chore(security): 移除安全文件签名功能

- 删除了 security/keys.json 配置文件 - 删除了 security/revocation.json 撤销列表文件 - 从 GitHub Actions 工作流中移除了安全文件签名步骤 - 更新了工作流中的 git add 命令，不再包含安全文件 - 删除了 sign-security.sh 签名脚本文件
2025-12-31 21:28:30 +08:00
parent 9b4a12b51a
commit d7b749f54e
4 changed files with 1 additions and 59 deletions
--- a/.github/workflows/sign.yml
+++ b/.github/workflows/sign.yml
@@ -6,7 +6,6 @@ on:
    paths:
      - 'plugins/**/*.js'
      - 'plugins/**/manifest.json'
-      - 'security/*.json'
  workflow_dispatch:

 jobs:
@@ -38,19 +37,10 @@ jobs:
      - name: Generate store.json
        run: bash scripts/generate-store.sh > store.json

-      - name: Sign security files
-        env:
-          SIGNING_KEY: ${{ secrets.PLUGIN_SIGNING_KEY }}
-        run: |
-          echo "$SIGNING_KEY" > /tmp/private.key
-          chmod 600 /tmp/private.key
-          bash scripts/sign-security.sh /tmp/private.key
-          rm -f /tmp/private.key
-
      - name: Commit changes
        run: |
          git config user.name "GitHub Actions"
          git config user.email "actions@github.com"
-          git add -A "plugins/**/*.sig" store.json "security/*.json"
+          git add -A "plugins/**/*.sig" store.json
          git diff --staged --quiet || git commit -m "chore: update signatures and store"
          git push
--- a/scripts/sign-security.sh
+++ b/scripts/sign-security.sh
@@ -1,36 +0,0 @@
-#!/bin/bash
-set -e
-
-KEY_FILE="$1"
-
-if [ -z "$KEY_FILE" ]; then
-    echo "Usage: $0 <private-key-file>"
-    exit 1
-fi
-
-SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
-REPO_ROOT="$(dirname "$SCRIPT_DIR")"
-SIGNTOOL="$REPO_ROOT/signtool"
-
-# 构建 signtool
-if [ ! -f "$SIGNTOOL" ]; then
-    echo "Building signtool..."
-    cd "$REPO_ROOT"
-    go build -o signtool ./tools/signtool
-fi
-
-cd "$REPO_ROOT"
-
-# 签名撤销列表
-if [ -f "security/revocation.json" ]; then
-    echo "Signing revocation.json..."
-    "$SIGNTOOL" sign-json -key "$KEY_FILE" security/revocation.json
-fi
-
-# 签名公钥列表
-if [ -f "security/keys.json" ]; then
-    echo "Signing keys.json..."
-    "$SIGNTOOL" sign-json -key "$KEY_FILE" security/keys.json
-fi
-
-echo "Done!"
--- a/security/keys.json
+++ b/security/keys.json
@@ -1,6 +0,0 @@
-{
-  "version": 1,
-  "updated_at": 1735560000,
-  "keys": [],
-  "signature": ""
-}
--- a/security/revocation.json
+++ b/security/revocation.json
@@ -1,6 +0,0 @@
-{
-  "version": 1,
-  "updated_at": 1735560000,
-  "entries": [],
-  "signature": ""
-}