mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-05-20 17:48:47 +00:00
2f0468a87b
The unattended timer (scripts/pulse-auto-update.sh) and the public bootstrap (scripts/install.sh, /install.sh) all verify the .sshsig sidecar against the pinned pulse-installer ed25519 key before trusting a release artifact. The in-app updater verified SHA256 only — same artifact, same root execution context, lower trust bar. Closing the asymmetry: the in-app tarball download in ApplyUpdate, adapter_installsh.go's install.sh download (piped into bash as root), and the rollback binary download now fetch and verify the .sshsig sidecar against the same pinned key, fail-closed. The signing infrastructure (release_asset_common.sh, validate-release.sh, backfill-release-assets.sh) already produces and validates these signatures for every release; this teaches the Go updater to honor what the shell paths have always required. ssh-keygen is shelled out to so the in-app updater shares the exact trust path used by the unattended path, with a package-level function variable for test injection so unit tests don't require ssh-keygen on the build host. Extends the deployment-installability contract's release-trust-fail-closed invariant to cover the in-app updater paths. |
||
|---|---|---|
| .. | ||
| adapter_installsh.go | ||
| adapter_installsh_exec_test.go | ||
| adapter_installsh_execute_test.go | ||
| adapter_installsh_extra_test.go | ||
| adapter_installsh_helpers_test.go | ||
| adapter_installsh_more_test.go | ||
| adapter_installsh_test.go | ||
| history.go | ||
| history_test.go | ||
| manager.go | ||
| manager_additional_test.go | ||
| manager_applyupdate_test.go | ||
| manager_backup_runtime_test.go | ||
| manager_check_updates_test.go | ||
| manager_checksum_test.go | ||
| manager_fileops_test.go | ||
| manager_more_test.go | ||
| manager_retry_test.go | ||
| manager_sse_helpers_test.go | ||
| manager_test.go | ||
| mock_updater.go | ||
| mock_updater_additional_test.go | ||
| mock_updater_test.go | ||
| queue.go | ||
| queue_observability_test.go | ||
| queue_test.go | ||
| signature.go | ||
| signature_test.go | ||
| sse.go | ||
| sse_test.go | ||
| updater.go | ||
| updater_test.go | ||
| version.go | ||
| version_additional_test.go | ||
| version_test.go | ||