Topic: Packaging Extensions
The standard extensions, themes, languages and charts of accounts are signed by the FA devs (private key will not be divulged) and their public key is part of the FA (FA.pem) download.
The format of the extension packages (pkg) and it's distribution is based on the standard debian repo system and is slightly modified. The functions to achieve it are said to be in the archive.inc and packages.inc files in the includes folder.
A first draft attempt at placing a file with the following contents in a php file in the webroot and then attempting to build a package was tried in vain:
<?php
$path_to_root=".";
$pkgname='customernotes';
$mypkg = $pkgname . '-2.3.21-1.pkg';
include_once "./config.php";
include_once "./config_db.php";
include_once "./includes/packages.inc";
$pkg = new gzip_file("_data");
$options['prepend'] = PKG_CACHE_PATH.'/'.$pkgname.'/';
$pkg->set_options($options);
$list = Array(
"customernotes.php",
"hooks.php"
);
$pkg->add_files($list);
$pkg->create_archive();
rename('./_data', PKG_CACHE_PATH.'/'.substr(basename($filename), 0, -4).'/_data');
$pkg = new pkg_file($mypkg);
$list = Array(
"_init/*",
"_data"
);
$pkg->add_files($list);
$pkg->create_archive();
?>The aim is to create a private / public key pair and then build and sign these packages and host them in a personal repo. This way many users will be able to make extensions and distribute them at will. FA can then be made to partake of multiple repos as well. The $repo_auth if used in config.php would take precedence over the one in version.php.
The following standard code from the PHP Manual may be used to generate the PKI keys needed:
<?php
// Fill in data for the distinguished name to be used in the cert
// You must change the values of these keys to match your name and
// company, or more precisely, the name and company of the person/site
// that you are generating the certificate for.
// For SSL certificates, the commonName is usually the domain name of
// that will be using the certificate, but for S/MIME certificates,
// the commonName will be the name of the individual who will use the
// certificate.
$dn = array(
"countryName" => "UK",
"stateOrProvinceName" => "Somerset",
"localityName" => "Glastonbury",
"organizationName" => "The Brain Room Limited",
"organizationalUnitName" => "PHP Documentation Team",
"commonName" => "Wez Furlong",
"emailAddress" => "wez@example.com"
);
// Generate a new private (and public) key pair
$privkey = openssl_pkey_new();
// Generate a certificate signing request
$csr = openssl_csr_new($dn, $privkey);
// You will usually want to create a self-signed certificate at this
// point until your CA fulfills your request.
// This creates a self-signed cert that is valid for 365 days
$sscert = openssl_csr_sign($csr, null, $privkey, 365);
// Now you will want to preserve your private key, CSR and self-signed
// cert so that they can be installed into your web server, mail server
// or mail client (depending on the intended use of the certificate).
// This example shows how to get those things into variables, but you
// can also store them directly into files.
// Typically, you will send the CSR on to your CA who will then issue
// you with the "real" certificate.
openssl_csr_export($csr, $csrout) and var_dump($csrout);
openssl_x509_export($sscert, $certout) and var_dump($certout);
openssl_pkey_export($privkey, $pkeyout, "mypassword") and var_dump($pkeyout);
// Show any errors that occurred here
while (($e = openssl_error_string()) !== false) {
echo $e . "\n";
}
?>