mudhorn/oh-my-posh
1
0
Fork 0
mirror of https://github.com/JanDeDobbeleer/oh-my-posh.git synced 2025-02-21 02:55:37 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

chore(upgrade): add inline documentation

Browse source
This commit is contained in:
Jan De Dobbeleer 2024-07-04 20:10:06 +02:00 committed by Jan De Dobbeleer
parent b6729ff414
commit fc8ba361a9
1 changed files with 16 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
src/upgrade/verify.go
View file

@ -13,6 +13,22 @@ import (
"github.com/jandedobbeleer/oh-my-posh/src/runtime"
)
// This is based on the following key generation and validation.
// Generate a private key:
// openssl genpkey -algorithm Ed25519 -out private_key.pem
// Extract the public key:
// openssl pkey -in private_key.pem -pubout -out public_key.pem
// Sign the checksums.txt file:
// openssl pkeyutl -sign -inkey private_key.pem -out checksums.txt.sig -rawin -in checksums.txt
// Verify the signature:
// openssl pkeyutl -verify -pubin -inkey public_key.pem -sigfile checksums.txt.sig -rawin -in checksums.txt
// The public key is embedded in the binary.
// The private key is used to sign the checksums.txt file.
// The signature is embedded in the release.
// The checksums.txt file contains the checksums of the release assets.
// All checks are done in memory.
// Only then the binary is written to disk.
//go:embed public_key.pem
var publicKey []byte