Sign binaries when given "-sign keyfile" option

2015-08-21 09:31:46 +02:00 · 2015-08-21 09:31:46 +02:00 · a0d9183b14
parent d3eb674b30
commit a0d9183b14
1 changed files with 36 additions and 23 deletions
--- a/build.go
+++ b/build.go
@ -13,7 +13,6 @@ import (
 	"archive/zip"
 	"bytes"
 	"compress/gzip"
 	"crypto/md5"
 	"flag"
 	"fmt"
 	"io"
@ -28,16 +27,19 @@ import (
 	"strconv"
 	"strings"
 	"time"
 	"github.com/syncthing/syncthing/lib/signature"
 )
 var (
-	versionRe = regexp.MustCompile(`-[0-9]{1,3}-g[0-9a-f]{5,10}`)
+	versionRe  = regexp.MustCompile(`-[0-9]{1,3}-g[0-9a-f]{5,10}`)
-	goarch    string
+	goarch     string
-	goos      string
+	goos       string
-	noupgrade bool
+	noupgrade  bool
-	version   string
+	version    string
-	goVersion float64
+	goVersion  float64
-	race      bool
+	race       bool
 	signingKey string
 )
 const minGoVersion = 1.3
@ -62,6 +64,7 @@ func main() {
 	flag.BoolVar(&noupgrade, "no-upgrade", noupgrade, "Disable upgrade functionality")
 	flag.StringVar(&version, "version", getVersion(), "Set compiled in version string")
 	flag.BoolVar(&race, "race", race, "Use race detector")
 	flag.StringVar(&signingKey, "sign", signingKey, "Private key file for signing binaries")
 	flag.Parse()
 	switch goarch {
@ -215,7 +218,7 @@ func build(pkg string, tags []string) {
 		binary += ".exe"
 	}
-	rmr(binary, binary+".md5")
+	rmr(binary, binary+".sig")
 	args := []string{"build", "-ldflags", ldflags()}
 	if len(tags) > 0 {
 		args = append(args, "-tags", strings.Join(tags, ","))
@ -227,11 +230,13 @@ func build(pkg string, tags []string) {
 	setBuildEnv()
 	runPrint("go", args...)
-	// Create an md5 checksum of the binary, to be included in the archive for
+	if signingKey != "" {
-	// automatic upgrades.
+		// Create an signature of the binary, to be included in the archive for
-	err := md5File(binary)
+		// automatic upgrades.
-	if err != nil {
+		err := signFile(signingKey, binary)
-		log.Fatal(err)
+		if err != nil {
 			log.Fatal(err)
 		}
 	}
 }
@ -249,7 +254,10 @@ func buildTar() {
 		{src: "LICENSE", dst: name + "/LICENSE.txt"},
 		{src: "AUTHORS", dst: name + "/AUTHORS.txt"},
 		{src: "syncthing", dst: name + "/syncthing"},
-		{src: "syncthing.md5", dst: name + "/syncthing.md5"},
+	}
 	if _, err := os.Stat("syncthing.sig"); err == nil {
 		files = append(files, archiveFile{src: "syncthing.sig", dst: name + "/syncthing.sig"})
 	}
 	for _, file := range listFiles("etc") {
@ -277,7 +285,10 @@ func buildZip() {
 		{src: "LICENSE", dst: name + "/LICENSE.txt"},
 		{src: "AUTHORS", dst: name + "/AUTHORS.txt"},
 		{src: "syncthing.exe", dst: name + "/syncthing.exe"},
-		{src: "syncthing.exe.md5", dst: name + "/syncthing.exe.md5"},
+	}
 	if _, err := os.Stat("syncthing.exe.sig"); err == nil {
 		files = append(files, archiveFile{src: "syncthing.exe.sig", dst: name + "/syncthing.exe.sig"})
 	}
 	for _, file := range listFiles("extra") {
@ -712,29 +723,31 @@ func zipFile(out string, files []archiveFile) {
 	}
 }
-func md5File(file string) error {
+func signFile(keyname, file string) error {
 	privkey, err := ioutil.ReadFile(keyname)
 	if err != nil {
 		return err
 	}
 	fd, err := os.Open(file)
 	if err != nil {
 		return err
 	}
 	defer fd.Close()
-	h := md5.New()
+	sig, err := signature.Sign(privkey, fd)
 	_, err = io.Copy(h, fd)
 	if err != nil {
 		return err
 	}
-	out, err := os.Create(file + ".md5")
+	out, err := os.Create(file + ".sig")
 	if err != nil {
 		return err
 	}
-
+	_, err = out.Write(sig)
 	_, err = fmt.Fprintf(out, "%x\n", h.Sum(nil))
 	if err != nil {
 		return err
 	}
 	return out.Close()
 }