-05 05:20:51 +00:00
parent 4601e178e5
commit 23fe2800cc
2 changed files with 17 additions and 6 deletions

View File

@ -1154,6 +1154,9 @@ function verify_file_signature( $filename, $signatures, $filename_for_errors = f
/* translators: 1: The filename of the package. */
__( 'The authenticity of %1$s could not be verified as no signature was found.' ),
'<span class="code">' . esc_html( $filename_for_errors ) . '</span>'
),
array(
'filename' => $filename_for_errors,
)
);
}
@ -1163,11 +1166,14 @@ function verify_file_signature( $filename, $signatures, $filename_for_errors = f
mbstring_binary_safe_encoding();
$skipped_key = $skipped_signature = 0;
foreach ( (array) $signatures as $signature ) {
$signature_raw = base64_decode( $signature );
// Ensure only valid-length signatures are considered.
if ( SODIUM_CRYPTO_SIGN_BYTES !== strlen( $signature_raw ) ) {
$skipped_signature++;
continue;
}
@ -1176,6 +1182,7 @@ function verify_file_signature( $filename, $signatures, $filename_for_errors = f
// Only pass valid public keys through.
if ( SODIUM_CRYPTO_SIGN_PUBLICKEYBYTES !== strlen( $key_raw ) ) {
$skipped_key++;
continue;
}
@ -1197,10 +1204,14 @@ function verify_file_signature( $filename, $signatures, $filename_for_errors = f
),
// Error data helpful for debugging:
array(
'filename' => $filename_for_errors,
'keys' => $trusted_keys,
'signatures' => $signatures,
'hash' => bin2hex( $file_hash ),
'filename' => $filename_for_errors,
'keys' => $trusted_keys,
'signatures' => $signatures,
'hash' => bin2hex( $file_hash ),
'skipped_key' => $skipped_key,
'skipped_sig' => $skipped_signature,
'php' => phpversion(),
'sodium' => defined( 'SODIUM_LIBRARY_VERSION' ) ? SODIUM_LIBRARY_VERSION : ( defined( 'ParagonIE_Sodium_Compat::VERSION_STRING' ) ? ParagonIE_Sodium_Compat::VERSION_STRING : false ),
)
);
}
@ -1210,7 +1221,7 @@ function verify_file_signature( $filename, $signatures, $filename_for_errors = f
*
* @since 5.2.0
*
* @return array List of hex-encoded Signing keys.
* @return array List of base64-encoded Signing keys.
*/
function wp_trusted_keys() {
$trusted_keys = array();

View File

@ -13,7 +13,7 @@
*
* @global string $wp_version
*/
$wp_version = '5.2-beta1-45111';
$wp_version = '5.2-beta1-45112';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.