Verify Syncthing downloads

Rakefile

@@ -16,6 +16,10 @@ PORTABLE_DIR = 'portable'
 
 SLN = 'src/SyncTrayzor.sln'
 
+CHECKSUM_UTIL_CSPROJ = 'src/ChecksumUtil/ChecksumUtil.csproj'
+CHECKSUM_UTIL_EXE = 'bin/ChecksumUtil/Release/ChecksumUtil.exe'
+SYNCTHING_RELEASES_CERT = 'security/syncthing_releases_cert.asc'
+
 PFX = ENV['PFX'] || File.join(INSTALLER_DIR, 'SyncTrayzorCA.pfx')
 
 PORTABLE_SYNCTHING_VERSION = '0.11'
@@ -42,8 +46,12 @@ class ArchDirConfig
     @syncthing_binaries = { '0.11' => 'syncthing.exe' }
   end
 
+  def sha1sum_download_uri(version)
+    "https://github.com/syncthing/syncthing/releases/download/v#{version}/sha1sum.txt.asc"
+  end
+
   def download_uri(version)
-  	return "https://github.com/syncthing/syncthing/releases/download/v#{version}/syncthing-windows-#{@github_arch}-v#{version}.zip"
+  	"https://github.com/syncthing/syncthing/releases/download/v#{version}/syncthing-windows-#{@github_arch}-v#{version}.zip"
   end
 end
 
@@ -59,18 +67,22 @@ def ensure_7zip
   end
 end
 
+def build(sln, platform)
+  cmd = "\"#{MSBUILD}\" \"#{sln}\" /t:Clean;Rebuild /p:Configuration=#{CONFIG};Platform=#{platform}"
+  if MSBUILD_LOGGER
+    cmd << " /logger:\"#{MSBUILD_LOGGER}\" /verbosity:minimal"
+  else
+    cmd << " /verbosity:quiet"
+  end
+  
+  sh cmd
+end
+
 namespace :build do
   ARCH_CONFIG.each do |arch_config|
     desc "Build the project (#{arch_config.arch})"
     task arch_config.arch do
-      cmd = "\"#{MSBUILD}\" \"#{SLN}\" /t:Clean;Rebuild /p:Configuration=#{CONFIG};Platform=#{arch_config.arch}"
-      if MSBUILD_LOGGER
-        cmd << " /logger:\"#{MSBUILD_LOGGER}\" /verbosity:minimal"
-      else
-        cmd << " /verbosity:quiet"
-      end
-      
-      sh cmd
+      build(SLN, arch_config.arch)
     end
   end
 end
@@ -78,6 +90,10 @@ end
 desc 'Build both 64-bit and 32-bit binaries'
 task :build => ARCH_CONFIG.map{ |x| :"build:#{x.arch}" }
 
+task :"build-checksum-util" do
+  build(CHECKSUM_UTIL_CSPROJ, 'AnyCPU')
+end
+
 namespace :installer do
   ARCH_CONFIG.each do |arch_config|
     desc "Create the installer (#{arch_config.arch})"
@@ -233,18 +249,27 @@ end
 namespace :"download-syncthing" do
   ARCH_CONFIG.each do |arch_config|
     desc "Download syncthing (#{arch_config.arch})"
-    task arch_config.arch, [:version] do |t, args|
+    task arch_config.arch, [:version]  => [:"build-checksum-util"] do |t, args|
       ensure_7zip
 
       Dir.mktmpdir do |tmp|
-        File.open(File.join(tmp, 'syncthing.zip'), 'wb') do |outfile|
+        download_file = File.join(tmp, File.basename(arch_config.download_uri(args[:version])))
+        File.open(download_file, 'wb') do |outfile|
           open(arch_config.download_uri(args[:version]), { ssl_verify_mode: OpenSSL::SSL::VERIFY_NONE }) do |infile|
             outfile.write(infile.read)
           end
         end
 
+        File.open(File.join(tmp, 'sha1sum.txt.asc.'), 'w') do |outfile|
+          open(arch_config.sha1sum_download_uri(args[:version]), { ssl_verify_mode: OpenSSL::SSL::VERIFY_NONE }) do |infile|
+            outfile.write(infile.read)
+          end
+        end
+
+        sh CHECKSUM_UTIL_EXE, 'verify', File.join(tmp, 'sha1sum.txt.asc'), SYNCTHING_RELEASES_CERT, download_file
+
         Dir.chdir(tmp) do
-          sh %Q{"#{SZIP}" e syncthing.zip}
+          sh %Q{"#{SZIP}" e #{File.basename(download_file)}}
         end
 
         cp File.join(tmp, 'syncthing.exe'), File.join(arch_config.installer_dir, 'syncthing.exe')

security/syncthing_releases_cert.asc

@@ -0,0 +1,88 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2
+
+mQENBFShFd8BCADHQq9byO6uehb51iieKKi2KEwudhkbV74r8ZsGp0Q3asmv6cPl
+EFLKXCs9vm9f0Qn58up44ikd/782Gu7CQoFBM/DGj1SGXpWRj7fd6nnErA5JUiUz
+hpYN/Py0XWSApZE0xXUhBnd1UM1ymnWjGxu6HYb2ZIayr3jisZmUOVIwHJToqjIK
+grjt9afTlvDOfBN5GBeLYetByvza3JGt9kwn9z1ryhssyVHur+uXvJq7CuXJzImU
+E4QW9fwjeOHFFBQevYMVHhnlVgXGQ/fNmYW+MeXG4GE8viyRuv0asRwMjp+1zpP1
+EvAM/Z8Y9Udv1DvSTjonET3G9fOyNfU3HNcvABEBAAG0NFN5bmN0aGluZyBSZWxl
+YXNlIE1hbmFnZW1lbnQgPHJlbGVhc2VAc3luY3RoaW5nLm5ldD6JARwEEAECAAYF
+AlTL3NcACgkQflBih61J898+oAgA0MFLW3LVxyf9YgB4YWJcJsklt5IAEih0gqM4
+i3bvsC/1fssoP+A/dyBPAdBYvhao1PA93IfmjH9mtkHbHetfWt2D3ua9brFZRKrW
+2luK5CFONddsQ5WB0w75lpk5f0+fWZZWM8uY6IqN6rpmTylNDZNAwmxE91lpK/Em
+fk41NMfqvrU5O8GPPmHekHGgE1P4/ogMFhjAiOMUpXxJ2lvqn183OyYyt/J5agP3
+45Rspv6b7j7OOEqeJ16yM0+IYdo5Kbol/BMrlS6dIaUtwjDgED1W1H8ELgxIs5Ni
+1F2nuuqre3ABAj9lTJVNquh4Blf/nGKSinLKeXPOcO//foHmSYkBOAQTAQIAIgUC
+VKEV3wIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ0m5u0ABlSj5euwgA
+qT1SyCDpH/r+1+iF1ONX2Cl4yf4Gm8/luhMARZ1MMXRrODTpoC3R6eCtWRvAbvQ1
+/0opsNxINlQmzWRlWrVMm+jcmdH4PDRr0BwS9j7MNFwa4eYiN16LlC1oyxUH7xvN
+HSa5fVhHDQyGdweDhu8TNZ2tZEdmvvW2tUpOba//FbYF3UombNS/8PYOMwvc0vtK
+RtkweapNYT2M2hJqOXF0ixlEzRBvNEQSQL3n8g1pm8rWfyNjV+htjmoDHaSfOnpI
+vHxNqY3xFwAICGRXjc2cUJ1veGETpbbbErsEXANK+hS+b7GL00lYuDpRY9VIA+3o
+Rv9F21SVfHTlrBHofM391IkCHAQQAQIABgUCVKEV7QAKCRBJ9a7AvOUkx3MfD/0Q
+gMGc5Ml0LNDsZNRmNRBt3DaXdqaAi8mIgVXCPe/M0hUsA5wIB6PeMGJmlTD0H/Y6
+bPdjeox5vhTRA/kSkE8I2aRWJn8e+D1HlrFahue+xdPLFMwEmovsgnhbg+sqh4hb
+eKM22PlvmTj4Okwq2ZnsjW7bHkJJ6Tq/MPFHFqqksgkWl1QZEEp95XGZvZBBsipC
+YMFkYRorkgJ8V6A0Zhl3JWqDsX+2veYw45ae47VoWGodA6O1mYbhN+mOt2stnYzi
+ptF/QwPp2Q6e2Ea9le1joHHuCteqa2RPn3z5hGbdgrj0q8KIA6mL2cLE+XcknRXP
+0xpbHZjw4PM3+w5iizo/Gc92U/fFVII7LF16COpuj0hDB6DcRy5XOTKEVZ0g6LED
+mqHbwTVa6f7AjVHQT299IVde9Ul5JD9aGT58YMoSQnGKn8igKjXjUM0qP/AnfFKz
+Te9Oq1PA3+490iwJtZFKobqYvUA6CLro18WJPpa7mu78X7qnRc8kPkAveYXiHIWE
+C0D+goBgazoVYej7pubkEG6SVJAwlsK3z9PgsT9BYUq0ksx6c4gICvAHCpKjxZc2
+PIuOdF1CkxNS4obfolLIxZ0uYyrgUFIgKOQ4o5H/hEKYhH6EvibiV+Nz8UTIx7SM
+oDHw27jDOmipQfKCyWPASOZ/MN0ntLYxEbTQQfO7t4kCHAQQAQgABgUCVLPpjgAK
+CRCNfV1EC59uJr+XEACxh4cmiaK7QLmZG0PiHriVLDHw3hRQf+iejmUPZfVnn8Ra
+0Rcjvaxz1wSCciLgAs9aboZF4vpNpDtWEVAN3YnRwleDVAJEJI0YlQBwNdIGtU+A
+ajyOf+MWQQg0SDbCavCvIlZaCWYz4EkZ7YvY7dnuu1WpfKhXTrRE52TN64IegMd8
+KzTOkX9InZD2tmzsf/Tx9T7BtYzq0elXgU41VwNj3X6vDdN+z09axLCMMSowcW0B
+obB3xi5i9Au7/oKHFMc3sx/9K7wJo2xjH58UFivxIqGUTK/buLT/5r6pGrTN5874
+ULy9N5tq2ylcOjuCzEQXi+uMx/aZAkMWmxjoYrnr0SZdWqJnT0eoI+WDADdxWW33
+178Yiz5bGjp+CMJTPAtaiCced/9YZrecAkXnWnDCy6B/LWK6OK+fhqUNFxrPqTBr
+JsxUSoVkotZdiYQjnObKw9qeDdnMot6V63gjHyn6xUN5X+hVQfhDm0vY7WBfytLg
+y+uH7iCMk4vVYtOYI0lWRMfX3NXivBkkLCZUTZ17ebUvV2T8W0WWfB9C5GOBL+mO
+NtnR+ulgRKnOnO8JQ3lny79E8EqBwwr3YcEdN40niwHUp23apBuz2oYYPd1Hnh9Q
+FB8iByKu17BKObcTLebBX/I4arImZ4a4yelqmaJcvrtTKKbcwXYCIxr/f2+AwrkB
+DQRUoRXfAQgAsygA37oLmGCLvQgIWXrRicfH8LwKR5bv4pWiiD+JcstNfyjolg4M
+sGfSRbw7GtEsJs0o16+UlhHVzONymZ076Ty/Jc63SqP3mRqT6euPOXEn9gmHZ/kk
+CCqSSTBkFziqvNxzwSRj+sf1n8mi86LnmDR/xfa5AtGpA+rlrjUmCj3gfcqMzjZ2
+GQ3BIoG5x6xMufcE51CARGPOrLg0IXTpHcZoYz023Z9De7CYCzLEFT1i0ezLErTM
+tIpAPv2h7d7xLgNVnvHcqHF0/u4TKk2mxHzohL2/hjdQaEttuYvZVBI6Svlsrq2j
+88fN8yj5astOhHntOXvDhm1XRr64kDKEBQARAQABiQEfBBgBAgAJBQJUoRXfAhsM
+AAoJENJubtAAZUo+VIcIAL+h+XO8m9MpjkmVgAjr3gWq3OqDhnfrKZSrjcbaOoj7
+8dhxEz4uePnb6vCljoJBTiyGWL9zBUlEvOQL7ykHp3MipfV4qoPZFiYQMt6LGJtj
+1PCc84q0zK1bp1NEjFrv4fq076f721PklYioqg/iRYVQEcpPtEEje5sXHBobBXUg
+aki2+6Q5rhdsMBZHdhpMv59s2Ed6DBp7/fFf5Pj4iTjRScW2smIeRu7dGYTM7fyf
+nElj6Eb+UdCuwStABRqQQSbm+rD+95WXcvzxWc5YeEPcbG8++2439FPGbCGVD2u1
+78bpT9HQcNgWqscMCewuUdEA/xTw7OTeWXjlJHXZl/a5Ag0EVVD1PAEQANXThfFB
+bzm8KdkUOfRBSzuVk1xkgX2mj+5LRHaxBCygBg5wy6KiZ96mGqlQqTnwEqvWcZEC
+3dPaAXkdnNxfWlqUMf/mk02j8o4vE3hI6MQsc2+f3wRwoOCFbxob48M6KMGRa8x6
+bqonX5ws+ikABWZMaUiG/GodSzAqtkGJIZc71kQ+BtaeIUqmqgqMuDwvTnL5zIVn
+UnR/Ljd4RSb9To3s10SLd1yeBaKvJoCh+Pjio52bZ6RzR7/1Y55O9JgDecZ4FfRo
+sIWWXC5Va4nW/DUVhlxJJa0Xt1rb0lRtCtESCtJZecbBkqze9iHHOtLF2LDhe5U7
+98PU+KEaHBbLCvqI+FDy3EtDiSSZdOFhH8cN2Cl6tvPU8xnIDyBbsrSudT2NQPU4
+mf0NSbAWsfifgis8bFih/RBk8+/L9ETgt0z4Eae88zPzxgDrL+4rZq8p4IKh1Qgq
+WAnbhD+nU5XY1TBWVUmzDzmX75h34ZQGmOfLIleItu2aWrMVTlXEzdph5sZHfBbx
+vlfYP/vtuMm7bgKpFk2gPAPhbUpvSoml40L791vptCaYkD/Fu9PoJWltB14pb5hV
+U7Osb6F/ovaTwYvzpotXL1aS1BPRsWJUZgAX5IHKWaQtilJyBLMtk4gK/sW22V50
+r9KhMYf6ST2uokoJWiUZ8unD5P3DHwdiBa/9ABEBAAGJA0QEGAECAA8FAlVQ9TwC
+GwIFCRLMAwACKQkQ0m5u0ABlSj7BXSAEGQECAAYFAlVQ9TwACgkQK5+uTDfIbTFE
+NRAAnrXxiEPnK4adZs5fpVQNjHlqQ5db4u9BcMn9+rb2TKu4TNPhF6oLhAjHjHs3
+ddVglHNrNz7Me+tisjGka+XXElr4d8pOGpEKnjneCFtFwINbPR5fzurSQuQss+CT
+npOI1d3I8KHVURBB7tmr5ybATMEc7ZeVPL6SWta2yFEeAS452aE6Fo50iuTIj7J3
+FQOfZyaZcA35S4oHNkaKGrj6++wPwkJ6FHo9iLUma/Uy01r3MYAeQZ2A55U+/Yf9
+cENF5q6W12BtfSFEAmEYGpRt7C6FMkWLq0Fjg+AX7o0Zq03iRg3bPFbRaivhZ7Ku
+08e/clm7aUSw6te1bxW1aXJgWgOLiefFxmNW3KKTmZjV2pA3jgNagTqR8bCe/exT
+G0oR3rqjydKIuskwJYGHQvtcrKI1pwJU5KzbtX2hdu+koB9AzFEH8tqdz+t230Ou
+ijWODcATg32K3dvT2sKPIlyQ4dyZWJXyy/DCzfUKjjHUu9ifDdeWgCccxT4YbL8Z
+REED527BnGgMaVhU8EuQg30UcrAuXVSqyYLFM7xqMPtApVJYQHGjK1DnzfGHm1QY
+jHSqyW8eJTdh9OJ/LTIMBS44BN0kbHZsr2bA2zkZNsEol/R8vWoAuUIJbugCy0TT
+fZ2WMP/53kXAstxU9BR4b/rzHU1A6BTpHxIuI53nD54f7bqDXwgAitQkgCRg5J2u
+rUAGXY68VsM5UwYTacj7W6nGavc8YpTpRfmTxxfLEoIGqf9w+sYe+0FttTH4lL0v
+Mcw+s5UGfHEASatNvkC2yMn1+TYLGA8xYedAEgskvNWGPegVpR5woyFs8uMcM6wC
+gFsEHvz6j49oEUFOa5pZGunBPakq8GzVZCk8sBLEXy1aJGzvezXOLkDgIq+l9sWL
+K+byyPUMgCzJi4vJj7V2Q7BJY2sbvIKJvKNTCepph73rxInHiDdc7X5ey761lbLp
+sW9Ajh33ngDmVYFQZ25VnPJS0DhgYSAxxOQLJ/QybPY3SExakM4adZ0UytC40ghE
+ZIFO72UIEQ==
+=ydLj
+-----END PGP PUBLIC KEY BLOCK-----

src/ChecksumUtil/Program.cs

@@ -40,6 +40,7 @@ namespace ChecksumUtil
             catch (Exception e)
             {
                 Console.WriteLine("Error: {0}", e.Message);
+                Console.Write(e.StackTrace);
                 Environment.Exit(1);
             }
         }

src/SyncTrayzor/Utils/ChecksumFileUtilities.cs

@@ -44,7 +44,11 @@ namespace SyncTrayzor.Utils
             {
                 while (checksum == null)
                 {
-                    var line = checksumFileReader.ReadLine().Trim();
+                    var line = checksumFileReader.ReadLine();
+                    if (line == null)
+                        break;
+
+                    line = line.Trim();
                     var parts = line.Split(new[] { ' ', '\t' }, 2, StringSplitOptions.RemoveEmptyEntries);
                     if (parts.Length != 2)
                         throw new ArgumentException("Invalid format of input file");

src/SyncTrayzor/Utils/PgpClearsignUtilities.cs

@@ -86,9 +86,13 @@ namespace SyncTrayzor.Utils
             }
 
             // Strip the trailing newline if set...
-            cleartextStream.Seek(-1, SeekOrigin.End);
+            cleartextStream.Seek(-2, SeekOrigin.End);
+            int count = 0;
+            if (cleartextStream.ReadByte() == '\r')
+                count++;
             if (cleartextStream.ReadByte() == '\n')
-                cleartextStream.SetLength(cleartextStream.Length - 1);
+                count++;
+            cleartextStream.SetLength(cleartextStream.Length - count);
 
             cleartextStream.Position = 0;