feat(store): 更新插件商店生成脚本和安全签名功能

- 修改 generate-store.sh 脚本添加 Gitea raw 文件基础 URL 配置 - 在 generate-store.sh 中为每个插件添加 download_url 和 signature_url 字段 - 扩展 signtool 工具添加 sign-json 命令用于签名 JSON 配置文件 - 更新 GitHub Actions 工作流添加对 security/*.json 文件的监控 - 新增 sign-security.sh 脚本用于批量签名安全相关 JSON 文件 - 添加 security/keys.json 和 security/revocation.json 模板文件
2025-12-30 22:06:27 +08:00
parent 934de48173
commit 9b4a12b51a
6 changed files with 141 additions and 3 deletions
--- a/scripts/generate-store.sh
+++ b/scripts/generate-store.sh
@@ -2,7 +2,9 @@
 set -e

 REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
-STORE_FILE="$REPO_ROOT/store.json"
+
+# Gitea raw 文件基础 URL
+BASE_URL="${STORE_BASE_URL:-https://git.92coco.cn:8443/flik/GoTunnel-Plugins/raw/branch/main}"

 echo "["

@@ -10,13 +12,23 @@ first=true
 for manifest in "$REPO_ROOT"/plugins/*/manifest.json; do
    [ -f "$manifest" ] || continue

+    # 获取插件目录名
+    plugin_dir=$(dirname "$manifest")
+    plugin_name=$(basename "$plugin_dir")
+
+    # 构建下载 URL 和签名 URL
+    download_url="$BASE_URL/plugins/$plugin_name/plugin.js"
+    signature_url="$BASE_URL/plugins/$plugin_name/plugin.js.sig"
+
    if [ "$first" = true ]; then
        first=false
    else
        echo ","
    fi

-    cat "$manifest"
+    # 使用 jq 添加 download_url 和 signature_url 字段
+    jq --arg dl "$download_url" --arg sig "$signature_url" \
+        '. + {download_url: $dl, signature_url: $sig}' "$manifest"
 done

 echo "]"
--- a/scripts/sign-security.sh
+++ b/scripts/sign-security.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+set -e
+
+KEY_FILE="$1"
+
+if [ -z "$KEY_FILE" ]; then
+    echo "Usage: $0 <private-key-file>"
+    exit 1
+fi
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+REPO_ROOT="$(dirname "$SCRIPT_DIR")"
+SIGNTOOL="$REPO_ROOT/signtool"
+
+# 构建 signtool
+if [ ! -f "$SIGNTOOL" ]; then
+    echo "Building signtool..."
+    cd "$REPO_ROOT"
+    go build -o signtool ./tools/signtool
+fi
+
+cd "$REPO_ROOT"
+
+# 签名撤销列表
+if [ -f "security/revocation.json" ]; then
+    echo "Signing revocation.json..."
+    "$SIGNTOOL" sign-json -key "$KEY_FILE" security/revocation.json
+fi
+
+# 签名公钥列表
+if [ -f "security/keys.json" ]; then
+    echo "Signing keys.json..."
+    "$SIGNTOOL" sign-json -key "$KEY_FILE" security/keys.json
+fi
+
+echo "Done!"