9th Meeting GSoC 17 - Expand Extensions Manager
Time: 20:00 PM UTC
Meeting was attended by:
Anibal Sanchez, Nuno Lopes, Roland Dalmulder
This week starts the second deadline on Google Summer of Code so the idea is to finish the Download Key feature and send the technical notes about this feature and “Fix database for extensions” feature to the core team and after review and approval to start thinking on the last and greatest feature “Signed Files”
2 - Download Key Manager Continuation - Plugin and Module view
To reinforce the new feature to the new users, it was also a initial idea to create a toolbar button to add in Modules and Plugins view. This was very difficult to me to finish because it required a modal with an iframe that could save without beeing redirected to the download key view:
Extensions -> Modules -> *Select a module that uses a <dlid /> tag*
Extensions -> Plugins -> *Select a plugin that uses a <dlid /> tag*
Both will open a modal of the Download Key View:
Saving remotely without needing to change view:
3. Checksum for extensions
Now that the last 2x features are almost ready it time to discuss the last and big feature: “Checksum for extensions”:
This feature is needed because currently there is no security when downloading files from update sites, with this feature the main goal is to make sure that only the original files are downloaded and installed, lowering the risk of getting infected files that can risk the user.
The best option that was discussed with my mentors was having a tag in the manifest file to an hash/checksum on the developer's server that when returned we would compare it to the hash we created before unpacking the file, if negative this should show an alert if the user wants to continue.
Here are some previews made by my mentor Anibal Sanchez:
1- The extension has an updateserver.
2- The developer provides a md5/sha1 checksum in the xml stream from the updateserver.
3- Success: The file matches one item filename and checksum in the xml stream from the updateserver.
4. This Week / Next Meeting
With the Download key manager feature almost finished it's time to review the features I’ve made so far, wait for the review of the technical notes by the core team and start coding the last feature