首頁 探索 說明
登入
rouch
/
rclone
镜像来自 https://github.com/rclone/rclone.git
關註 1
讚好 0
複刻 0
檔案 問題管理 0 Wiki
目錄樹: 30517698aa
分支列表 標籤列表
rclone
/
cmd
/
selfupdate
/
verify.go

verify.go 3.9 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899 
  1. //go:build !noselfupdate
    2. 

  2. // +build !noselfupdate
    3. 

  3. 

  4. package selfupdate
    5. 

  5. 

  6. import (
    7. 

  7. 	"bytes"
    8. 

  8. 	"context"
    9. 

  9. 	"errors"
    10. 

  10. 	"fmt"
    11. 

  11. 	"strings"
    12. 

  12. 

  13. 	"github.com/ProtonMail/go-crypto/openpgp"
    14. 

  14. 	"github.com/ProtonMail/go-crypto/openpgp/clearsign"
    15. 

  15. 	"github.com/rclone/rclone/fs"
    16. 

  16. )
    17. 

  17. 

  18. var ncwPublicKeyPGP = `-----BEGIN PGP PUBLIC KEY BLOCK-----
    19. 

  19. 

  20. mQGiBDuy3V0RBADVQOAF5aFiCxD3t2h6iAF2WMiaMlgZ6kX2i/u7addNkzX71VU9
    21. 

  21. 7NpI0SnsP5YWt+gEedST6OmFbtLfZWCR4KWn5XnNdjCMNhxaH6WccVqNm4ALPIqT
    22. 

  22. 59uVjkgf8RISmmoNJ1d+2wMWjQTUfwOEmoIgH6n+2MYNUKuctBrwAACflwCg1I1Q
    23. 

  23. O/prv/5hczdpQCs+fL87DxsD/Rt7pIXvsIOZyQWbIhSvNpGalJuMkW5Jx92UjsE9
    24. 

  24. 1Ipo3Xr6SGRPgW9+NxAZAsiZfCX/19knAyNrN9blwL0rcPDnkhdGwK69kfjF+wq+
    25. 

  25. QbogRGodbKhqY4v+cMNkKiemBuTQiWPkpKjifwNsD1fNjNKfDP3pJ64Yz7a4fuzV
    26. 

  26. X1YwBACpKVuEen34lmcX6ziY4jq8rKibKBs4JjQCRO24kYoHDULVe+RS9krQWY5b
    27. 

  27. e0foDhru4dsKccefK099G+WEzKVCKxupstWkTT/iJwajR8mIqd4AhD0wO9W3MCfV
    28. 

  28. Ov8ykMDZ7qBWk1DHc87Ep3W1o8t8wq74ifV+HjhhWg8QAylXg7QlTmljayBDcmFp
    29. 

  29. Zy1Xb29kIDxuaWNrQGNyYWlnLXdvb2QuY29tPoh0BBMRCAA0BQsHCgMEAxUDAgMW
    30. 

  30. AgECF4ACGQEWIQT79zfs6firGGBL0qyTk14C/ztU+gUCZS/mXAIbIwAKCRCTk14C
    31. 

  31. /ztU+tX+AJ9CUAnPvT4w5yRAPRfDiwWIPUqBOgCgiTelkzvUxvLWnYmpowwzKmsx
    32. 

  32. qaSJAjMEEAEIAB0WIQTjs1jchY+zB/SBcLnLDb68XzLIHQUCZPRnNAAKCRDLDb68
    33. 

  33. XzLIHZSAD/oCk9Z0xJfbpriphTBxFy7bWyPKF1lM1GZZaLKkktGfunf1i0Q7rhwp
    34. 

  34. Nu+u1launlOTp6ZoY36Ce2Qa1eSxWAQdjVajw9kOHXCAewrTREOMY/mb7RVGjajo
    35. 

  35. 0Egl8T9iD3JRyaxu2iVtbpZYuqehtGG28CaCzmtqE+EJcx1cGqAGSuuaDWRYlVX8
    36. 

  36. KDip44GQB5Lut30vwSIoZG1CPCR6VE82u4cl3mYZUfcJkCHsiLzoeadVzb+fOd+2
    37. 

  37. ybzBn8Y77ifGgM+dSFSHe03mFfcHPdp0QImF9HQR7XI0UMZmEJsw7c2vDrRa+kRY
    38. 

  38. 2A4/amGn4Tahuazq8g2yqgGm3yAj49qGNarAau849lDr7R49j73ESnNVBGJ9ShzU
    39. 

  39. 4Ls+S1A5gohZVu2s1fkE3mbAmoTfU4JCrpRydOuL9xRJk5gbL44sKeuGODNshyTP
    40. 

  40. JzG9DmRHpLsBn59v8mg5tqSfBIGqcqBxxnYHJnkK801MkaLW2m7wDmtz6P3TW86g
    41. 

  41. GukzfIN3/OufLjnpN3Nx376JwWDDIyif7sn6/q+ZMwGz9uLKZkAeM5c3Dh4ygpgl
    42. 

  42. iSLoV2bZzDz0iLxKWW7QOVVdWHmlEqbTldpQ7gUEPG7mxpzVo0xd6nHncSq0M91x
    43. 

  43. 29It4B3fATx/iJB2eardMzSsbzHiwTg0eswhYYGpSKZLgp4RShnVAbkCDQQ7st2B
    44. 

  44. EAgAjpB0UGDf/FrWAUo9jLWKFX15J0arBZkYm+iRax8K8fLnXzS2P+9Q04sAmt2q
    45. 

  45. CUxK9681Nd7xtPrkPrjbcACwuFyH3Cr9o2qseiVNgAHPFGKCNxLX/9PKWfmdoZTO
    46. 

  46. VVBcNV+sOTcx382uR04WPuv9jIwXT6JbCkXPaoCMv3mLnB9VnWRYatPYCaK8TXAP
    47. 

  47. WxZP8lrcUMjQ1GRTQ1vP9rRMp7iaXyItW1lelNFvHEII92QddeBLK7V5ng2sX/BM
    48. 

  48. m6/AafXZMnUQX3lpWQfEBTDT4qYsZ1zIEb4gq4dqauyNYgBcZdX//8oDE+BS2Fxx
    49. 

  49. DTccyOW0Wyt2Z6flDTfhgzd46wADBQf+MAqIgADwulmZk+e30Znj46VmnbZUB/J8
    50. 

  50. M4WXg6X5xaOQsCCMAWybmCc4pxFIT/1c/GdCqSHDv5nKBi5QyBMMn33/kgzVRAve
    51. 

  51. ihL6gWsNoT31Lxst457XuyRx1dwD8rzdWoP2b3etBGdu0P7vnOoqRmf1Y0XIoJeD
    52. 

  52. k/o8U901hG2VAo5zAVH2YdEtSZqlBIAzxjakKAAtnsZWIpBxrz9NPVOBmT18kxlg
    53. 

  53. Z7P4iU4/FMnGOfzT6/LCTj/B0hZKJCP7y7lHNP2yOabvvBsxU0ZGph1b8R6Zb1nP
    54. 

  54. 2+LQIi8kaBs8ypy7HDx7/mWe5DoyLe4NHQ/ZE0gCEWt1mlVIwTzFBohGBBgRAgAG
    55. 

  55. BQI7st2BAAoJEJOTXgL/O1T6YsEAoLZx0XLt4tpAC/LNwTZUrodUiOckAKC4DTRv
    56. 

  56. EtC4nj5EImssVk/xmU3axw==
    57. 

  57. =VUqh
    58. 

  58. -----END PGP PUBLIC KEY BLOCK-----
    59. 

  59. `
    60. 

  60. 

  61. func verifyHashsum(ctx context.Context, siteURL, version, archive string, hash []byte) error {
    62. 

  62. 	sumsURL := fmt.Sprintf("%s/%s/SHA256SUMS", siteURL, version)
    63. 

  63. 	sumsBuf, err := downloadFile(ctx, sumsURL)
    64. 

  64. 	if err != nil {
    65. 

  65. 		return err
    66. 

  66. 	}
    67. 

  67. 	fs.Debugf(nil, "downloaded hashsum list: %s", sumsURL)
    68. 

  68. 	return verifyHashsumDownloaded(ctx, sumsBuf, archive, hash)
    69. 

  69. }
    70. 

  70. 

  71. func verifyHashsumDownloaded(ctx context.Context, sumsBuf []byte, archive string, hash []byte) error {
    72. 

  72. 	keyRing, err := openpgp.ReadArmoredKeyRing(strings.NewReader(ncwPublicKeyPGP))
    73. 

  73. 	if err != nil {
    74. 

  74. 		return fmt.Errorf("unsupported signing key: %w", err)
    75. 

  75. 	}
    76. 

  76. 

  77. 	block, rest := clearsign.Decode(sumsBuf)
    78. 

  78. 	if block == nil {
    79. 

  79. 		return errors.New("invalid hashsum signature: couldn't find detached signature")
    80. 

  80. 	}
    81. 

  81. 	if len(rest) > 0 {
    82. 

  82. 		return fmt.Errorf("invalid hashsum signature: %d bytes of unsigned data", len(rest))
    83. 

  83. 	}
    84. 

  84. 

  85. 	_, err = openpgp.CheckDetachedSignature(keyRing, bytes.NewReader(block.Bytes), block.ArmoredSignature.Body, nil)
    86. 

  86. 	if err != nil {
    87. 

  87. 		return fmt.Errorf("invalid hashsum signature: %w", err)
    88. 

  88. 	}
    89. 

  89. 

  90. 	wantHash, err := findFileHash(sumsBuf, archive)
    91. 

  91. 	if err != nil {
    92. 

  92. 		return err
    93. 

  93. 	}
    94. 

  94. 	if !bytes.Equal(hash, wantHash) {
    95. 

  95. 		return fmt.Errorf("archive hash mismatch: want %02x vs got %02x", wantHash, hash)
    96. 

  96. 	}
    97. 

  97. 	return nil
    98. 

  98. }
    99. 

  99.