New version shortcut

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

.gitignore

@@ -1,2 +1,3 @@
 gitinfo.go
 dist
+privkey.pem

.goreleaser.yml

@@ -22,6 +22,23 @@ changelog:
     exclude:
       - '^docs:'
       - '^test:'
+signs:
+  - id: selfupdatesign
+
+    # path to the signature command
+    #
+    # defaults to `gpg`
+    cmd: openssl
+
+    # command line templateable arguments for the command
+    #
+    # to sign with a specific key use
+    # args: ["-u", "<key id, fingerprint, email, ...>", "--output", "${signature}", "--detach-sign", "${artifact}"]
+    #
+    # defaults to `["--output", "${signature}", "--detach-sign", "${artifact}"]`
+    args: ["dgst", "-sha256", "-sign", "privkey.pem", "-out", "${artifact}.sig", "${artifact}"]
+
+    artifacts: all
 gitea_urls:
   api: https://git.lbsfilm.at/api/v1/
   download: https://git.lbsfilm.at

genKeys.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+openssl ecparam -name prime256v1 -genkey -noout -out privkey.pem
+openssl ec -in privkey.pem -pubout -out pubkey.pem

go.mod

@@ -4,4 +4,7 @@ go 1.15
 
 replace github.com/creativeprojects/go-selfupdate => /Users/LB/Desktop/z_Projects/go-selfupdate
 
-require github.com/creativeprojects/go-selfupdate v0.0.0-00010101000000-000000000000
+require (
+	github.com/creativeprojects/go-selfupdate v0.0.0-00010101000000-000000000000
+	github.com/kenshaw/pemutil v0.1.0
+)

go.sum

@@ -107,6 +107,8 @@ github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
+github.com/kenshaw/pemutil v0.1.0 h1:rA3FC1PkBPlt/ez3iHgMzdEEFq4Bhnpkh/g2C68oRac=
+github.com/kenshaw/pemutil v0.1.0/go.mod h1:KDF39i6NCZ2UJYtdyVVQi8l+G5S3zgE26GzAjFiLmHQ=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=

main.go

@@ -8,6 +8,7 @@ import (
 	"runtime"
 
 	selfupdate "github.com/creativeprojects/go-selfupdate"
+	"github.com/kenshaw/pemutil"
 )
 
 //go:generate sh injectGitVars.sh
@@ -19,14 +20,14 @@ func main() {
 		fmt.Println("provide a command")
 		os.Exit(1)
 	} else if os.Args[1] == "upgrade" || os.Args[1] == "up" {
-		fmt.Print("Trying Upgrade... ")
+		fmt.Println("Trying Upgrade... ")
 		err := update(gitTag)
 		if err != nil {
 			fmt.Println(err)
 		} else {
 			fmt.Println("Success")
 		}
-	} else if os.Args[1] == "version" {
+	} else if os.Args[1] == "version" || os.Args[1] == "v" {
 		fmt.Print("Version ")
 		fmt.Println(gitTag)
 	} else {
@@ -36,12 +37,27 @@ func main() {
 
 func update(version string) error {
 	source, _ := selfupdate.NewGiteaSource(selfupdate.GiteaConfig{BaseURL: "https://git.lbsfilm.at/"})
+
+	store := make(pemutil.Store)
+	err := pemutil.Decode(store, []byte(`-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0+99Oxlx+P6F9Cd5pUIw6oGY2oFL
+qCf//kV/S27OpD6skuEveQG+M1k6eT/o8oVDJ0sj3aIyaF+vruZaBB9HeA==
+-----END PUBLIC KEY-----`))
+	if err != nil {
+		return err
+	}
+	pubkey, ok := store.ECPublicKey()
+	if !ok {
+		return fmt.Errorf("no pubkey")
+	}
 	updater, err := selfupdate.NewUpdater(selfupdate.Config{
-		Source:    source,
-		Validator: nil,
-		OS:        runtime.GOOS,
-		Arch:      runtime.GOARCH,
-		Arm:       0,
+		Source: source,
+		Validator: &selfupdate.ECDSAValidator{
+			PublicKey: pubkey,
+		},
+		OS:   runtime.GOOS,
+		Arch: runtime.GOARCH,
+		Arm:  0,
 	})
 
 	latest, found, err := updater.DetectLatest("lbsadmin/goselfupdatetest")

pubkey.pem

@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0+99Oxlx+P6F9Cd5pUIw6oGY2oFL
+qCf//kV/S27OpD6skuEveQG+M1k6eT/o8oVDJ0sj3aIyaF+vruZaBB9HeA==
+-----END PUBLIC KEY-----