From d7b749f54e3d8400db43eb45f5ff50a880c23ee0 Mon Sep 17 00:00:00 2001
From: Flik <flik360@qq.com>
Date: Wed, 31 Dec 2025 21:28:30 +0800
Subject: [PATCH] =?UTF-8?q?chore(security):=20=E7=A7=BB=E9=99=A4=E5=AE=89?=
 =?UTF-8?q?=E5=85=A8=E6=96=87=E4=BB=B6=E7=AD=BE=E5=90=8D=E5=8A=9F=E8=83=BD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 删除了 security/keys.json 配置文件
- 删除了 security/revocation.json 撤销列表文件
- 从 GitHub Actions 工作流中移除了安全文件签名步骤
- 更新了工作流中的 git add 命令，不再包含安全文件
- 删除了 sign-security.sh 签名脚本文件
---
 .github/workflows/sign.yml | 12 +-----------
 scripts/sign-security.sh   | 36 ------------------------------------
 security/keys.json         |  6 ------
 security/revocation.json   |  6 ------
 4 files changed, 1 insertion(+), 59 deletions(-)
 delete mode 100755 scripts/sign-security.sh
 delete mode 100644 security/keys.json
 delete mode 100644 security/revocation.json

diff --git a/.github/workflows/sign.yml b/.github/workflows/sign.yml
index e9a17fc..bbbd7cb 100644
--- a/.github/workflows/sign.yml
+++ b/.github/workflows/sign.yml
@@ -6,7 +6,6 @@ on:
     paths:
       - 'plugins/**/*.js'
       - 'plugins/**/manifest.json'
-      - 'security/*.json'
   workflow_dispatch:
 
 jobs:
@@ -38,19 +37,10 @@ jobs:
       - name: Generate store.json
         run: bash scripts/generate-store.sh > store.json
 
-      - name: Sign security files
-        env:
-          SIGNING_KEY: ${{ secrets.PLUGIN_SIGNING_KEY }}
-        run: |
-          echo "$SIGNING_KEY" > /tmp/private.key
-          chmod 600 /tmp/private.key
-          bash scripts/sign-security.sh /tmp/private.key
-          rm -f /tmp/private.key
-
       - name: Commit changes
         run: |
           git config user.name "GitHub Actions"
           git config user.email "actions@github.com"
-          git add -A "plugins/**/*.sig" store.json "security/*.json"
+          git add -A "plugins/**/*.sig" store.json
           git diff --staged --quiet || git commit -m "chore: update signatures and store"
           git push
diff --git a/scripts/sign-security.sh b/scripts/sign-security.sh
deleted file mode 100755
index e30d65b..0000000
--- a/scripts/sign-security.sh
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/bin/bash
-set -e
-
-KEY_FILE="$1"
-
-if [ -z "$KEY_FILE" ]; then
-    echo "Usage: $0 <private-key-file>"
-    exit 1
-fi
-
-SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
-REPO_ROOT="$(dirname "$SCRIPT_DIR")"
-SIGNTOOL="$REPO_ROOT/signtool"
-
-# 构建 signtool
-if [ ! -f "$SIGNTOOL" ]; then
-    echo "Building signtool..."
-    cd "$REPO_ROOT"
-    go build -o signtool ./tools/signtool
-fi
-
-cd "$REPO_ROOT"
-
-# 签名撤销列表
-if [ -f "security/revocation.json" ]; then
-    echo "Signing revocation.json..."
-    "$SIGNTOOL" sign-json -key "$KEY_FILE" security/revocation.json
-fi
-
-# 签名公钥列表
-if [ -f "security/keys.json" ]; then
-    echo "Signing keys.json..."
-    "$SIGNTOOL" sign-json -key "$KEY_FILE" security/keys.json
-fi
-
-echo "Done!"
diff --git a/security/keys.json b/security/keys.json
deleted file mode 100644
index a6cd9e4..0000000
--- a/security/keys.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
-  "version": 1,
-  "updated_at": 1735560000,
-  "keys": [],
-  "signature": ""
-}
diff --git a/security/revocation.json b/security/revocation.json
deleted file mode 100644
index 48b7425..0000000
--- a/security/revocation.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
-  "version": 1,
-  "updated_at": 1735560000,
-  "entries": [],
-  "signature": ""
-}