mirror of
https://github.com/minio/minio.git
synced 2025-01-11 15:03:22 -05:00
Use the official pub key to always verify binary (#16857)
This commit is contained in:
Aditya Manthramurthy
GitHub
parent
b3c54ec81e
commit
05444a0f6a
@ -518,6 +518,11 @@ func downloadBinary(u *url.URL, mode string) (readerReturn []byte, err error) {
|
|||||||
return binaryFile, nil
|
return binaryFile, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const (
|
||||||
|
// Update this whenever the official minisign pubkey is rotated.
|
||||||
|
defaultMinisignPubkey = "RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav"
|
||||||
|
)
|
||||||
|
|
||||||
func verifyBinary(u *url.URL, sha256Sum []byte, releaseInfo string, mode string, reader []byte) (err error) {
|
func verifyBinary(u *url.URL, sha256Sum []byte, releaseInfo string, mode string, reader []byte) (err error) {
|
||||||
if !atomic.CompareAndSwapUint32(&updateInProgress, 0, 1) {
|
if !atomic.CompareAndSwapUint32(&updateInProgress, 0, 1) {
|
||||||
return errors.New("update already in progress")
|
return errors.New("update already in progress")
|
||||||
@ -538,7 +543,7 @@ func verifyBinary(u *url.URL, sha256Sum []byte, releaseInfo string, mode string,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
minisignPubkey := env.Get(envMinisignPubKey, "")
|
minisignPubkey := env.Get(envMinisignPubKey, defaultMinisignPubkey)
|
||||||
if minisignPubkey != "" {
|
if minisignPubkey != "" {
|
||||||
v := selfupdate.NewVerifier()
|
v := selfupdate.NewVerifier()
|
||||||
u.Path = path.Dir(u.Path) + slashSeparator + releaseInfo + ".minisig"
|
u.Path = path.Dir(u.Path) + slashSeparator + releaseInfo + ".minisig"
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user