mirror of
https://github.com/ProtonMail/proton-bridge.git
synced 2025-12-10 04:36:43 +00:00
fix(GODT-2625): Update bridge pubkey and add option to verify in hasher.
This commit is contained in:
Jakub
@ -33,19 +33,19 @@ D8Gp19LnRtmqjVh2rVdr8yc5nAjoNOZwanMwD5vCWPUVELWXubNFBv8hqZMxHZqW
|
|||||||
GrB8x8hkdgiNmuyqsxzBmOEJHWLlvbFhvHhIedT8paU/spL/qJmWp3EB4QARAQAB
|
GrB8x8hkdgiNmuyqsxzBmOEJHWLlvbFhvHhIedT8paU/spL/qJmWp3EB4QARAQAB
|
||||||
tExQcm90b24gVGVjaG5vbG9naWVzIEFHIChQcm90b25NYWlsIEJyaWRnZSBkZXZl
|
tExQcm90b24gVGVjaG5vbG9naWVzIEFHIChQcm90b25NYWlsIEJyaWRnZSBkZXZl
|
||||||
bG9wZXJzKSA8YnJpZGdlQHByb3Rvbm1haWwuY2g+iQJUBBMBCAA+AhsDBQsJCAcC
|
bG9wZXJzKSA8YnJpZGdlQHByb3Rvbm1haWwuY2g+iQJUBBMBCAA+AhsDBQsJCAcC
|
||||||
BhUICQoLAgQWAgMBAh4BAheAFiEE1R5k0+Y+3D7veGTO4sddaOYjSwcFAl432eEF
|
BhUICQoLAgQWAgMBAh4BAheAFiEE1R5k0+Y+3D7veGTO4sddaOYjSwcFAmH6ieIF
|
||||||
CQXb04AACgkQ4sddaOYjSwd9ww/9FmQa/Fh1lgE9Ug6zQMlr20UDxfCVvE+Hxn4V
|
CQt/twEACgkQ4sddaOYjSwcP4BAAu48suXCbfyZ3RWXFfNZ0KfEjh6UtuIYvZ3qV
|
||||||
OFSWLH+c491BWJMCSI/vm2XJSzjchoeYB+Ns5M/b1tC4orCzbUGb0INpcnNOZPYM
|
GfFSw8BLCNhNbGD/bw8+xDodJSDC1tsI8x08btoTH+zyTbrbvHjhC96fKV+DNonS
|
||||||
jcMlIqFlMdYzG7ZRFUX3BaMgpb0Xlyk4bLP0FcDIyJuO/53qsi4QNLNqIJOD2IDK
|
GEAPsnKqj/fl58WP67m0wxh8/pfwIsGbzXn03mwmvRNrVSRHW5CMuBsZPIHj4ATg
|
||||||
mG3z17GCZ+heJcttMzkzihYX6dBOeD2MUhSruTGLzGRstbVntthdpIs9u2jUCPuB
|
KKjmc/mY15b9zapk9l+bVCe47RsiM7ZbnD00d1erQu7/8LNAR2MCb0PgKrBT+6AS
|
||||||
qZB2Dw2l1MtqB5UguE7Xxwz9R6xZ7a/P13wCXzVoA0Ud/pkyZ5UgAWapulBrjrCD
|
UC1XTVc6IuEcIdaf3mLJ4iA5vnrFxtezXtTU7jX12sWEMZOADqf6aPj+U1i+loER
|
||||||
z4Oqa3DQpscVzex1bkj9Xd9duwBM4BbR5r5432sYiGYV1IByw8oeLQBz6APSIauN
|
JN3Ry10OJnDJ+kWP7zwXFWcsaYDZbrI/Odt8PImDkxxTdTpGrvHsuDhbPKmlMHYd
|
||||||
LUxXRhKZQwqEVKigMkmofSHdQnoaEylDKKgBJRYhxpkIPY9BIup/83e8Q7wceIYM
|
A8cVlHmy3Pp0Tn5VpV22+CWSR6UQzd6dpPv+2Ekt2z6VMvWOjyujEfsTJWBPDU1i
|
||||||
hSJ5GvAPAMi+kWYrUgGqfUlSYNXTgswnvPWQXCHXsy9HCpFcSdsrXQr0kyZlxIGd
|
slaQoRdchG2kxUEXdOKMTfGwIhNJaeIqvojx7IIxAcOy56KgMuRxmqSOJFuiMC0C
|
||||||
TSIV5hAZZL4cURXdDU+rrNJuA/Pjcebw9aTSNi/LYB+Dv4EsxIUND8d6H5bKCdeN
|
DcVrsg6FbrzQw1D1FhSZSdnu9Wv+pzjZ8zQnxSsMAYU9e9/3OjJ3/VHNpaGo3zUN
|
||||||
PFO1BXLkcwrTaOk+HNHYlwcM3H4p3MPRMCXaXXVRH1O60Rla2SGAOTuj/Xpv0Bo7
|
kTpYsHh3Y9LuVTFSNmGiBnpVg0hZ8aUipAfoiyyQj5QA8nZv0Pptp86+QS6AUkq7
|
||||||
2vfNSQAEk+yHTD1iMy9IxYy/xVHbExp7ErqYARLsmw1enKCdw4h5TbL2ThBTEmje
|
QvXg8yybYNxsJaxGC9Ea5K1ivAommes0SbzFLg5/3B84o27xeqMMevTMAKZ6txhC
|
||||||
tNYOlVyJASIEEAECAAwFAlpcl/gFAwASdQAACgkQlxC4m8pXrXzF1ggAoS7luFCm
|
vqagRLuJASIEEAECAAwFAlpcl/gFAwASdQAACgkQlxC4m8pXrXzF1ggAoS7luFCm
|
||||||
S13Vv2w2GGpWOLcVh/RUcsTU8eUr9DY40rlrKVkX5MBL1yeD/XiIXY5aFlBaKxIq
|
S13Vv2w2GGpWOLcVh/RUcsTU8eUr9DY40rlrKVkX5MBL1yeD/XiIXY5aFlBaKxIq
|
||||||
NPjqu0VBZhaYj6ZuGpAodpattzjNOXWxwFtz2JaUfn2VUrZMbDwY9AQMHab/xxir
|
NPjqu0VBZhaYj6ZuGpAodpattzjNOXWxwFtz2JaUfn2VUrZMbDwY9AQMHab/xxir
|
||||||
PmezHMee9Y56qnNPIHDh3pZZ18rHrwY4e1pVkR+N0xYTb4M0vw3AhHjboS8H9noq
|
PmezHMee9Y56qnNPIHDh3pZZ18rHrwY4e1pVkR+N0xYTb4M0vw3AhHjboS8H9noq
|
||||||
@ -152,17 +152,17 @@ cS0BNvA+4Aip2hhFqWJAbUQXCyMaeU2WTWIzy0FQ6SEFFy/RM8O5O1HHsDYjtIic
|
|||||||
9QJ/PqSD0qN7LMlkjR8AdWvAxm95i5GpxDZODldsOneeummvsn3I1jCoULTik7iJ
|
9QJ/PqSD0qN7LMlkjR8AdWvAxm95i5GpxDZODldsOneeummvsn3I1jCoULTik7iJ
|
||||||
VdRuY1V3vfsYAkefGN/n2ga3MvatCJipwoCGsMgUXGTdokXOqKBgMBuBLCkxj2wl
|
VdRuY1V3vfsYAkefGN/n2ga3MvatCJipwoCGsMgUXGTdokXOqKBgMBuBLCkxj2wl
|
||||||
ol2R9p8RABEBAAGJAjwEGAEIACYCGwwWIQTVHmTT5j7cPu94ZM7ix11o5iNLBwUC
|
ol2R9p8RABEBAAGJAjwEGAEIACYCGwwWIQTVHmTT5j7cPu94ZM7ix11o5iNLBwUC
|
||||||
XjfaBAUJBdvTowAKCRDix11o5iNLByTCD/oCRk97JjCqNb4B1Ed/G5tJ+w55cptq
|
YfqKGgUJC3+3OQAKCRDix11o5iNLB7puD/9TPP63NCPUvl2c2gO2G31YvK4XQvc8
|
||||||
1dBZOxvEf+ol/403Q+R5bRqun3vXYupzZyIEvi10OVZ/t3t/FboOAWwJ222o0Ivm
|
jSGGHkhDXWnC+QxgYLu6O/f/MNt0Hegve8FSDMlLoDrBy217Jsc4uzPpykzesI9Y
|
||||||
t6RhErlmF1dCsKILy5i0iLJexLFGJIiSh6Slr2BZoiqasrlCYStJE2hXhNjXOIiZ
|
BimCDJGvcNgCnu6WoYM3tOZYY5NdmGs6w9Dyu8tTIB+/PVA0rnJc4LJSu01FIYkq
|
||||||
76YsLed6b5MKBllsw4DGPgT9sECrWft935oGo9caVUTX5VsnoVvzxKQLYki8m1Et
|
u7mAaF/PKa0lD9TF38axN2EvYTfGuukAHrYnqTxoxPkqJJ+F0MoLHuqEHL3/clgM
|
||||||
Eki7M3MK2pPNpX6y1e862JvL0oUfjYjrn8ALrgTeNtx/oRDgMujD1UQd5kGdwzkG
|
95OiC+d/L5xmWMs7+ux/lT81bivLVwtcMCqJoJYjjeN/++auTvK6DWnx5vbEstQR
|
||||||
ec1nB7T5Gdiyfd8unDvSd+Eg3UgF3eDgFA8ZDdO7yZlWv3aEeVUUAvEDT9/RgbnZ
|
6CFNWRsvqcT6pMB0xFZVAwz2fTfdkE4CNpxlrxwfxCDVPvYTUQPzAve+qRIarRx7
|
||||||
a22GhGcCJ3mHBMbx2khLIorJq8C1ZkhzpKIWqmETgr3MvUo+iT9YsnuGd8qpl2JK
|
K8npGSq2pMNBZLeaQXvZbslT9Scuu5NuHSCjrGQ5TpVg1yMpN39Pu3nnB0STwvOp
|
||||||
Ru2QuKZ0VTqLMuURMojMETiRbfxBg8uZMAxPr45Hqq2hj/8ooF/hYS/Y2oD+b8DM
|
qcnaHGfvM0wURA7ValXh2xTLc6Oxe8hw+nAFFFXFBqou8qw1zD/DAQFUWGh+yu5q
|
||||||
7hSTTEXm14p3tp8BbFGdVq1jJn5Zsj7isLAzydlyWWKcfwcljpzLCOo/wME3zUVh
|
9MxmtaewGA67fYf098EEqKql+sktYTa0cjDk6qdYkSO9clcLFkYZspmK04k2y1jO
|
||||||
mDPZYW3/sexJl/ROUHXo8eqBEMUgNLjffiuymfh7L8RmVOcsJsS87nu+iVvR5CaJ
|
7VYtlSdoeHH1ag+HWKx5KXdsWaE4dE+maUbcsRwc7UVC4111cv94mlOcSWpITxPG
|
||||||
0VLGn+SuxFT09xhvM4NxQIgNgk+NuQeIcwOMd6vtvf0btSTflN3hRGhGzLcZWWww
|
kIV8ldNSpauzaAqHs3qaMO/5rBZbLMynvzjE30JFTdBiepvj88YeAPFols3qa8KO
|
||||||
m//Hk8dcT8vncg==
|
00IsXQemR6I8Qw==
|
||||||
=G/D6
|
=QiAL
|
||||||
-----END PGP PUBLIC KEY BLOCK-----`
|
-----END PGP PUBLIC KEY BLOCK-----`
|
||||||
|
|||||||
40
internal/updater/keyring.go
Normal file
40
internal/updater/keyring.go
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
// Copyright (c) 2023 Proton AG
|
||||||
|
//
|
||||||
|
// This file is part of Proton Mail Bridge.
|
||||||
|
//
|
||||||
|
// Proton Mail Bridge is free software: you can redistribute it and/or modify
|
||||||
|
// it under the terms of the GNU General Public License as published by
|
||||||
|
// the Free Software Foundation, either version 3 of the License, or
|
||||||
|
// (at your option) any later version.
|
||||||
|
//
|
||||||
|
// Proton Mail Bridge is distributed in the hope that it will be useful,
|
||||||
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
// GNU General Public License for more details.
|
||||||
|
//
|
||||||
|
// You should have received a copy of the GNU General Public License
|
||||||
|
// along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
package updater
|
||||||
|
|
||||||
|
import (
|
||||||
|
"github.com/ProtonMail/gopenpgp/v2/crypto"
|
||||||
|
"github.com/sirupsen/logrus"
|
||||||
|
)
|
||||||
|
|
||||||
|
func GetDefaultKeyring() (*crypto.KeyRing, error) {
|
||||||
|
l := logrus.WithField("pkg", "updater")
|
||||||
|
|
||||||
|
key, err := crypto.NewKeyFromArmored(DefaultPublicKey)
|
||||||
|
if err != nil {
|
||||||
|
l.WithError(err).Error("Failed to create new verification key")
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
kr, err := crypto.NewKeyRing(key)
|
||||||
|
if err != nil {
|
||||||
|
l.WithError(err).Fatal("Failed to create new verification keyring")
|
||||||
|
}
|
||||||
|
|
||||||
|
return kr, nil
|
||||||
|
}
|
||||||
@ -74,12 +74,16 @@ func (v *Version) SemVer() *semver.Version {
|
|||||||
|
|
||||||
// VerifyFiles verifies all files in the version directory.
|
// VerifyFiles verifies all files in the version directory.
|
||||||
func (v *Version) VerifyFiles(kr *crypto.KeyRing) error {
|
func (v *Version) VerifyFiles(kr *crypto.KeyRing) error {
|
||||||
fileBytes, err := os.ReadFile(filepath.Join(v.path, sumFile)) //nolint:gosec
|
return VerifyUpdateFolder(kr, v.path)
|
||||||
|
}
|
||||||
|
|
||||||
|
func VerifyUpdateFolder(kr *crypto.KeyRing, path string) error {
|
||||||
|
fileBytes, err := os.ReadFile(filepath.Join(path, sumFile)) //nolint:gosec
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
sigBytes, err := os.ReadFile(filepath.Join(v.path, sumFile+".sig")) //nolint:gosec
|
sigBytes, err := os.ReadFile(filepath.Join(path, sumFile+".sig")) //nolint:gosec
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
@ -92,7 +96,7 @@ func (v *Version) VerifyFiles(kr *crypto.KeyRing) error {
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
sum, err := sum.RecursiveSum(v.path, sumFile)
|
sum, err := sum.RecursiveSum(path, sumFile)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|||||||
@ -20,6 +20,8 @@ package main
|
|||||||
import (
|
import (
|
||||||
"os"
|
"os"
|
||||||
|
|
||||||
|
"github.com/ProtonMail/proton-bridge/v3/internal/updater"
|
||||||
|
"github.com/ProtonMail/proton-bridge/v3/internal/versioner"
|
||||||
"github.com/ProtonMail/proton-bridge/v3/pkg/sum"
|
"github.com/ProtonMail/proton-bridge/v3/pkg/sum"
|
||||||
"github.com/sirupsen/logrus"
|
"github.com/sirupsen/logrus"
|
||||||
"github.com/urfave/cli/v2"
|
"github.com/urfave/cli/v2"
|
||||||
@ -51,12 +53,30 @@ func createApp() *cli.App {
|
|||||||
Usage: "The file to save the sum in",
|
Usage: "The file to save the sum in",
|
||||||
Required: true,
|
Required: true,
|
||||||
},
|
},
|
||||||
|
&cli.BoolFlag{
|
||||||
|
Name: "verify",
|
||||||
|
Aliases: []string{"v"},
|
||||||
|
Usage: "Verify the update folder is properly hashed and signed.",
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
return app
|
return app
|
||||||
}
|
}
|
||||||
|
|
||||||
func computeSum(c *cli.Context) error {
|
func computeSum(c *cli.Context) error {
|
||||||
|
if c.Bool("verify") {
|
||||||
|
kr, err := updater.GetDefaultKeyring()
|
||||||
|
if err != nil {
|
||||||
|
logrus.WithError(err).Fatal("Failed to load key before verify")
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := versioner.VerifyUpdateFolder(kr, c.String("root")); err != nil {
|
||||||
|
logrus.WithError(err).Fatal("Failed to verify")
|
||||||
|
}
|
||||||
|
|
||||||
|
logrus.WithField("path", c.String("root")).Info("Signature OK")
|
||||||
|
}
|
||||||
|
|
||||||
b, err := sum.RecursiveSum(c.String("root"), c.String("output"))
|
b, err := sum.RecursiveSum(c.String("root"), c.String("output"))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
|||||||
Reference in New Issue
Block a user