System.Data.SQLite
Artifact Content
Not logged in

Artifact b9790e11c1e5fc15c995022d550b470e61ac5ced:


###############################################################################
#
# update.eagle --
#
# Extensible Adaptable Generalized Logic Engine (Eagle)
# Eagle Update Package File
#
# Copyright (c) 2007-2012 by Joe Mistachkin.  All rights reserved.
#
# See the file "license.terms" for information on usage and redistribution of
# this file, and for a DISCLAIMER OF ALL WARRANTIES.
#
# RCS: @(#) $Id: $
#
###############################################################################

#
# NOTE: Use our own namespace here because even though we do not directly
#       support namespaces ourselves, we do not want to pollute the global
#       namespace if this script actually ends up being evaluated in Tcl.
#
namespace eval ::Eagle {
  #
  # NOTE: This procedure returns non-zero if the specified public key tokens
  #       match.  An empty string matches any public key token (including an
  #       empty string).
  #
  proc matchUpdatePublicKeyToken { publicKeyToken1 publicKeyToken2 } {
    if {[string length $publicKeyToken1] == 0} then {
      return true
    }

    if {[string length $publicKeyToken2] == 0} then {
      return true
    }

    return [expr {$publicKeyToken1 eq $publicKeyToken2}]
  }

  #
  # NOTE: This procedure returns non-zero if the specified product / update
  #       names match.  An empty string matches any name (including an empty
  #       string).
  #
  proc matchUpdateName { name1 name2 } {
    return [expr {[string length $name1] == 0 || $name1 eq $name2}]
  }

  #
  # NOTE: This procedure returns non-zero if the specified culture names
  #       match.  An empty string matches any culture name (including an
  #       empty string).
  #
  proc matchUpdateCulture { culture1 culture2 } {
    return [expr {[string length $culture1] == 0 || $culture1 eq $culture2}]
  }

  #
  # NOTE: This procedure returns non-zero if the specified public key token
  #       matches the one in use by the Eagle script engine.
  #
  proc matchEnginePublicKeyToken { publicKeyToken } {
    return [matchUpdatePublicKeyToken \
        $publicKeyToken [info engine PublicKeyToken]]
  }

  #
  # NOTE: This procedure returns non-zero if the specified product / update
  #       name matches the Eagle script engine.
  #
  proc matchEngineName { name } {
    return [matchUpdateName $name [info engine Name]]
  }

  #
  # NOTE: This procedure returns non-zero if the specified culture name
  #       matches the one in use by the Eagle script engine.
  #
  proc matchEngineCulture { culture } {
    return [matchUpdateCulture $culture [info engine Culture]]
  }

  #
  # NOTE: This procedure escapes the reserved characters in the specified
  #       update notes and returns the resulting string.
  #
  proc escapeUpdateNotes { notes } {
    #
    # NOTE: Escape any embedded tab and line-ending characters.
    #
    return [string map \
        [list & &amp\; \t &htab\; \v &vtab\; \n &lf\; \r &cr\;] $notes]
  }

  #
  # NOTE: This procedure unescapes reserved characters in the specified
  #       update notes and returns the resulting string.
  #
  proc unescapeUpdateNotes { notes } {
    #
    # NOTE: Unescape any embedded tab and line-ending characters.
    #
    return [string map \
        [list &htab\; \t &vtab\; \v &lf\; \n &cr\; \r &amp\; &] $notes]
  }

  #
  # NOTE: This procedure returns the list of arguments to be passed to the
  #       [uri download] call that performs the auto-update check.
  #
  proc getFetchUpdateArgs { name type directory metadata extension varName } {
    #
    # NOTE: Use a variable in the context of the caller to communicate the
    #       exact error condition, if any.
    #
    upvar 1 $varName error

    #
    # NOTE: Initially, set the result to an empty list to indicate
    #       unrecognized input.
    #
    set result [list]

    #
    # NOTE: Make sure the base URI is valid.
    #
    set baseUri [getDictionaryValue $metadata uri]

    if {[uri isvalid $baseUri]} then {
      #
      # NOTE: Make sure the base (product) name looks valid.
      #
      if {[regexp -nocase -- {^[0-9A-Z_]+$} $name]} then {
        #
        # NOTE: Make sure the patch level looks valid.
        #
        set patchLevel [getDictionaryValue $metadata patchLevel]

        if {[regexp -- {^\d+\.\d+\.\d+\.\d+$} $patchLevel]} then {
          #
          # NOTE: Make sure the directory is either empty or an existing
          #       valid directory.
          #
          if {[string length $directory] == 0 || \
              [file isdirectory $directory]} then {
            #
            # NOTE: Make sure the extension is supported.
            #
            if {$extension eq ".exe" || \
                $extension eq ".rar" || $extension eq ".zip"} then {
              #
              # NOTE: Start with URI components common to all release
              #       types.
              #
              set components [list $baseUri releases $patchLevel]

              #
              # NOTE: Next, figure out what type of download is being
              #       requested.
              #
              switch -exact -nocase -- $type {
                source -
                setup -
                binary {
                  #
                  # NOTE: *LEGACY* These release types only support the ".exe"
                  #       and ".rar" file extensions.  Of these, the ".exe" is
                  #       always preferred (on Windows), primarily because it
                  #       can be securely signed (via Authenticode).
                  #
                  if {$extension eq ".exe" || $extension eq ".rar"} then {
                    #
                    # HACK: Setup files, which are currently only for Windows,
                    #       must always have an ".exe" file extension.
                    #
                    if {[string tolower $type] eq "setup"} then {
                      set extension .exe
                    }

                    #
                    # NOTE: Source code, setup, or binary download.  This may
                    #       be a RAR or an EXE file.  Append the appropriate
                    #       file name and then join all the URI components to
                    #       form the final URI.
                    #
                    set fileName [appendArgs \
                        $name [string totitle $type] $patchLevel $extension]

                    lappend components $fileName

                    set result [list \
                        [eval uri join $components] [file join $directory \
                        $fileName]]
                  } else {
                    set error [appendArgs \
                        "file extension is unsupported for release type \"" \
                        $type \"]
                  }
                }
                plugin {
                  #
                  # NOTE: Since this release type must work on all platforms,
                  #       use of the ".zip" file extension is a requirement.
                  #
                  if {$extension eq ".zip"} then {
                    set fileName [appendArgs \
                        $name [string totitle $type] $patchLevel $extension]

                    lappend components $fileName

                    set result [list \
                        [eval uri join $components] [file join $directory \
                        $fileName]]
                  } else {
                    set error [appendArgs \
                        "file extension is unsupported for release type \"" \
                        $type \"]
                  }
                }
                default {
                  set error "release type is unsupported"
                }
              }
            } else {
              set error "file extension is unsupported"
            }
          } else {
            set error "directory is invalid"
          }
        } else {
          set error "patch level is invalid"
        }
      } else {
        set error "base name is invalid"
      }
    } else {
      set error "base URI is invalid"
    }

    return $result
  }

  #
  # NOTE: This procedure fetches an update package with the specified patch
  #       level and package type and then saves it to the specified local
  #       directory.
  #
  proc fetchUpdate { name type targetDirectory metadata varName } {
    #
    # NOTE: Figure out the appropriate file extension to download for this
    #       release type and platform.
    #
    if {[string tolower $type] eq "plugin"} then {
      #
      # NOTE: Plugin updates are always packaged as ZIP archives on all
      #       supported platforms.  There is no portable way to securely
      #       sign these files.  In general, these should be checked via
      #       OpenPGP signatures before being used.
      #
      set extension .zip
    } elseif {[isWindows]} then {
      #
      # NOTE: Otherwise, on Windows, prefer self-extracting executables,
      #       because they can be secure signed and trivially verified.
      #
      set extension .exe
    } else {
      #
      # NOTE: Otherwise, fallback to using RAR archives, which should be
      #       cross-platform.  There is no portable way to securely sign
      #       these files.  In general, these should also be checked via
      #       OpenPGP signatures before being used.
      #
      set extension .rar
    }

    #
    # NOTE: Build the necessary arguments for the download, optionally
    #       capturing them into a variable provided by the caller.
    #
    if {[string length $varName] > 0} then {
      upvar 1 $varName args
    }

    set args [getFetchUpdateArgs \
        $name $type $targetDirectory $metadata $extension error]

    if {[llength $args] > 0} then {
      #
      # NOTE: Start trusting ONLY our self-signed SSL certificate.
      #
      set trusted true

      if {[lindex [uri softwareupdates] end] eq "untrusted"} then {
        catch {uri softwareupdates true}
      } else {
        set trusted false; # NOTE: Already trusted.
      }

      try {
        #
        # NOTE: Download the file from the web site.
        #
        eval uri download $args; # synchronous.
      } finally {
        if {$trusted && \
            [lindex [uri softwareupdates] end] eq "trusted"} then {
          #
          # NOTE: Stop trusting ONLY our self-signed SSL certificate.
          #
          catch {uri softwareupdates false}
        }
      }

      #
      # NOTE: Return a result indicating what was done.
      #
      return [appendArgs \
          "downloaded URI " [lindex $args 0] " to directory \"" \
          $targetDirectory \"]
    } else {
      return [appendArgs "cannot fetch update: " $error]
    }
  }

  #
  # NOTE: This procedure runs the updater tool and then immediately exits the
  #       process.
  #
  proc runUpdateAndExit { {automatic false} } {
    global tcl_platform

    #
    # NOTE: Determine the fully qualified file name for the updater.  If
    #       it is not available, we cannot continue.
    #
    set fileName [file join [file normalize \
        [file dirname [info nameofexecutable]]] Hippogriff.exe]

    if {![file exists $fileName]} then {
      error [appendArgs \
          "updater executable \"" $fileName "\" is not available"]
    }

    #
    # NOTE: For .NET Core, updating via the updater tool is unsupported.
    #
    if {[isDotNetCore]} then {
      error [appendArgs \
          "updater executable \"" $fileName "\" unsupported on .NET Core"]
    }

    #
    # NOTE: Start out with just the base [exec] command, -shell option,
    #       and the end-of-options marker.
    #
    set command [list exec -shell --]

    #
    # NOTE: Check for native Tcl and Mono because this impacts how the
    #       shell executable name is determined.
    #
    if {[isEagle] && [isMono]} then {
      #
      # HACK: Assume that Mono is somewhere along the PATH.
      #
      lappend command mono \
          [appendArgs \" [file nativename $fileName] \"]
    } else {
      lappend command $fileName
    }

    #
    # NOTE: Add the base options to the updater executable.  Typically,
    #       this only includes the initial (mutex checking) delay.
    #
    lappend command -delay 2000

    #
    # HACK: The native StrongNameSignatureVerificationEx() function does
    #       not appear to work on WOA (Windows-on-ARM) on the Surface RT
    #       tablet; therefore, attempt to disable its use when calling
    #       into the updater on that platform.
    #
    if {[isWindows] && \
        [info exists tcl_platform(machine)] && \
        $tcl_platform(machine) eq "arm"} then {
      #
      # NOTE: We appear to be running on WOA (Windows-on-ARM), add the
      #       command line option that skips strong name verification.
      #
      lappend command -noStrongNameSigned true
    }

    #
    # NOTE: If requested, enable fully automatic update mode.
    #
    if {$automatic} then {
      lappend command -silent true -confirm false
    }

    set baseUri [getUpdateBaseUri]

    if {[string length $baseUri] > 0} then {
      lappend command -baseUri $baseUri
    }

    set pathAndQuery [getUpdatePathAndQuery]

    if {[string length $pathAndQuery] > 0} then {
      lappend command -tagPathAndQuery $pathAndQuery
    }

    eval $command &; exit -force
  }

  #
  # NOTE: This procedure fetches an update file (based on a URI), saves it to
  #       a temporary directory, verifies its authenticity, extracts its files
  #       to another temporary directory, and then copies them to the target
  #       directory.
  #
  proc downloadAndExtractUpdate { name type targetDirectory metadata varName } {
    #
    # NOTE: Attempt to load Eagle test package as it is required for
    #       the [getTemporaryPath] procedure.
    #
    package require Eagle.Test

    #
    # NOTE: Figure out where, underneath the temporary directory, the
    #       update file should be downloaded and extracted to.
    #
    set temporaryDirectory [file join \
        [getTemporaryPath] [appendArgs ea-tu-pb- [pid] - [string trim \
        [clock seconds] -]]]

    try {
      #
      # NOTE: Create outer temporary directory used by this procedure.
      #       This makes it easy to cleanup later as it will contain
      #       all other temporary directories and files created within
      #       this procedure.
      #
      file mkdir $temporaryDirectory

      #
      # NOTE: Create the temporary directory only used for fetching the
      #       update (archive?) file.
      #
      set fetchDirectory [file join $temporaryDirectory fetch]
      file mkdir $fetchDirectory

      #
      # NOTE: Actually fetch (download) the update (archive?) file from
      #       the URI, saving it to the special temporary directory.
      #
      fetchUpdate $name $type $fetchDirectory $metadata fetchArgs

      #
      # NOTE: Grab the downloaded file name from the arguments returned
      #       by the fetch operation.
      #
      set archiveFileName [lindex $fetchArgs 1]

      #
      # NOTE: Match up the md5, sha1, and sha512 fields from the metadata
      #       and verify they match the fetched update (archive?) file.
      #
      if {[set md5 [string tolower [hash normal -filename md5 \
          $archiveFileName]]] ne [getDictionaryValue $metadata md5]} then {
        error [appendArgs \
            "cannot update: fetched update archive file \"" \
            $archiveFileName "\" has wrong MD5 hash, want \"" \
            [getDictionaryValue $metadata md5] "\", have \"" \
            $md5 \"]
      }

      if {[set sha1 [string tolower [hash normal -filename sha1 \
          $archiveFileName]]] ne [string tolower [getDictionaryValue \
          $metadata sha1]]} then {
        error [appendArgs \
            "cannot update: fetched update archive file \"" \
            $archiveFileName "\" has wrong SHA1 hash, want \"" \
            [getDictionaryValue $metadata sha1] "\", have \"" \
            $sha1 \"]
      }

      if {[set sha512 [string tolower [hash normal -filename sha512 \
          $archiveFileName]]] ne [string tolower [getDictionaryValue \
          $metadata sha512]]} then {
        error [appendArgs \
            "cannot update: fetched update archive file \"" \
            $archiveFileName "\" has wrong SHA512 hash, want \"" \
            [getDictionaryValue $metadata sha512] "\", have \"" \
            $sha512 \"]
      }

      #
      # NOTE: Create the temporary directory only used to contain the
      #       files extracted from the update (archive?) file.  These
      #       are the files that will be copied to the final target
      #       directory (after they have been fully verified).
      #
      set extractRootDirectory [file join $temporaryDirectory extract]
      file mkdir $extractRootDirectory

      #
      # NOTE: Attempt to load Eagle unzip package as it is required for
      #       the [extractZipArchive] procedure.
      #
      package require Eagle.Unzip

      #
      # NOTE: Extract the contents of the fetched update (archive?) file
      #       and then figure out the list of included content files.
      #
      set extractDirectory [extractZipArchive \
          $archiveFileName $extractRootDirectory true]

      catch {file delete $archiveFileName}; # NOTE: No longer needed.

      set extractFileNames [object invoke System.IO.Directory GetFiles \
          $extractDirectory * AllDirectories]

      #########################################################################
      #################### PHASE 1: VERIFY EXTRACTED FILES ####################
      #########################################################################

      foreach extractFileName $extractFileNames {
        #
        # NOTE: Based on the extension of the extracted file, attempt to
        #       verify its contents (e.g. check signatures, etc).
        #
        switch -exact -nocase -- [file extension $extractFileName] {
          .dll -
          .exe {
            #
            # NOTE: Verify the Authenticode signature for the native
            #       executable file is intact.  This always applies,
            #       even when the executable file contains a managed
            #       assembly (i.e. with its strong name signature).
            #
            if {[catch {library certificate $extractFileName}]} then {
              error [appendArgs \
                  "cannot update: extracted native executable \"" \
                  $extractFileName "\" was not properly signed"]
            }

            #
            # HACK: If this platform does not appear to have access to
            #       the necessary native CLR API used to verify strong
            #       name signatures, just skip it.
            #
            if {[info exists ::eagle_platform(strongName)] && \
                [string is true -strict [getDictionaryValue \
                $::eagle_platform(strongName) verified]]} then {
              #
              # NOTE: Does the extracted executable actually contain a
              #       managed assembly?
              #
              if {[catch {
                object invoke System.Reflection.AssemblyName \
                    GetAssemblyName $extractFileName
              }] == 0} then {
                #
                # NOTE: Forcibly verify the strong name signature for
                #       the managed assembly is intact.
                #
                if {[catch {
                  object invoke -flags +NonPublic \
                      Eagle._Components.Private.RuntimeOps \
                      IsStrongNameVerified $extractFileName true
                } verified] == 0 && $verified} then {
                  #
                  # NOTE: Everything is properly signed, do nothing.
                  #
                } else {
                  error [appendArgs \
                      "cannot update: extracted managed assembly \"" \
                      $extractFileName "\" was not properly signed"]
                }
              }
            }
          }
          .eagle -
          .harpy -
          .pdb -
          .xml {
            #
            # NOTE: *SECURITY* These file types are allowed -AND- do not
            #       (currently) require any further verification.
            #
          }
          .rar -
          .zip {
            #
            # NOTE: *SECURITY* These file types are forbidden (for now),
            #       due to the potential for abuse.
            #
            error [appendArgs \
                "cannot update: extracted file \"" $extractFileName \
                "\" has forbidden file extension"]
          }
          default {
            #
            # NOTE: *SECURITY* Other file types are forbidden (for now),
            #       due to the potential for abuse.
            #
            error [appendArgs \
                "cannot update: extracted file \"" $extractFileName \
                "\" has unrecognized file extension"]
          }
        }
      }

      #########################################################################
      ################## PHASE 2: VERIFY RELATIVE FILE NAMES ##################
      #########################################################################

      #
      # NOTE: If we get to this point, all extracted files are verified.
      #       The only remaining thing to do is to copy them to the final
      #       target directory specified by the caller.
      #
      set extractDirectoryLength1 [expr {
        [string length $extractDirectory]
      }]

      set extractDirectoryLength2 [expr {
        $extractDirectoryLength1 - 1
      }]

      foreach extractFileName $extractFileNames {
        #
        # NOTE: Sanity-check that the (prefix) portion of the extracted file
        #       name matches the originally specified extract directory name.
        #
        if {[string range $extractFileName 0 \
            $extractDirectoryLength2] ne $extractDirectory} then {
          error [appendArgs \
              "bad extracted file name \"" $extractFileName \
              "\", not relative to the extract directory"]
        }

        #
        # NOTE: Sanity-check the first character of the calculated relative
        #       file name is a legal directory separator.
        #
        set relativeFileName [string range \
            $extractFileName $extractDirectoryLength1 end]

        if {[string index $relativeFileName 0] ni [list / \\]} then {
          error [appendArgs \
              "bad relative file name \"" $relativeFileName \
              "\", malformed, missing leading directory separator"]
        }
      }

      #########################################################################
      ################### PHASE 3: COPY TO TARGET DIRECTORY ###################
      #########################################################################

      foreach extractFileName $extractFileNames {
        #
        # NOTE: Grab the relative file name from the extracted file name.
        #       This exact relative file name was already sanity-checked
        #       in the previous phase.
        #
        set relativeFileName [string range \
            $extractFileName $extractDirectoryLength1 end]

        #
        # NOTE: Figure out final target file name using the final target
        #       directory and the relative file name for this extracted
        #       file.
        #
        set targetFileName [appendArgs \
            $targetDirectory $relativeFileName]

        #
        # NOTE: Just in case the target sub-directory does not exist yet,
        #       create it now.  Then, copy the extracted file to its final
        #       target sub-directory.
        #
        file mkdir [file dirname $targetFileName]
        file copy $extractFileName $targetFileName
      }
    } finally {
      #
      # NOTE: Completely delete the outer temporary directory, which will
      #       cleanup the fetched update (archive?) file name and all the
      #       files subsequently extracted from the archive.
      #
      catch {file delete -recursive -- $temporaryDirectory}
    }
  }

  #
  # NOTE: This procedure returns the base URI that should be used to check
  #       for available updates.
  #
  proc getUpdateBaseUri { {refresh ""} } {
    #
    # NOTE: Does the caller want to force a choice between the current and
    #       default base URI?
    #
    if {[string length $refresh] > 0} then {
      #
      # NOTE: Return the specified base URI for updates.
      #
      return [info engine UpdateBaseUri $refresh]
    } else {
      #
      # NOTE: Check the current base URI for updates against the one baked
      #       into the assembly.  If they are different, then the base URI
      #       must have been overridden.  In that case, we must return the
      #       current base URI; otherwise, we must return an empty string.
      #
      set baseUri(0) [info engine UpdateBaseUri false]; # NOTE: Current.
      set baseUri(1) [info engine UpdateBaseUri true];  # NOTE: Default.

      if {[string length $baseUri(0)] > 0 && \
          [string length $baseUri(1)] > 0} then {
        #
        # NOTE: Ok, they are both valid.  Are they different?
        #
        if {$baseUri(0) ne $baseUri(1)} then {
          return $baseUri(0)
        }
      }

      return ""
    }
  }

  #
  # NOTE: This procedure returns the path and query portions of the URI that
  #       should be used to check for available updates.
  #
  proc getUpdatePathAndQuery { {refresh ""} } {
    #
    # NOTE: Does the caller want to force a choice between the current and
    #       default tag path and query?
    #
    if {[string length $refresh] > 0} then {
      #
      # NOTE: Return the specified tag path and query for updates.
      #
      return [info engine UpdatePathAndQuery $refresh]
    } else {
      #
      # NOTE: Check the current tag path and query for updates against the
      #       one baked into the assembly.  If they are different, then the
      #       tag path and query must have been overridden.  In that case,
      #       we must return the current tag path and query; otherwise, we
      #       must return an empty string.
      #
      set pathAndQuery(0) [info engine UpdatePathAndQuery \
          false]; # NOTE: Current.

      set pathAndQuery(1) [info engine UpdatePathAndQuery \
          true];  # NOTE: Default.

      if {[string length $pathAndQuery(0)] > 0 && \
          [string length $pathAndQuery(1)] > 0} then {
        #
        # NOTE: Ok, they are both valid.  Are they different?
        #
        if {$pathAndQuery(0) ne $pathAndQuery(1)} then {
          return $pathAndQuery(0)
        }
      }

      return ""
    }
  }

  #
  # NOTE: This procedure downloads the available update data and returns it
  #       verbatim.
  #
  proc getUpdateData { uri } {
    #
    # NOTE: Start trusting ONLY our own self-signed SSL certificate.
    #
    set trusted true

    if {[lindex [uri softwareupdates] end] eq "untrusted"} then {
      catch {uri softwareupdates true}
    } else {
      set trusted false; # NOTE: Already trusted.
    }

    try {
      #
      # NOTE: Download the tag file from the web site.
      #
      return [uri download -inline $uri]; # synchronous.
    } finally {
      if {$trusted && \
          [lindex [uri softwareupdates] end] eq "trusted"} then {
        #
        # NOTE: Stop trusting ONLY our own self-signed SSL certificate.
        #
        catch {uri softwareupdates false}
      }
    }
  }

  #
  # NOTE: This procedure downloads an update script and then returns it
  #       verbatim.
  #
  proc getUpdateScriptData { uri } {
    #
    # NOTE: Start trusting ONLY our own self-signed SSL certificate.
    #
    set trusted true

    if {[lindex [uri softwareupdates] end] eq "untrusted"} then {
      catch {uri softwareupdates true}
    } else {
      set trusted false; # NOTE: Already trusted.
    }

    try {
      #
      # NOTE: Download the script file from the web site.
      #
      return [interp readorgetscriptfile -- "" $uri]; # synchronous.
    } finally {
      if {$trusted && \
          [lindex [uri softwareupdates] end] eq "trusted"} then {
        #
        # NOTE: Stop trusting ONLY our own self-signed SSL certificate.
        #
        catch {uri softwareupdates false}
      }
    }
  }

  #
  # NOTE: This procedure returns the base URI that should be used to download
  #       available updates, if a specific base URI is not specified via the
  #       manifest of available updates.
  #
  proc getDownloadBaseUri {} {
    #
    # NOTE: Just return the current base URI for downloads.
    #
    return [info engine DownloadBaseUri]; # NOTE: Current.
  }

  #
  # NOTE: This procedure returns the base URI that should be used to download
  #       available scripts, if a specific base URI is not specified via the
  #       manifest of available scripts.
  #
  proc getScriptBaseUri {} {
    #
    # NOTE: Just return the current base URI for scripts.
    #
    return [info engine ScriptBaseUri]; # NOTE: Current.
  }

  #
  # NOTE: This procedure returns the base URI that should be used to download
  #       auxiliary data.
  #
  proc getAuxiliaryBaseUri {} {
    #
    # NOTE: Just return the current base URI for auxiliary data.
    #
    return [info engine AuxiliaryBaseUri]; # NOTE: Current.
  }

  #
  # NOTE: This procedure is used to check for new versions -OR- new update
  #       scripts for the runtime when a user executes the interactive
  #       "#check" command.  To disable this functionality, simply redefine
  #       this procedure to do nothing.
  #
  proc checkForEngine {
          {wantScripts false} {quiet false} {prompt false}
          {automatic false} } {
    return [checkForUpdate \
        "" "" "" "" "" "" "" $wantScripts $quiet $prompt $automatic]
  }

  #
  # NOTE: This procedure is used to check for new versions of a plugin just
  #       prior to it being loaded into an interpreter (when an appropriate
  #       flag is enabled).  To disable this functionality, simply redefine
  #       this procedure to do nothing.
  #
  proc checkForPlugin {
          {uri ""} {publicKeyToken ""} {name ""} {culture ""}
          {patchLevel ""} {timeStamp ""} {wantScripts false}
          {quiet false} {prompt false} {automatic false} } {
    return [checkForUpdate \
        plugin $uri $publicKeyToken $name $culture $patchLevel \
        $timeStamp $wantScripts $quiet $prompt $automatic]
  }

  #
  # NOTE: This procedure is used to check for new versions -OR- new update
  #       scripts for the runtime when a user executes the interactive
  #       "#check" command.  To disable this functionality, simply redefine
  #       this procedure to do nothing.
  #
  proc checkForUpdate {
          {type ""} {uri ""} {publicKeyToken ""} {name ""} {culture ""}
          {patchLevel ""} {timeStamp ""} {wantScripts false} {quiet false}
          {prompt false} {automatic false} } {
    #
    # NOTE: First of all, what type of update are we checking?  Possible
    #       values for this include "build", "plugin", "script", et al.
    #       These mirror the values of the UpdateType enumeration.
    #
    if {[string length $type] > 0} then {
      #
      # NOTE: Use the update type specified by the caller directly.  In
      #       the future, perhaps sanity check this?  Currently, its use
      #       is entirely cosmetic.
      #
      set updateType $type
    } else {
      #
      # NOTE: Default to the legacy update type of "build".  Currently,
      #       this is only used to construct messages to be displayed to
      #       the user.
      #
      set updateType build; # LEGACY
    }

    #
    # NOTE: Did the caller directly specify a URI to use?
    #
    if {[string length $uri] > 0} then {
      #
      # NOTE: If the caller specified a URI, it must be fully qualified.
      #       It will be used verbatim.
      #
      set updateBaseUri $uri

      #
      # NOTE: Assume that the URI refers to the latest available version
      #       of the specified product.
      #
      set updateUriType latest; # TODO: Good default?

      #
      # NOTE: If the caller specified a URI, it must be fully qualified.
      #       It will be used verbatim.
      #
      set updateUri $updateBaseUri
    } else {
      #
      # NOTE: Grab the (current) base URI for updates.
      #
      set updateBaseUri [getUpdateBaseUri false]

      #
      # NOTE: Grab the (current) update path and query string used for
      #       updates.
      #
      set updatePathAndQuery [getUpdatePathAndQuery false]

      #
      # TODO: Exract the URI type (e.g. "stable" or "latest") from the
      #       update path and query.  This code may need to be modified
      #       in the future.
      #
      set updateUriType [lindex [split $updatePathAndQuery .] 0]

      #
      # NOTE: Combine them to form the complete update URI.
      #
      set updateUri [appendArgs $updateBaseUri $updatePathAndQuery]
    }

    #
    # NOTE: Did the caller directly specify a public key token to use?
    #
    if {[string length $publicKeyToken] > 0} then {
      #
      # NOTE: Use the public key token specified by the caller to match
      #       against.
      #
      set updatePublicKeyToken $publicKeyToken
    } else {
      #
      # NOTE: Use the public key token of the script engine to match
      #       against.
      #
      set updatePublicKeyToken [info engine PublicKeyToken]
    }

    #
    # NOTE: Did the caller directly specify a (product) name to use?  In
    #       almost all cases, this will be the base name of the manifest
    #       assembly associated with the product.
    #
    if {[string length $name] > 0} then {
      #
      # NOTE: Use the (product) name specified by the caller to match
      #       against.
      #
      set updateName $name
    } else {
      #
      # NOTE: Use assembly name of the script engine to match against.
      #
      set updateName Eagle; # LEGACY
    }

    #
    # NOTE: Did the caller directly specify a culture name to use?  In
    #       almost all cases, this will be the invariant culture.
    #
    if {[string length $culture] > 0} then {
      #
      # NOTE: Use the culture name specified by the caller to match
      #       against.
      #
      set updateCulture $culture
    } else {
      #
      # NOTE: Use culture name of the script engine to match against.
      #
      set updateCulture [info engine Culture]
    }

    #
    # NOTE: Did the caller directly specify a patch level to use?
    #
    if {[string length $patchLevel] > 0} then {
      #
      # NOTE: Use the patch level specified by the caller to compare
      #       against versions available on the server.
      #
      set updatePatchLevel $patchLevel
    } else {
      #
      # NOTE: Use patch level of the script engine to compare against
      #       versions available on the server.
      #
      set updatePatchLevel [info engine PatchLevel]
    }

    #
    # NOTE: Did the caller directly specify a timestamp to use?  As of
    #       this writing (2019-05-10) this is only used to construct an
    #       information message to the user.
    #
    if {[string length $timeStamp] > 0} then {
      #
      # NOTE: Use the timestamp specified by the caller.
      #
      set updateTimeStamp $timeStamp
    } else {
      #
      # NOTE: Use timestamp of the script engine.
      #
      set updateTimeStamp [info engine TimeStamp]
    }

    if {[string length $updateTimeStamp] == 0} then {
      #
      # NOTE: This will end up displaying as the Unix epoch, which would
      #       be January 1st, 1970 at midnight (UTC).
      #
      set updateTimeStamp 0; #never?
    }

    #
    # NOTE: What should the DateTime format be for display?  This should
    #       be some variation on ISO-8601.
    #
    set dateTimeFormat yyyy-MM-ddTHH:mm:ss

    #
    # NOTE: Does it look like the number of seconds since the epoch -OR-
    #       some kind of date/time string?
    #
    if {[string is integer -strict $updateTimeStamp]} then {
      set updateDateTime [clock format \
          $updateTimeStamp -format $dateTimeFormat]
    } else {
      set updateDateTime [clock format \
          [clock scan $updateTimeStamp] -format $dateTimeFormat]
    }

    #
    # NOTE: Fetch the master update data from the distribution site and
    #       normalize to Unix-style line-endings.
    #
    set updateData [string map [list \r\n \n] [getUpdateData $updateUri]]

    #
    # NOTE: Split the data into lines.  Given the previous command, this
    #       will always use Unix-style line-endings.
    #
    set lines [split $updateData \n]

    #
    # NOTE: Keep track of how many update scripts are processed -AND- their
    #       associated (final) dispositions.
    #
    array set scriptCounts {
      invalid              0 fail                 0 bad                  0
      ok                   0 error                0
    }

    #
    # NOTE: Check each update line to find the build information...  Lines
    #       that do not conform to the correct format should be skipped.
    #
    foreach line $lines {
      #
      # NOTE: Remove surrounding spaces (but not tabs), skip blank lines
      #       and comment lines.
      #
      set line [string trim $line " "]
      if {[string length $line] == 0} then {continue}

      set char [string index $line 0]
      if {$char eq "#" || $char eq ";"} then {continue}

      #
      # NOTE: Split the tab-delimited line into its fields.  The format of
      #       all lines in the data must be as follows, all on the same
      #       line:
      #
      #       <startLine> protocolId <tab> publicKeyToken <tab> name <tab>
      #       culture <tab> patchLevel <tab> timeStamp <tab> baseUri <tab>
      #       md5Hash <tab> sha1Hash <tab> sha512Hash <tab> notes <newLine>
      #
      set fields [split $line \t]
      if {[llength $fields] < 11} then {continue}

      #
      # NOTE: Grab the protocol Id field.
      #
      set product(protocolId) [lindex $fields 0]

      #
      # NOTE: Grab the public key token field.
      #
      set product(publicKeyToken) [lindex $fields 1]

      #
      # NOTE: Grab the (product) name field.
      #
      set product(name) [lindex $fields 2]

      #
      # NOTE: Grab the culture field.
      #
      set product(culture) [lindex $fields 3]

      #
      # NOTE: Figure out which protocol is in use for this line.  The value
      #       "1" means this line specifies a build of the script engine.
      #       The value "2" means this line specifies an update script (via
      #       a URI) to evaluate.  The value "3" means this line specifies
      #       a build of the GUI updater tool (not handled by this script).
      #       The value "4" means this line specifies a build of a (binary)
      #       plugin.  All other values are currently reserved and ignored.
      #
      set checkBuild [expr {
        !$wantScripts && $product(protocolId) eq "1"
      }]

      set checkScript [expr {
        $wantScripts && $product(protocolId) eq "2"
      }]

      set checkSelf [expr {
        !$wantScripts && $product(protocolId) eq "3"
      }]

      set checkPlugin [expr {
        !$wantScripts && $product(protocolId) eq "4"
      }]

      #
      # NOTE: We only want to find the first line that matches our target.
      #       The public key token is being used here to make sure we get
      #       the same build "flavor" of the script engine -OR- the binary
      #       plugin vendor / identity.  These lines are organized so that
      #       the "latest stable version" should be on the first line (for
      #       a given public key token) and may be followed by development
      #       / experimental versions, etc.  Prior to checking patch level
      #
      #
      if {($checkBuild || $checkScript || $checkPlugin) && \
          [matchUpdatePublicKeyToken \
              $product(publicKeyToken) $updatePublicKeyToken] && \
          [matchUpdateName $product(name) $updateName] && \
          [matchUpdateCulture $product(culture) $updateCulture]} then {
        #
        # NOTE: Grab the patch level field.
        #
        set product(patchLevel) [lindex $fields 4]

        if {[string length $product(patchLevel)] == 0} then {
          set product(patchLevel) 0.0.0.0; # no patch level?
        }

        #
        # NOTE: Grab the time-stamp field.
        #
        set product(timeStamp) [lindex $fields 5]

        if {[string length $product(timeStamp)] == 0} then {
          set product(timeStamp) 0; #never?
        }

        #
        # NOTE: What should the DateTime format be for display?  This
        #       should be some variation on ISO-8601.
        #
        set dateTimeFormat yyyy-MM-ddTHH:mm:ss

        #
        # NOTE: Does it look like the number of seconds since the epoch
        #       or some kind of date/time string?
        #
        if {[string is integer -strict $product(timeStamp)]} then {
          set product(dateTime) [clock format \
              $product(timeStamp) -format $dateTimeFormat]
        } else {
          set product(dateTime) [clock format \
              [clock scan $product(timeStamp)] -format $dateTimeFormat]
        }

        #
        # NOTE: For build lines, compare the patch level from the line
        #       to the one we are currently using using a simple patch
        #       level comparison.
        #
        if {$checkBuild || $checkPlugin} then {
          #
          # NOTE: Compare patch level from this line against the one
          #       associated with the target product.
          #
          set compare [package \
              vcompare $product(patchLevel) $updatePatchLevel]
        } else {
          #
          # NOTE: This is not a build line, no match.
          #
          set compare -1; # force less than as fake result
        }

        #
        # NOTE: For script lines, use regular expression matching.
        #
        if {$checkScript} then {
          #
          # NOTE: Use [catch] here to prevent raising a script error due
          #       to a malformed patch level regular expression.
          #
          if {[catch {
            regexp -nocase -- $product(patchLevel) $updatePatchLevel
          } match]} then {
            #
            # NOTE: The patch level from the script line was most likely
            #       not a valid regular expression.
            #
            set match false
          }
        } else {
          #
          # NOTE: This is not a script line, so no match.
          #
          set match false
        }

        #
        # NOTE: Are we interested in further processing this line?
        #
        if {(($checkBuild || $checkPlugin) && $compare > 0) ||
            ($checkScript && $match)} then {
          #
          # NOTE: Grab the base URI field (i.e. may be a mirror site).
          #       Then, if set, use it as the base URI for the build
          #       and/or script.  Fallback to using the default base
          #       URI for builds (or scripts) when the base URI field
          #       is not present.
          #
          set product(baseUri) [lindex $fields 6]

          if {$checkBuild || $checkPlugin} then {
            if {[string length $product(baseUri)] > 0} then {
              set buildUri $product(baseUri)
            } else {
              set buildUri [getDownloadBaseUri]; # primary site.
            }
          }

          if {$checkScript} then {
            if {[string length $product(baseUri)] > 0} then {
              set scriptUri $product(baseUri)
            } else {
              set scriptUri [getScriptBaseUri]; # primary site.
            }
          }

          #
          # NOTE: Grab the md5, sha1, and sha512 fields.  These will only
          #       be used (and validated) if a script update is processed
          #       (below).  However, they will always be included in the
          #       result if the build is a later version.
          #
          set product(md5) [lindex $fields 7]
          set product(sha1) [lindex $fields 8]
          set product(sha512) [lindex $fields 9]

          #
          # NOTE: Grab the notes field (which may be empty) and unescape
          #       any reserved characters within it.  The notes may end
          #       up being included in the result returned to the caller
          #       and in that case they will be [list] escaped instead.
          #
          set product(notes) [lindex $fields 10]

          if {[string length $product(notes)] > 0} then {
            set product(notes) [unescapeUpdateNotes $product(notes)]
          }

          #
          # NOTE: The update patch level from the line is greater, we
          #       are out-of-date.  Return the result of our checking
          #       now.
          #
          if {$checkBuild || $checkPlugin} then {
            #
            # NOTE: Are we supposed to prompt the interactive user, if
            #       any, to upgrade now?
            #
            set text [appendArgs \
                $updateUriType " " $updateType " " \
                $product(patchLevel) ", dated " $product(dateTime) \
                ", is newer than the running " $updateType " " \
                $updatePatchLevel ", dated " $updateDateTime \
                ", based on the data from " $updateBaseUri]

            if {$prompt && [isInteractive]} then {
              #
              # NOTE: Is the [object] command available?  If not, this
              #       cannot be done.
              #
              if {[llength [info commands object]] > 0} then {
                set messageCaption [appendArgs \
                    [info engine Name] " (" [lindex [info level 0] 0] \
                    " script)"]

                set messageText [appendArgs \
                    "The " $text \n\n "Run the updater tool now?"]

                if {$automatic} then {
                  append messageText \n\n \
                      "WARNING: The updater tool process will be " \
                      "run in automatic mode and there will be no " \
                      "further prompts."
                }

                if {[object invoke -flags +NonPublic \
                    Eagle._Components.Private.WindowOps YesOrNo \
                    $messageText $messageCaption false]} then {
                  #
                  # NOTE: Ok, run the updater tool now and then exit.
                  #
                  runUpdateAndExit $automatic
                }
              }
            }

            #
            # NOTE: If we get to this point, the user has opted to not run
            #       the updater tool -OR- it cannot be run for some reason.
            #
            return [list \
                $text [list uri $buildUri patchLevel $product(patchLevel) \
                notes $product(notes) md5 $product(md5) sha1 $product(sha1) \
                sha512 $product(sha512)]]
          }

          #
          # NOTE: The script patch level from this line matches the current
          #       engine patch level exactly.  Therefore, the script should
          #       be evaluated if it can be authenticated.
          #
          if {$checkScript} then {
            #
            # NOTE: First, set the default channel for update script status
            #       messages.  If the test channel has been set (i.e. by the
            #       test suite), it will be used instead.
            #
            if {![info exists channel]} then {
              set channel [expr {
                [info exists ::test_channel] ? $::test_channel : "stdout"
              }]
            }

            #
            # NOTE: Next, verify the script has a valid base URI.  For update
            #       scripts, this must be the location where the update script
            #       data can be downloaded.
            #
            if {[string length $scriptUri] == 0} then {
              if {!$quiet} then {
                tqputs $channel [appendArgs \
                    "---- invalid baseUri value for update script " \
                    "line: " $line \"\n]
              }

              incr scriptCounts(invalid); continue
            }

            #
            # NOTE: Next, grab md5 field and see if it looks valid.  Below,
            #       the value of this field will be compared to that of the
            #       actual MD5 hash of the downloaded script data.
            #
            if {[string length $product(md5)] == 0} then {
              if {!$quiet} then {
                tqputs $channel [appendArgs \
                    "---- invalid md5 value for update script " \
                    "line: " $line \"\n]
              }

              incr scriptCounts(invalid); continue
            }

            #
            # NOTE: Next, grab sha1 field and see if it looks valid.  Below,
            #       the value of this field will be compared to that of the
            #       actual SHA1 hash of the downloaded script data.
            #
            if {[string length $product(sha1)] == 0} then {
              if {!$quiet} then {
                tqputs $channel [appendArgs \
                    "---- invalid sha1 value for update script " \
                    "line: " $line \"\n]
              }

              incr scriptCounts(invalid); continue
            }

            #
            # NOTE: Next, grab sha512 field and see if it looks valid.  Below,
            #       the value of this field will be compared to that of the
            #       actual SHA512 hash of the downloaded script data.
            #
            if {[string length $product(sha512)] == 0} then {
              if {!$quiet} then {
                tqputs $channel [appendArgs \
                    "---- invalid sha512 value for update script " \
                    "line: " $line \"\n]
              }

              incr scriptCounts(invalid); continue
            }

            #
            # NOTE: Next, show the extra information associated with this
            #       update script, if any.
            #
            if {!$quiet} then {
              tqputs $channel [appendArgs \
                  "---- fetching update script from \"" $scriptUri \
                  "\" (" $product(dateTime) ") with notes:\n"]

              set trimNotes [string trim $product(notes)]

              tqputs $channel [appendArgs \
                  [expr {[string length $trimNotes] > 0 ? $trimNotes : \
                  "<none>"}] "\n---- end of update script notes\n"]
            }

            #
            # NOTE: Next, attempt to fetch the update script data.
            #
            set code [catch {getUpdateScriptData $scriptUri} result]

            if {$code == 0} then {
              #
              # NOTE: Success, set the script data from the result.
              #
              set scriptData $result
            } else {
              #
              # NOTE: Failure, report the error message to the log.
              #
              if {!$quiet} then {
                tqputs $channel [appendArgs \
                    "---- failed to fetch update script: " $result \n]
              }

              incr scriptCounts(fail); continue
            }

            #
            # NOTE: Next, verify that the md5, sha1, and sha512 hashes of
            #       the raw script data match what was specified in the
            #       md5, sha1, and sha512 fields.
            #
            set md5 [hash normal md5 $scriptData]

            if {![string equal -nocase $product(md5) $md5]} then {
              if {!$quiet} then {
                tqputs $channel [appendArgs \
                    "---- wrong md5 value \"" $md5 \
                    "\" for update script line: " $line \"\n]
              }

              incr scriptCounts(bad); continue
            }

            set sha1 [hash normal sha1 $scriptData]

            if {![string equal -nocase $product(sha1) $sha1]} then {
              if {!$quiet} then {
                tqputs $channel [appendArgs \
                    "---- wrong sha1 value \"" $sha1 \
                    "\" for update script line: " $line \"\n]
              }

              incr scriptCounts(bad); continue
            }

            set sha512 [hash normal sha512 $scriptData]

            if {![string equal -nocase $product(sha512) $sha512]} then {
              if {!$quiet} then {
                tqputs $channel [appendArgs \
                    "---- wrong sha512 value \"" $sha512 \
                    "\" for update script line: " $line \"\n]
              }

              incr scriptCounts(bad); continue
            }

            #
            # NOTE: Everything looks good.  Therefore, evaluate the update
            #       script and print the result.
            #
            if {!$quiet} then {
              tqputs $channel [appendArgs \
                  "---- evaluating update script from \"" $scriptUri \
                  \"...\n]
            }

            #
            # NOTE: Reset the variables that will be used to contain the
            #       result of the update script.
            #
            set code 0; set result ""

            #
            # NOTE: Must manually override the file name to be returned by
            #       [info script] to refer back to the original script base
            #       URI.
            #
            set pushed false

            if {[llength [info commands object]] > 0} then {
              object invoke -flags +NonPublic Interpreter.GetActive \
                  PushScriptLocation $scriptUri true pushed
            }

            try {
              #
              # NOTE: Evaluate the update script in the context of the
              #       caller.
              #
              set code [catch {uplevel 1 $scriptData} result]
            } finally {
              #
              # NOTE: Reset manual override of the script file name to be
              #       returned by [info script].
              #
              object invoke -flags +NonPublic Interpreter.GetActive \
                  PopScriptLocation true pushed
            }

            #
            # NOTE: Keep track of number of update scripts that generate
            #       Ok and Error return codes.
            #
            if {$code == 0} then {
              incr scriptCounts(ok)
            } else {
              incr scriptCounts(error)
            }

            if {!$quiet} then {
              host result $code $result
              tqputs $channel "\n---- end of update script results\n"
            }
          }
        } elseif {($checkBuild || $checkPlugin) && $compare < 0} then {
          #
          # NOTE: The patch level from the line is less, we are more
          #       up-to-date than the latest version?
          #
          return [list [appendArgs \
              "running " $updateType " " $updatePatchLevel ", dated " \
              $updateDateTime ", is newer than the " $updateUriType " " \
              $updateType " " $product(patchLevel) ", dated " \
              $product(dateTime) ", based on the data " "from " \
              $updateBaseUri]]
        } elseif {$checkBuild || $checkPlugin} then {
          #
          # NOTE: The patch levels are equal, we are up-to-date.
          #
          return [list [appendArgs \
              "running " $updateType " " $updatePatchLevel ", dated " \
              $updateDateTime ", is the " $updateUriType " " $updateType \
              ", based on the data from " $updateBaseUri]]
        }
      }
    }

    #
    # NOTE: Figure out what the final result should be.  If we get to this
    #       point when checking for a new build, something must have gone
    #       awry.  Otherwise, report the number of update scripts that were
    #       successfully processed.
    #
    if {$wantScripts} then {
      set scriptCounts(total) [expr [join [array values scriptCounts] +]]

      if {$scriptCounts(total) > 0} then {
        return [list [appendArgs \
            "processed " $scriptCounts(total) " update scripts: " [array \
            get scriptCounts]]]
      } else {
        return [list "no update scripts were processed"]
      }
    } else {
      return [list [appendArgs \
          "could not determine if running " $updateType " is the latest " \
          $updateType]]
    }
  }

  #
  # NOTE: Provide the Eagle "update" package to the interpreter.
  #
  package provide Eagle.Update \
    [expr {[isEagle] ? [info engine PatchLevel] : "1.0"}]
}