Home Explore Help
Register Sign In
Apq
/
syncthing
mirror of https://github.com/syncthing/syncthing.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

lib/upgrade: Extract signing key to embedded file (fixes #9247) (#9296)

### Purpose

Instead of hardcoding `SigningKey` as text use `go:embed`. Fixes #9247.

### Testing

* Building syncthing
* Trying to upgrade (signature verification)
gudvinr 1 year ago
parent
5360e7153b
commit
91084b83b4
2 changed files with 11 additions and 6 deletions
Split View Show Diff Stats
  1. 5 6
      lib/upgrade/signingkey.go
  2. 6 0
      lib/upgrade/signingkey.pem

+ 5 - 6
lib/upgrade/signingkey.go
View File 

@@ -6,14 +6,13 @@
 
 
 package upgrade
 
 
+import _ "embed"
 
+
 
 // SigningKey is the public key used to verify signed upgrades. It must match
 
 // the private key used to sign binaries for the built in upgrade mechanism to
 
 // accept an upgrade. Keys and signatures can be created and verified with the
 
 // stsigtool utility. The build script creates signed binaries when given the
 
 // -sign option.
 
-var SigningKey = []byte(`-----BEGIN EC PUBLIC KEY-----
 
-MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQA1iRk+p+DsmolixxVKcpEVlMDPOeQ
 
-1dWthURMqsjxoJuDAe5I98P/A0kXSdBI7avm5hXhX2opJ5TAyBZLHPpDTRoBg4WN
 
-7jUpeAjtPoVVxvOh37qDeDVcjCgJbbDTPKbjxq/Ae3SHlQMRcoes7lVY1+YJ8dPk
 
-2oPfjA6jtmo9aVbf/uo=
 
------END EC PUBLIC KEY-----`)
 
+//
 
+//go:embed signingkey.pem
 
+var SigningKey []byte

+ 6 - 0
lib/upgrade/signingkey.pem
View File 

@@ -0,0 +1,6 @@
 
+-----BEGIN EC PUBLIC KEY-----
 
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQA1iRk+p+DsmolixxVKcpEVlMDPOeQ
 
+1dWthURMqsjxoJuDAe5I98P/A0kXSdBI7avm5hXhX2opJ5TAyBZLHPpDTRoBg4WN
 
+7jUpeAjtPoVVxvOh37qDeDVcjCgJbbDTPKbjxq/Ae3SHlQMRcoes7lVY1+YJ8dPk
 
+2oPfjA6jtmo9aVbf/uo=
 
+-----END EC PUBLIC KEY-----