[Koha-devel] Plugins should support simple signing for security/verifiability
dcook at prosentient.com.au
dcook at prosentient.com.au
Thu Apr 30 14:50:04 CEST 2020
Hi all,
I've just written a patch that adds simple signing for
security/verifiability to Koha plugins:
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24632.
By default, it doesn't really do anything, but if you enable the
"RequirePluginSignatures" system preference, you will only be able to upload
Koha plugins which have been signed by a trusted Koha plugin author. When
uploading a plugin, you'll also be prompted for a signature file, which
you'll need to upload in order to successfully upload the plugin.
Koha plugin authors can be trusted by uploading/importing their RSA signing
public key into Koha.
I've included all the possible information Koha users and Koha (plugin)
developers could need into my test plan(s).
Let me know how you go! I'd love to get feedback. I've been wanting to write
this code for a long time, so I finally sat down for about 5 hours and just
banged it all out. It's probably far from perfect, but it's functional and
hopefully shouldn't add too much of a burden to users or developers.
Cheers,
David Cook
Systems Librarian
Prosentient Systems
72/330 Wattle St
Ultimo, NSW 2007
Australia
Office: 02 9212 0899
Online: 02 8005 0595
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20200430/927c066f/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 484 bytes
Desc: not available
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20200430/927c066f/attachment-0001.sig>
More information about the Koha-devel
mailing list