Add sig validation in binary
Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>
This commit is contained in:
parent
b247d3dfec
commit
74bf044c74
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,2 +1,3 @@
|
|||||||
gitinfo.go
|
gitinfo.go
|
||||||
dist
|
dist
|
||||||
|
privkey.pem
|
||||||
|
3
genKeys.sh
Executable file
3
genKeys.sh
Executable file
@ -0,0 +1,3 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
openssl ecparam -name prime256v1 -genkey -noout -out privkey.pem
|
||||||
|
openssl ec -in privkey.pem -pubout -out pubkey.pem
|
5
go.mod
5
go.mod
@ -4,4 +4,7 @@ go 1.15
|
|||||||
|
|
||||||
replace github.com/creativeprojects/go-selfupdate => /Users/LB/Desktop/z_Projects/go-selfupdate
|
replace github.com/creativeprojects/go-selfupdate => /Users/LB/Desktop/z_Projects/go-selfupdate
|
||||||
|
|
||||||
require github.com/creativeprojects/go-selfupdate v0.0.0-00010101000000-000000000000
|
require (
|
||||||
|
github.com/creativeprojects/go-selfupdate v0.0.0-00010101000000-000000000000
|
||||||
|
github.com/kenshaw/pemutil v0.1.0
|
||||||
|
)
|
||||||
|
2
go.sum
2
go.sum
@ -107,6 +107,8 @@ github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ
|
|||||||
github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
|
github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
|
||||||
github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
|
github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
|
||||||
github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
|
github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
|
||||||
|
github.com/kenshaw/pemutil v0.1.0 h1:rA3FC1PkBPlt/ez3iHgMzdEEFq4Bhnpkh/g2C68oRac=
|
||||||
|
github.com/kenshaw/pemutil v0.1.0/go.mod h1:KDF39i6NCZ2UJYtdyVVQi8l+G5S3zgE26GzAjFiLmHQ=
|
||||||
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
|
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
|
||||||
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
|
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
|
||||||
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
|
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
|
||||||
|
18
main.go
18
main.go
@ -8,6 +8,7 @@ import (
|
|||||||
"runtime"
|
"runtime"
|
||||||
|
|
||||||
selfupdate "github.com/creativeprojects/go-selfupdate"
|
selfupdate "github.com/creativeprojects/go-selfupdate"
|
||||||
|
"github.com/kenshaw/pemutil"
|
||||||
)
|
)
|
||||||
|
|
||||||
//go:generate sh injectGitVars.sh
|
//go:generate sh injectGitVars.sh
|
||||||
@ -36,9 +37,24 @@ func main() {
|
|||||||
|
|
||||||
func update(version string) error {
|
func update(version string) error {
|
||||||
source, _ := selfupdate.NewGiteaSource(selfupdate.GiteaConfig{BaseURL: "https://git.lbsfilm.at/"})
|
source, _ := selfupdate.NewGiteaSource(selfupdate.GiteaConfig{BaseURL: "https://git.lbsfilm.at/"})
|
||||||
|
|
||||||
|
store := make(pemutil.Store)
|
||||||
|
err := pemutil.Decode(store, []byte(`-----BEGIN PUBLIC KEY-----
|
||||||
|
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0+99Oxlx+P6F9Cd5pUIw6oGY2oFL
|
||||||
|
qCf//kV/S27OpD6skuEveQG+M1k6eT/o8oVDJ0sj3aIyaF+vruZaBB9HeA==
|
||||||
|
-----END PUBLIC KEY-----`))
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
pubkey, ok := store.ECPublicKey()
|
||||||
|
if !ok {
|
||||||
|
return fmt.Errorf("no pubkey")
|
||||||
|
}
|
||||||
updater, err := selfupdate.NewUpdater(selfupdate.Config{
|
updater, err := selfupdate.NewUpdater(selfupdate.Config{
|
||||||
Source: source,
|
Source: source,
|
||||||
Validator: nil,
|
Validator: &selfupdate.ECDSAValidator{
|
||||||
|
PublicKey: pubkey,
|
||||||
|
},
|
||||||
OS: runtime.GOOS,
|
OS: runtime.GOOS,
|
||||||
Arch: runtime.GOARCH,
|
Arch: runtime.GOARCH,
|
||||||
Arm: 0,
|
Arm: 0,
|
||||||
|
4
pubkey.pem
Normal file
4
pubkey.pem
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
-----BEGIN PUBLIC KEY-----
|
||||||
|
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0+99Oxlx+P6F9Cd5pUIw6oGY2oFL
|
||||||
|
qCf//kV/S27OpD6skuEveQG+M1k6eT/o8oVDJ0sj3aIyaF+vruZaBB9HeA==
|
||||||
|
-----END PUBLIC KEY-----
|
Loading…
Reference in New Issue
Block a user