mirror of
https://github.com/octoleo/syncthing.git
synced 2024-09-19 05:09:01 +00:00
Sign binaries when given "-sign keyfile" option
This commit is contained in:
parent
d3eb674b30
commit
a0d9183b14
59
build.go
59
build.go
@ -13,7 +13,6 @@ import (
|
|||||||
"archive/zip"
|
"archive/zip"
|
||||||
"bytes"
|
"bytes"
|
||||||
"compress/gzip"
|
"compress/gzip"
|
||||||
"crypto/md5"
|
|
||||||
"flag"
|
"flag"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
@ -28,16 +27,19 @@ import (
|
|||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/syncthing/syncthing/lib/signature"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
versionRe = regexp.MustCompile(`-[0-9]{1,3}-g[0-9a-f]{5,10}`)
|
versionRe = regexp.MustCompile(`-[0-9]{1,3}-g[0-9a-f]{5,10}`)
|
||||||
goarch string
|
goarch string
|
||||||
goos string
|
goos string
|
||||||
noupgrade bool
|
noupgrade bool
|
||||||
version string
|
version string
|
||||||
goVersion float64
|
goVersion float64
|
||||||
race bool
|
race bool
|
||||||
|
signingKey string
|
||||||
)
|
)
|
||||||
|
|
||||||
const minGoVersion = 1.3
|
const minGoVersion = 1.3
|
||||||
@ -62,6 +64,7 @@ func main() {
|
|||||||
flag.BoolVar(&noupgrade, "no-upgrade", noupgrade, "Disable upgrade functionality")
|
flag.BoolVar(&noupgrade, "no-upgrade", noupgrade, "Disable upgrade functionality")
|
||||||
flag.StringVar(&version, "version", getVersion(), "Set compiled in version string")
|
flag.StringVar(&version, "version", getVersion(), "Set compiled in version string")
|
||||||
flag.BoolVar(&race, "race", race, "Use race detector")
|
flag.BoolVar(&race, "race", race, "Use race detector")
|
||||||
|
flag.StringVar(&signingKey, "sign", signingKey, "Private key file for signing binaries")
|
||||||
flag.Parse()
|
flag.Parse()
|
||||||
|
|
||||||
switch goarch {
|
switch goarch {
|
||||||
@ -215,7 +218,7 @@ func build(pkg string, tags []string) {
|
|||||||
binary += ".exe"
|
binary += ".exe"
|
||||||
}
|
}
|
||||||
|
|
||||||
rmr(binary, binary+".md5")
|
rmr(binary, binary+".sig")
|
||||||
args := []string{"build", "-ldflags", ldflags()}
|
args := []string{"build", "-ldflags", ldflags()}
|
||||||
if len(tags) > 0 {
|
if len(tags) > 0 {
|
||||||
args = append(args, "-tags", strings.Join(tags, ","))
|
args = append(args, "-tags", strings.Join(tags, ","))
|
||||||
@ -227,11 +230,13 @@ func build(pkg string, tags []string) {
|
|||||||
setBuildEnv()
|
setBuildEnv()
|
||||||
runPrint("go", args...)
|
runPrint("go", args...)
|
||||||
|
|
||||||
// Create an md5 checksum of the binary, to be included in the archive for
|
if signingKey != "" {
|
||||||
// automatic upgrades.
|
// Create an signature of the binary, to be included in the archive for
|
||||||
err := md5File(binary)
|
// automatic upgrades.
|
||||||
if err != nil {
|
err := signFile(signingKey, binary)
|
||||||
log.Fatal(err)
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -249,7 +254,10 @@ func buildTar() {
|
|||||||
{src: "LICENSE", dst: name + "/LICENSE.txt"},
|
{src: "LICENSE", dst: name + "/LICENSE.txt"},
|
||||||
{src: "AUTHORS", dst: name + "/AUTHORS.txt"},
|
{src: "AUTHORS", dst: name + "/AUTHORS.txt"},
|
||||||
{src: "syncthing", dst: name + "/syncthing"},
|
{src: "syncthing", dst: name + "/syncthing"},
|
||||||
{src: "syncthing.md5", dst: name + "/syncthing.md5"},
|
}
|
||||||
|
|
||||||
|
if _, err := os.Stat("syncthing.sig"); err == nil {
|
||||||
|
files = append(files, archiveFile{src: "syncthing.sig", dst: name + "/syncthing.sig"})
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, file := range listFiles("etc") {
|
for _, file := range listFiles("etc") {
|
||||||
@ -277,7 +285,10 @@ func buildZip() {
|
|||||||
{src: "LICENSE", dst: name + "/LICENSE.txt"},
|
{src: "LICENSE", dst: name + "/LICENSE.txt"},
|
||||||
{src: "AUTHORS", dst: name + "/AUTHORS.txt"},
|
{src: "AUTHORS", dst: name + "/AUTHORS.txt"},
|
||||||
{src: "syncthing.exe", dst: name + "/syncthing.exe"},
|
{src: "syncthing.exe", dst: name + "/syncthing.exe"},
|
||||||
{src: "syncthing.exe.md5", dst: name + "/syncthing.exe.md5"},
|
}
|
||||||
|
|
||||||
|
if _, err := os.Stat("syncthing.exe.sig"); err == nil {
|
||||||
|
files = append(files, archiveFile{src: "syncthing.exe.sig", dst: name + "/syncthing.exe.sig"})
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, file := range listFiles("extra") {
|
for _, file := range listFiles("extra") {
|
||||||
@ -712,29 +723,31 @@ func zipFile(out string, files []archiveFile) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func md5File(file string) error {
|
func signFile(keyname, file string) error {
|
||||||
|
privkey, err := ioutil.ReadFile(keyname)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
fd, err := os.Open(file)
|
fd, err := os.Open(file)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
defer fd.Close()
|
defer fd.Close()
|
||||||
|
|
||||||
h := md5.New()
|
sig, err := signature.Sign(privkey, fd)
|
||||||
_, err = io.Copy(h, fd)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
out, err := os.Create(file + ".md5")
|
out, err := os.Create(file + ".sig")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
_, err = out.Write(sig)
|
||||||
_, err = fmt.Fprintf(out, "%x\n", h.Sum(nil))
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
return out.Close()
|
return out.Close()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user