mirror of
https://github.com/ProtonMail/proton-bridge.git
synced 2025-12-10 04:36:43 +00:00
fix(GODT-2625): Update bridge pubkey and add option to verify in hasher.
This commit is contained in:
Jakub
@ -33,19 +33,19 @@ D8Gp19LnRtmqjVh2rVdr8yc5nAjoNOZwanMwD5vCWPUVELWXubNFBv8hqZMxHZqW
|
||||
GrB8x8hkdgiNmuyqsxzBmOEJHWLlvbFhvHhIedT8paU/spL/qJmWp3EB4QARAQAB
|
||||
tExQcm90b24gVGVjaG5vbG9naWVzIEFHIChQcm90b25NYWlsIEJyaWRnZSBkZXZl
|
||||
bG9wZXJzKSA8YnJpZGdlQHByb3Rvbm1haWwuY2g+iQJUBBMBCAA+AhsDBQsJCAcC
|
||||
BhUICQoLAgQWAgMBAh4BAheAFiEE1R5k0+Y+3D7veGTO4sddaOYjSwcFAl432eEF
|
||||
CQXb04AACgkQ4sddaOYjSwd9ww/9FmQa/Fh1lgE9Ug6zQMlr20UDxfCVvE+Hxn4V
|
||||
OFSWLH+c491BWJMCSI/vm2XJSzjchoeYB+Ns5M/b1tC4orCzbUGb0INpcnNOZPYM
|
||||
jcMlIqFlMdYzG7ZRFUX3BaMgpb0Xlyk4bLP0FcDIyJuO/53qsi4QNLNqIJOD2IDK
|
||||
mG3z17GCZ+heJcttMzkzihYX6dBOeD2MUhSruTGLzGRstbVntthdpIs9u2jUCPuB
|
||||
qZB2Dw2l1MtqB5UguE7Xxwz9R6xZ7a/P13wCXzVoA0Ud/pkyZ5UgAWapulBrjrCD
|
||||
z4Oqa3DQpscVzex1bkj9Xd9duwBM4BbR5r5432sYiGYV1IByw8oeLQBz6APSIauN
|
||||
LUxXRhKZQwqEVKigMkmofSHdQnoaEylDKKgBJRYhxpkIPY9BIup/83e8Q7wceIYM
|
||||
hSJ5GvAPAMi+kWYrUgGqfUlSYNXTgswnvPWQXCHXsy9HCpFcSdsrXQr0kyZlxIGd
|
||||
TSIV5hAZZL4cURXdDU+rrNJuA/Pjcebw9aTSNi/LYB+Dv4EsxIUND8d6H5bKCdeN
|
||||
PFO1BXLkcwrTaOk+HNHYlwcM3H4p3MPRMCXaXXVRH1O60Rla2SGAOTuj/Xpv0Bo7
|
||||
2vfNSQAEk+yHTD1iMy9IxYy/xVHbExp7ErqYARLsmw1enKCdw4h5TbL2ThBTEmje
|
||||
tNYOlVyJASIEEAECAAwFAlpcl/gFAwASdQAACgkQlxC4m8pXrXzF1ggAoS7luFCm
|
||||
BhUICQoLAgQWAgMBAh4BAheAFiEE1R5k0+Y+3D7veGTO4sddaOYjSwcFAmH6ieIF
|
||||
CQt/twEACgkQ4sddaOYjSwcP4BAAu48suXCbfyZ3RWXFfNZ0KfEjh6UtuIYvZ3qV
|
||||
GfFSw8BLCNhNbGD/bw8+xDodJSDC1tsI8x08btoTH+zyTbrbvHjhC96fKV+DNonS
|
||||
GEAPsnKqj/fl58WP67m0wxh8/pfwIsGbzXn03mwmvRNrVSRHW5CMuBsZPIHj4ATg
|
||||
KKjmc/mY15b9zapk9l+bVCe47RsiM7ZbnD00d1erQu7/8LNAR2MCb0PgKrBT+6AS
|
||||
UC1XTVc6IuEcIdaf3mLJ4iA5vnrFxtezXtTU7jX12sWEMZOADqf6aPj+U1i+loER
|
||||
JN3Ry10OJnDJ+kWP7zwXFWcsaYDZbrI/Odt8PImDkxxTdTpGrvHsuDhbPKmlMHYd
|
||||
A8cVlHmy3Pp0Tn5VpV22+CWSR6UQzd6dpPv+2Ekt2z6VMvWOjyujEfsTJWBPDU1i
|
||||
slaQoRdchG2kxUEXdOKMTfGwIhNJaeIqvojx7IIxAcOy56KgMuRxmqSOJFuiMC0C
|
||||
DcVrsg6FbrzQw1D1FhSZSdnu9Wv+pzjZ8zQnxSsMAYU9e9/3OjJ3/VHNpaGo3zUN
|
||||
kTpYsHh3Y9LuVTFSNmGiBnpVg0hZ8aUipAfoiyyQj5QA8nZv0Pptp86+QS6AUkq7
|
||||
QvXg8yybYNxsJaxGC9Ea5K1ivAommes0SbzFLg5/3B84o27xeqMMevTMAKZ6txhC
|
||||
vqagRLuJASIEEAECAAwFAlpcl/gFAwASdQAACgkQlxC4m8pXrXzF1ggAoS7luFCm
|
||||
S13Vv2w2GGpWOLcVh/RUcsTU8eUr9DY40rlrKVkX5MBL1yeD/XiIXY5aFlBaKxIq
|
||||
NPjqu0VBZhaYj6ZuGpAodpattzjNOXWxwFtz2JaUfn2VUrZMbDwY9AQMHab/xxir
|
||||
PmezHMee9Y56qnNPIHDh3pZZ18rHrwY4e1pVkR+N0xYTb4M0vw3AhHjboS8H9noq
|
||||
@ -152,17 +152,17 @@ cS0BNvA+4Aip2hhFqWJAbUQXCyMaeU2WTWIzy0FQ6SEFFy/RM8O5O1HHsDYjtIic
|
||||
9QJ/PqSD0qN7LMlkjR8AdWvAxm95i5GpxDZODldsOneeummvsn3I1jCoULTik7iJ
|
||||
VdRuY1V3vfsYAkefGN/n2ga3MvatCJipwoCGsMgUXGTdokXOqKBgMBuBLCkxj2wl
|
||||
ol2R9p8RABEBAAGJAjwEGAEIACYCGwwWIQTVHmTT5j7cPu94ZM7ix11o5iNLBwUC
|
||||
XjfaBAUJBdvTowAKCRDix11o5iNLByTCD/oCRk97JjCqNb4B1Ed/G5tJ+w55cptq
|
||||
1dBZOxvEf+ol/403Q+R5bRqun3vXYupzZyIEvi10OVZ/t3t/FboOAWwJ222o0Ivm
|
||||
t6RhErlmF1dCsKILy5i0iLJexLFGJIiSh6Slr2BZoiqasrlCYStJE2hXhNjXOIiZ
|
||||
76YsLed6b5MKBllsw4DGPgT9sECrWft935oGo9caVUTX5VsnoVvzxKQLYki8m1Et
|
||||
Eki7M3MK2pPNpX6y1e862JvL0oUfjYjrn8ALrgTeNtx/oRDgMujD1UQd5kGdwzkG
|
||||
ec1nB7T5Gdiyfd8unDvSd+Eg3UgF3eDgFA8ZDdO7yZlWv3aEeVUUAvEDT9/RgbnZ
|
||||
a22GhGcCJ3mHBMbx2khLIorJq8C1ZkhzpKIWqmETgr3MvUo+iT9YsnuGd8qpl2JK
|
||||
Ru2QuKZ0VTqLMuURMojMETiRbfxBg8uZMAxPr45Hqq2hj/8ooF/hYS/Y2oD+b8DM
|
||||
7hSTTEXm14p3tp8BbFGdVq1jJn5Zsj7isLAzydlyWWKcfwcljpzLCOo/wME3zUVh
|
||||
mDPZYW3/sexJl/ROUHXo8eqBEMUgNLjffiuymfh7L8RmVOcsJsS87nu+iVvR5CaJ
|
||||
0VLGn+SuxFT09xhvM4NxQIgNgk+NuQeIcwOMd6vtvf0btSTflN3hRGhGzLcZWWww
|
||||
m//Hk8dcT8vncg==
|
||||
=G/D6
|
||||
YfqKGgUJC3+3OQAKCRDix11o5iNLB7puD/9TPP63NCPUvl2c2gO2G31YvK4XQvc8
|
||||
jSGGHkhDXWnC+QxgYLu6O/f/MNt0Hegve8FSDMlLoDrBy217Jsc4uzPpykzesI9Y
|
||||
BimCDJGvcNgCnu6WoYM3tOZYY5NdmGs6w9Dyu8tTIB+/PVA0rnJc4LJSu01FIYkq
|
||||
u7mAaF/PKa0lD9TF38axN2EvYTfGuukAHrYnqTxoxPkqJJ+F0MoLHuqEHL3/clgM
|
||||
95OiC+d/L5xmWMs7+ux/lT81bivLVwtcMCqJoJYjjeN/++auTvK6DWnx5vbEstQR
|
||||
6CFNWRsvqcT6pMB0xFZVAwz2fTfdkE4CNpxlrxwfxCDVPvYTUQPzAve+qRIarRx7
|
||||
K8npGSq2pMNBZLeaQXvZbslT9Scuu5NuHSCjrGQ5TpVg1yMpN39Pu3nnB0STwvOp
|
||||
qcnaHGfvM0wURA7ValXh2xTLc6Oxe8hw+nAFFFXFBqou8qw1zD/DAQFUWGh+yu5q
|
||||
9MxmtaewGA67fYf098EEqKql+sktYTa0cjDk6qdYkSO9clcLFkYZspmK04k2y1jO
|
||||
7VYtlSdoeHH1ag+HWKx5KXdsWaE4dE+maUbcsRwc7UVC4111cv94mlOcSWpITxPG
|
||||
kIV8ldNSpauzaAqHs3qaMO/5rBZbLMynvzjE30JFTdBiepvj88YeAPFols3qa8KO
|
||||
00IsXQemR6I8Qw==
|
||||
=QiAL
|
||||
-----END PGP PUBLIC KEY BLOCK-----`
|
||||
|
||||
40
internal/updater/keyring.go
Normal file
40
internal/updater/keyring.go
Normal file
@ -0,0 +1,40 @@
|
||||
// Copyright (c) 2023 Proton AG
|
||||
//
|
||||
// This file is part of Proton Mail Bridge.
|
||||
//
|
||||
// Proton Mail Bridge is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU General Public License as published by
|
||||
// the Free Software Foundation, either version 3 of the License, or
|
||||
// (at your option) any later version.
|
||||
//
|
||||
// Proton Mail Bridge is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU General Public License
|
||||
// along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
package updater
|
||||
|
||||
import (
|
||||
"github.com/ProtonMail/gopenpgp/v2/crypto"
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
func GetDefaultKeyring() (*crypto.KeyRing, error) {
|
||||
l := logrus.WithField("pkg", "updater")
|
||||
|
||||
key, err := crypto.NewKeyFromArmored(DefaultPublicKey)
|
||||
if err != nil {
|
||||
l.WithError(err).Error("Failed to create new verification key")
|
||||
return nil, err
|
||||
}
|
||||
|
||||
kr, err := crypto.NewKeyRing(key)
|
||||
if err != nil {
|
||||
l.WithError(err).Fatal("Failed to create new verification keyring")
|
||||
}
|
||||
|
||||
return kr, nil
|
||||
}
|
||||
@ -74,12 +74,16 @@ func (v *Version) SemVer() *semver.Version {
|
||||
|
||||
// VerifyFiles verifies all files in the version directory.
|
||||
func (v *Version) VerifyFiles(kr *crypto.KeyRing) error {
|
||||
fileBytes, err := os.ReadFile(filepath.Join(v.path, sumFile)) //nolint:gosec
|
||||
return VerifyUpdateFolder(kr, v.path)
|
||||
}
|
||||
|
||||
func VerifyUpdateFolder(kr *crypto.KeyRing, path string) error {
|
||||
fileBytes, err := os.ReadFile(filepath.Join(path, sumFile)) //nolint:gosec
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
sigBytes, err := os.ReadFile(filepath.Join(v.path, sumFile+".sig")) //nolint:gosec
|
||||
sigBytes, err := os.ReadFile(filepath.Join(path, sumFile+".sig")) //nolint:gosec
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@ -92,7 +96,7 @@ func (v *Version) VerifyFiles(kr *crypto.KeyRing) error {
|
||||
return err
|
||||
}
|
||||
|
||||
sum, err := sum.RecursiveSum(v.path, sumFile)
|
||||
sum, err := sum.RecursiveSum(path, sumFile)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
@ -20,6 +20,8 @@ package main
|
||||
import (
|
||||
"os"
|
||||
|
||||
"github.com/ProtonMail/proton-bridge/v3/internal/updater"
|
||||
"github.com/ProtonMail/proton-bridge/v3/internal/versioner"
|
||||
"github.com/ProtonMail/proton-bridge/v3/pkg/sum"
|
||||
"github.com/sirupsen/logrus"
|
||||
"github.com/urfave/cli/v2"
|
||||
@ -51,12 +53,30 @@ func createApp() *cli.App {
|
||||
Usage: "The file to save the sum in",
|
||||
Required: true,
|
||||
},
|
||||
&cli.BoolFlag{
|
||||
Name: "verify",
|
||||
Aliases: []string{"v"},
|
||||
Usage: "Verify the update folder is properly hashed and signed.",
|
||||
},
|
||||
}
|
||||
|
||||
return app
|
||||
}
|
||||
|
||||
func computeSum(c *cli.Context) error {
|
||||
if c.Bool("verify") {
|
||||
kr, err := updater.GetDefaultKeyring()
|
||||
if err != nil {
|
||||
logrus.WithError(err).Fatal("Failed to load key before verify")
|
||||
}
|
||||
|
||||
if err := versioner.VerifyUpdateFolder(kr, c.String("root")); err != nil {
|
||||
logrus.WithError(err).Fatal("Failed to verify")
|
||||
}
|
||||
|
||||
logrus.WithField("path", c.String("root")).Info("Signature OK")
|
||||
}
|
||||
|
||||
b, err := sum.RecursiveSum(c.String("root"), c.String("output"))
|
||||
if err != nil {
|
||||
return err
|
||||
|
||||
Reference in New Issue
Block a user