lib/upgrade: Extract signing key to embedded file (fixes #9247) (#9296)

### Purpose

Instead of hardcoding `SigningKey` as text use `go:embed`. Fixes #9247.

### Testing

* Building syncthing
* Trying to upgrade (signature verification)
This commit is contained in:
gudvinr 2023-12-18 22:47:57 +03:00 committed by GitHub
parent 5360e7153b
commit 91084b83b4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 6 deletions

View File

@ -6,14 +6,13 @@
package upgrade package upgrade
import _ "embed"
// SigningKey is the public key used to verify signed upgrades. It must match // SigningKey is the public key used to verify signed upgrades. It must match
// the private key used to sign binaries for the built in upgrade mechanism to // the private key used to sign binaries for the built in upgrade mechanism to
// accept an upgrade. Keys and signatures can be created and verified with the // accept an upgrade. Keys and signatures can be created and verified with the
// stsigtool utility. The build script creates signed binaries when given the // stsigtool utility. The build script creates signed binaries when given the
// -sign option. // -sign option.
var SigningKey = []byte(`-----BEGIN EC PUBLIC KEY----- //
MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQA1iRk+p+DsmolixxVKcpEVlMDPOeQ //go:embed signingkey.pem
1dWthURMqsjxoJuDAe5I98P/A0kXSdBI7avm5hXhX2opJ5TAyBZLHPpDTRoBg4WN var SigningKey []byte
7jUpeAjtPoVVxvOh37qDeDVcjCgJbbDTPKbjxq/Ae3SHlQMRcoes7lVY1+YJ8dPk
2oPfjA6jtmo9aVbf/uo=
-----END EC PUBLIC KEY-----`)

View File

@ -0,0 +1,6 @@
-----BEGIN EC PUBLIC KEY-----
MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQA1iRk+p+DsmolixxVKcpEVlMDPOeQ
1dWthURMqsjxoJuDAe5I98P/A0kXSdBI7avm5hXhX2opJ5TAyBZLHPpDTRoBg4WN
7jUpeAjtPoVVxvOh37qDeDVcjCgJbbDTPKbjxq/Ae3SHlQMRcoes7lVY1+YJ8dPk
2oPfjA6jtmo9aVbf/uo=
-----END EC PUBLIC KEY-----