nextcloud

Commit Graph

Author	SHA1	Message	Date
Joas Schilling	d7246edc94	Add the new share type Signed-off-by: Joas Schilling <coding@schilljs.com>	6 years ago
Morris Jobke	bb2336f389	Merge pull request #10526 from steiny2k/HEICHEIF Support HEIC for previews	6 years ago
Roeland Jago Douma	0fb2c50f17	Another CRL bump Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Roeland Jago Douma	45385e8114	Update CRL Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Sebastian Steinmetz	6973b82e20	Develop HEIC/HEIF preview support #7406 Signed-off-by: Sebastian Steinmetz <me@sebastiansteinmetz.ch>	6 years ago
Christoph Wurst	e53c048bc8	Fix info.xsd to sync with the appstore one Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
John Oyler	489103eede	Give the various comic book file formats distinct mime types so that they can be handled correctly by the preview functionality without file type checking at that point.	6 years ago
Joas Schilling	5541d3dd84	Add visio mimetypes Signed-off-by: Joas Schilling <coding@schilljs.com>	6 years ago
Georg Ehrke	8c73b13ac8	move locales file to /resources/ Signed-off-by: Georg Ehrke <developer@georgehrke.com>	6 years ago
Morris Jobke	7dcab39f34	Update CRL to include old quicknotes cert Signed-off-by: Morris Jobke <hey@morrisjobke.de>	6 years ago
Joas Schilling	17a26dfcc1	Validate the info.xml against the appstore schema file Signed-off-by: Joas Schilling <coding@schilljs.com>	6 years ago
Morris Jobke	a76d850b40	Update CRL to revoke files_rightclick See https://github.com/nextcloud/app-certificate-requests/pull/134 Signed-off-by: Morris Jobke <hey@morrisjobke.de>	6 years ago
Morris Jobke	e2d5f3cc12	Update CRL because user_sql cert was lost * see https://github.com/nextcloud/app-certificate-requests/pull/129 Signed-off-by: Morris Jobke <hey@morrisjobke.de>	6 years ago
Morris Jobke	7a49270c64	Update CRL due to aboutconfig Signed-off-by: Morris Jobke <hey@morrisjobke.de>	7 years ago
Morris Jobke	eaafa72ae0	Update CRL due to files_frommail Signed-off-by: Morris Jobke <hey@morrisjobke.de>	7 years ago
Rello	c5f76785ba	Mapping of m3u, m3u8, pls to audio streams Signed-Off-By: Rello <Rello@users.noreply.github.com>	7 years ago
Thomas Ebert	93d539b0cf	Add mimetype support for .URL (Windows) and .webloc (macOS) files. Update places/link svg. Add filetype/link icon. Add repair step for mime types. Signed-off-by: Thomas Ebert <thomas.ebert@te-online.net>	7 years ago
Arthur Schiwon	0f92a2c6fd	bycatch, x-ldif entry was missing Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	7 years ago
Arthur Schiwon	c1d9565131	added kml, kmz, tcx types as well while at it Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	7 years ago
Arthur Schiwon	6538302daa	add gpx mimetype Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	7 years ago
Stefan Weil	eb7e4d48c9	Add mimetypes for jp2 and webp Those image formats can be processed by Tesseract, so they are needed for improved Nextcloud OCR. Signed-off-by: Stefan Weil <sw@weilnetz.de>	7 years ago
Lukas Reschke	23d9902cf3	Update CA bundle Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	7 years ago
Joas Schilling	2e78aa6232	Remove the cert as well Signed-off-by: Joas Schilling <coding@schilljs.com>	7 years ago
Lukas Reschke	7a174c1b4a	Add CRL entry for old rainloop certificate Certificate has been lost as per https://github.com/nextcloud/app-certificate-requests/pull/47 - let's revoke the old one thus. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	7 years ago
Joas Schilling	ade91c8fe2	Recognize .bat and .cmd files Signed-off-by: Joas Schilling <coding@schilljs.com>	7 years ago
Arthur Schiwon	68a0f8e153	recognize LDIF (and schema) file types Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	7 years ago
Lukas Reschke	a0f07dd754	Update bundled CA Certificates Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	7 years ago
Lukas Reschke	3e6dd86ee4	Add support for CRL Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	8 years ago
Lukas Reschke	5e5f60280e	Update root certificate list Syncs with the newest certificate list by Mozilla. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	8 years ago
Morris Jobke	da1c51882b	update to proper icons and run occ command to update JS file	8 years ago
Daniel Szasz	5b9eabf4bc	Update the mime types with the relevant types for "apple-iWorks" (pages, numbers, keynote). Now the files are treated like a file when are in "Single file" mode.	8 years ago
Roeland Jago Douma	a774efb0f9	Update mimetypes	8 years ago
Lukas Reschke	38b2239b0d	Add ownCloud cert	8 years ago
Lukas Reschke	977db0a162	Use proper certificates Ports `bcf693539b`	8 years ago
Alexander Yamshanov	ee790ec6ac	Add mimetype for fb2-extension	8 years ago
Victor Dubiniuk	6c70e847dd	Add bzip2 to known mimetypes	8 years ago
Jörn Friedrich Dreyer	86d3dcd7e8	Merge pull request #24006 from owncloud/audio_m4a Adding mimetypes for m4a and m4b	8 years ago
Carla Schroder	80a9a7d15f	correct typo in mimetypealiases.dist.json	8 years ago
Carla Schroder	7dbba520f0	correct occ command for mimetypealiases	8 years ago
Martin	998da2acd3	Adding mimetypes for m4a and m4b	8 years ago
Thomas Müller	d8faeab421	Merge pull request #21766 from farukuzun/master Add some mimetypes	8 years ago
Faruk Uzun	6ffd8f3e0d	Introduce some mimetypes for richdocuments * application/vnd.lotus-wordpro * application/vnd.visio * application/vnd.wordperfect * application/msonenote	8 years ago
Lukas Reschke	4db5638505	Add proper line ending	8 years ago
Lukas Reschke	a06b62f901	Use intermediate root authority Danimo proposed to use an intermediate root authority for signing purposes which makes sense considering that we may also sign updates this way in the future. So this uses now an intermediate authority.	8 years ago
Lukas Reschke	1d27a53338	Use newly generated certificate authority	8 years ago
Lukas Reschke	c0640f7998	Sync certificates with upstream	8 years ago
Lukas Reschke	4971015544	Add code integrity check This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository. Furthermore, there is a basic implementation to display problems with the code integrity on the update screen. Code signing basically happens the following way: - There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release 😉). This certificate is not intended to be used for signing directly and only is used to sign new certificates. - Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID. - The command generates a signature.json file of the following format: ```json { "hashes": { "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d", "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9" }, "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----", "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl" } ``` `hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`. Steps to do in other PRs, this is already a quite huge one: - Add nag screen in case the code check fails to ensure that administrators are aware of this. - Add code verification also to OCC upgrade and unify display code more. - Add enforced code verification to apps shipped from the appstore with a level of "official" - Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release - Add some developer documentation on how devs can request their own certificate - Check when installing ownCloud - Add support for CRLs to allow revoking certificates Note: The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature: ``` ➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt Successfully signed "core" ``` Then increase the version and you should see something like the following: ![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png) As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen. For packaging stable releases this requires the following additional steps as a last action before zipping: 1. Run `./occ integrity:sign-core` once 2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.	9 years ago
Lukas Reschke	983dfebb5d	Update certificate bundle Syncs with ca-certificates version 2.5. - Removes expired TURKTRUST Certificate Services Provider Root 1 (https://bugzilla.mozilla.org/show_bug.cgi?id=1165992) - Removes obsolete TC TrustCenter certificates (https://bugzilla.mozilla.org/show_bug.cgi?id=1159070) - Removes ComSign Secured certificate as it is not used for websites (https://bugzilla.mozilla.org/show_bug.cgi?id=1160208) - Adds updated TURKTRUST certificates as the old ones are expired (https://hg.mozilla.org/integration/mozilla-inbound/rev/2f1a37cb43ac) - Add Certinomis as root certificate (https://bugzilla.mozilla.org/show_bug.cgi?id=1169083)	9 years ago
Roeland Jago Douma	57ceee13a9	Updated some mimetypes * c++ and cpp now both map to code	9 years ago
Robin McCorkell	cd7aff47e1	Introduce a few new mimetypes for code	9 years ago
Lukas Reschke	63b2bc136a	Move mimetype files into /resources/config/	9 years ago
Lukas Reschke	a8e8a9dfb9	Move certificate bundle into resources/config/	9 years ago

1 2 3 4

152 Commits (master)