mirror of
https://github.com/BigBodyCobain/Shadowbroker.git
synced 2026-05-08 02:16:41 +02:00
BigBodyCobain
101 lines
3.1 KiB
Python
101 lines
3.1 KiB
Python
from __future__ import annotations
|
|
|
|
import hashlib
|
|
import re
|
|
from pathlib import Path
|
|
|
|
|
|
TRUE_VALUES = {"1", "true", "yes", "on", "allow", "enabled"}
|
|
PIN_KEY = "PRIVACY_CORE_ALLOWED_SHA256"
|
|
PRIVATE_LANE_KEYS = ("MESH_ARTI_ENABLED", "MESH_RNS_ENABLED")
|
|
|
|
|
|
def _repo_root() -> Path:
|
|
return Path(__file__).resolve().parents[1]
|
|
|
|
|
|
def _privacy_core_library(root: Path) -> Path | None:
|
|
release_dir = root / "privacy-core" / "target" / "release"
|
|
candidates = (
|
|
release_dir / "privacy_core.dll",
|
|
release_dir / "libprivacy_core.so",
|
|
release_dir / "libprivacy_core.dylib",
|
|
)
|
|
for candidate in candidates:
|
|
if candidate.is_file():
|
|
return candidate
|
|
return None
|
|
|
|
|
|
def _parse_env(lines: list[str]) -> dict[str, str]:
|
|
values: dict[str, str] = {}
|
|
for line in lines:
|
|
match = re.match(r"^\s*([A-Za-z_][A-Za-z0-9_]*)\s*=\s*(.*)\s*$", line)
|
|
if not match:
|
|
continue
|
|
key, raw_value = match.groups()
|
|
values[key] = raw_value.strip().strip('"').strip("'")
|
|
return values
|
|
|
|
|
|
def _private_lane_enabled(values: dict[str, str]) -> bool:
|
|
for key in PRIVATE_LANE_KEYS:
|
|
value = values.get(key, "")
|
|
if value.strip().lower() in TRUE_VALUES:
|
|
return True
|
|
return False
|
|
|
|
|
|
def _replace_or_append_pin(lines: list[str], digest: str) -> tuple[list[str], bool]:
|
|
updated: list[str] = []
|
|
replaced = False
|
|
pattern = re.compile(rf"^(\s*{re.escape(PIN_KEY)}\s*=).*$")
|
|
for line in lines:
|
|
if pattern.match(line):
|
|
updated.append(f"{PIN_KEY}={digest}")
|
|
replaced = True
|
|
else:
|
|
updated.append(line)
|
|
if not replaced:
|
|
if updated and updated[-1].strip():
|
|
updated.append("")
|
|
updated.append(f"{PIN_KEY}={digest}")
|
|
return updated, replaced
|
|
|
|
|
|
def main() -> int:
|
|
root = _repo_root()
|
|
env_path = root / "backend" / ".env"
|
|
if not env_path.is_file():
|
|
print("[*] privacy-core trust pin refresh skipped: backend/.env not found.")
|
|
return 0
|
|
|
|
library_path = _privacy_core_library(root)
|
|
if library_path is None:
|
|
print("[*] privacy-core trust pin refresh skipped: shared library not found.")
|
|
return 0
|
|
|
|
text = env_path.read_text(encoding="utf-8-sig")
|
|
lines = text.splitlines()
|
|
values = _parse_env(lines)
|
|
has_pin = PIN_KEY in values
|
|
if not has_pin and not _private_lane_enabled(values):
|
|
print("[*] privacy-core trust pin refresh skipped: private-lane mode is not enabled.")
|
|
return 0
|
|
|
|
digest = hashlib.sha256(library_path.read_bytes()).hexdigest()
|
|
if values.get(PIN_KEY, "").strip().lower() == digest:
|
|
print("[*] privacy-core trust pin already current.")
|
|
return 0
|
|
|
|
updated, replaced = _replace_or_append_pin(lines, digest)
|
|
newline = "\r\n" if "\r\n" in text else "\n"
|
|
env_path.write_text(newline.join(updated) + newline, encoding="utf-8")
|
|
action = "refreshed" if replaced else "enrolled"
|
|
print(f"[*] privacy-core trust pin {action} for local shared library.")
|
|
return 0
|
|
|
|
|
|
if __name__ == "__main__":
|
|
raise SystemExit(main())
|