diff options
author | gudvinr <gudvinr@gmail.com> | 2023-12-18 22:47:57 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-12-18 19:47:57 +0000 |
commit | 91084b83b4964dfe1b4ce8830aabeb49ec9254f4 (patch) | |
tree | a42520208dc947da34b4fd1a2aa3815d7e4afb53 | |
parent | 5360e7153bf26b0c90648e9d315c66334f233f8a (diff) | |
download | syncthing-91084b83b4964dfe1b4ce8830aabeb49ec9254f4.tar.gz syncthing-91084b83b4964dfe1b4ce8830aabeb49ec9254f4.zip |
lib/upgrade: Extract signing key to embedded file (fixes #9247) (#9296)
### Purpose
Instead of hardcoding `SigningKey` as text use `go:embed`. Fixes #9247.
### Testing
* Building syncthing
* Trying to upgrade (signature verification)
-rw-r--r-- | lib/upgrade/signingkey.go | 11 | ||||
-rw-r--r-- | lib/upgrade/signingkey.pem | 6 |
2 files changed, 11 insertions, 6 deletions
diff --git a/lib/upgrade/signingkey.go b/lib/upgrade/signingkey.go index 57daa3227..df59c3946 100644 --- a/lib/upgrade/signingkey.go +++ b/lib/upgrade/signingkey.go @@ -6,14 +6,13 @@ package upgrade +import _ "embed" + // SigningKey is the public key used to verify signed upgrades. It must match // the private key used to sign binaries for the built in upgrade mechanism to // accept an upgrade. Keys and signatures can be created and verified with the // stsigtool utility. The build script creates signed binaries when given the // -sign option. -var SigningKey = []byte(`-----BEGIN EC PUBLIC KEY----- -MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQA1iRk+p+DsmolixxVKcpEVlMDPOeQ -1dWthURMqsjxoJuDAe5I98P/A0kXSdBI7avm5hXhX2opJ5TAyBZLHPpDTRoBg4WN -7jUpeAjtPoVVxvOh37qDeDVcjCgJbbDTPKbjxq/Ae3SHlQMRcoes7lVY1+YJ8dPk -2oPfjA6jtmo9aVbf/uo= ------END EC PUBLIC KEY-----`) +// +//go:embed signingkey.pem +var SigningKey []byte diff --git a/lib/upgrade/signingkey.pem b/lib/upgrade/signingkey.pem new file mode 100644 index 000000000..5f9f30649 --- /dev/null +++ b/lib/upgrade/signingkey.pem @@ -0,0 +1,6 @@ +-----BEGIN EC PUBLIC KEY----- +MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQA1iRk+p+DsmolixxVKcpEVlMDPOeQ +1dWthURMqsjxoJuDAe5I98P/A0kXSdBI7avm5hXhX2opJ5TAyBZLHPpDTRoBg4WN +7jUpeAjtPoVVxvOh37qDeDVcjCgJbbDTPKbjxq/Ae3SHlQMRcoes7lVY1+YJ8dPk +2oPfjA6jtmo9aVbf/uo= +-----END EC PUBLIC KEY-----
\ No newline at end of file |