[Nefarius]

Sine all my projects where already on Github I had a similar problem to solve. I built a small PHP wrapper script running on my web server delivering the files via HTTP instead of HTTPS:

PHP Code:

<?php

$path = $_GET['path'];

if(empty($path))
    die("No path specified!");

$url = "https://raw.github.com/nefarius/WorkshopMapLoader/master/";
$ch = curl_init();
$timeout = 30;
$userAgent = $_SERVER['HTTP_USER_AGENT'];
curl_setopt($ch, CURLOPT_URL, $url.$path);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_USERAGENT, $userAgent);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);

$response = curl_exec($ch);
if (curl_errno($ch)) {
    echo curl_error($ch);
} else {
    curl_close($ch);
    header("Content-Type: text/plain; charset=utf-8");
    echo $response;
}

?>

Feel free to use and adapt if you have a web server with PHP and the PHP-CURL extension.

[Miss.Xantis]

L 04/01/2014 - 18:11:23: SMC parsing error on line 0
L 04/01/2014 - 18:11:23: [0] URL: http://dev.xadgaming.com/simple-chat...er/updater.txt
L 04/01/2014 - 18:11:23: [1] ERROR: Line contained too many invalid tokens

We have this error on our server.

[ddhoward]

http://dev.xadgaming.com/simple-chat...er/updater.txt

That doesn't look like a valid updater text file...

[Donski]

Quote:

Originally Posted by Miss.Xantis L 04/01/2014 - 18:11:23: SMC parsing error on line 0 L 04/01/2014 - 18:11:23: [0] URL: http://dev.xadgaming.com/simple-chat...er/updater.txt L 04/01/2014 - 18:11:23: [1] ERROR: Line contained too many invalid tokens We have this error on our server.

It's due to the domain where the updater file for Simple Chat Processor is hosted being expired, you can just ignore that error.

[Powerlord]

Is there ever going to be an option to have paths be different on the download server than the game server?

For instance, to make it easier to create distributions, I store my source and resource files using the full path (addons/sourcemod/scripting/whatever.sp or sound/prophunt/whatever.mp3) but I don't want to put my updater files... or models/materials/sounds... under the sourcemod directory.

[Arkarr]

First thanks GoD-Tony for this powerfull and usefull tool.
And well, I have read your finals notes, not sure if you still want give a look about how I added Updater to my plugin, here is a link.

[Lordearon]

How vulnerable is this to EvilGrade if DNS records are compromised?
http://www.infobyte.com.ar/down/Fran...%20-%20ENG.pdf

[asherkin]

Quote:

Originally Posted by Lordearon How vulnerable is this to EvilGrade if DNS records are compromised? http://www.infobyte.com.ar/down/Fran...%20-%20ENG.pdf

Extremely.

[Lordearon]

should add functionality to check downloaded file signatures (public/private key) before doing the update? Is that possible?

let's say I target the BGF warmod plugin. the dns redirects the update request to my compromised add-on.

If the updater had functionality to download the plugin together with a hash, signed with the warmod author private key and the updater was configured to read the public key the server admin stored on the server, it would reject the compromised add-on, no?

or does the SSL handle this already?

[Nefarius]

If you can ensure the safety of your DNS-Server you may use SSL/TLS (HTTPS) to protect the content of the connection once established. I managed to get it working with Github using SSL/TLS, just edit scripting/updater/download_curl.sp and add the following after line 41:

Code:

curl_easy_setopt_int(curl, CURLOPT_SSLVERSION, 3);

This will tell cURL to use SSL protocol version 3 and connect successful. This will only work if you use the cURL extension!

If you still can't use SSL, try these steps (still requires cURL extension, no Socket or SteamTools support!):

1. Create a new directory called ssl in your sourcemod folder
2. Download this semi-official root CA collection and put it in the new ssl folder (don't rename it!)
3. Add this snippet after line 34 in download_curl.sp:
   Code:

   decl String:sCAPath[PLATFORM_MAX_PATH];
   BuildPath(Path_SM, sCAPath, sizeof(sCAPath), "ssl/cacert.pem");

4. Add this snippet after line 41 in download_curl.sp:
   Code:

   if(FileExists(sCAPath))
   {
   	LogMessage("Found custom cacert.pem, using supplied root CA store for SSL connections");
   	curl_easy_setopt_string(curl, CURLOPT_CAINFO, sCAPath);
   }
   curl_easy_setopt_int(curl, CURLOPT_SSLVERSION, 3);

5. Recompile, update your servers updater.smx and reload it
6. Plugins using updater should now be able to use HTTPS-enabled websites as update source

If you trust me and don't want to compile yourself you can use the attached updater.smx (as it can't be compiled on the forum), I increased the version number to 1.2.1 so it won't get confused with the official one.