chore(security): 移除安全文件签名功能
- 删除了 security/keys.json 配置文件 - 删除了 security/revocation.json 撤销列表文件 - 从 GitHub Actions 工作流中移除了安全文件签名步骤 - 更新了工作流中的 git add 命令,不再包含安全文件 - 删除了 sign-security.sh 签名脚本文件
This commit is contained in:
Flik
12
.github/workflows/sign.yml
vendored
12
.github/workflows/sign.yml
vendored
@@ -6,7 +6,6 @@ on:
|
|||||||
paths:
|
paths:
|
||||||
- 'plugins/**/*.js'
|
- 'plugins/**/*.js'
|
||||||
- 'plugins/**/manifest.json'
|
- 'plugins/**/manifest.json'
|
||||||
- 'security/*.json'
|
|
||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
@@ -38,19 +37,10 @@ jobs:
|
|||||||
- name: Generate store.json
|
- name: Generate store.json
|
||||||
run: bash scripts/generate-store.sh > store.json
|
run: bash scripts/generate-store.sh > store.json
|
||||||
|
|
||||||
- name: Sign security files
|
|
||||||
env:
|
|
||||||
SIGNING_KEY: ${{ secrets.PLUGIN_SIGNING_KEY }}
|
|
||||||
run: |
|
|
||||||
echo "$SIGNING_KEY" > /tmp/private.key
|
|
||||||
chmod 600 /tmp/private.key
|
|
||||||
bash scripts/sign-security.sh /tmp/private.key
|
|
||||||
rm -f /tmp/private.key
|
|
||||||
|
|
||||||
- name: Commit changes
|
- name: Commit changes
|
||||||
run: |
|
run: |
|
||||||
git config user.name "GitHub Actions"
|
git config user.name "GitHub Actions"
|
||||||
git config user.email "actions@github.com"
|
git config user.email "actions@github.com"
|
||||||
git add -A "plugins/**/*.sig" store.json "security/*.json"
|
git add -A "plugins/**/*.sig" store.json
|
||||||
git diff --staged --quiet || git commit -m "chore: update signatures and store"
|
git diff --staged --quiet || git commit -m "chore: update signatures and store"
|
||||||
git push
|
git push
|
||||||
|
|||||||
@@ -1,36 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
set -e
|
|
||||||
|
|
||||||
KEY_FILE="$1"
|
|
||||||
|
|
||||||
if [ -z "$KEY_FILE" ]; then
|
|
||||||
echo "Usage: $0 <private-key-file>"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
|
|
||||||
REPO_ROOT="$(dirname "$SCRIPT_DIR")"
|
|
||||||
SIGNTOOL="$REPO_ROOT/signtool"
|
|
||||||
|
|
||||||
# 构建 signtool
|
|
||||||
if [ ! -f "$SIGNTOOL" ]; then
|
|
||||||
echo "Building signtool..."
|
|
||||||
cd "$REPO_ROOT"
|
|
||||||
go build -o signtool ./tools/signtool
|
|
||||||
fi
|
|
||||||
|
|
||||||
cd "$REPO_ROOT"
|
|
||||||
|
|
||||||
# 签名撤销列表
|
|
||||||
if [ -f "security/revocation.json" ]; then
|
|
||||||
echo "Signing revocation.json..."
|
|
||||||
"$SIGNTOOL" sign-json -key "$KEY_FILE" security/revocation.json
|
|
||||||
fi
|
|
||||||
|
|
||||||
# 签名公钥列表
|
|
||||||
if [ -f "security/keys.json" ]; then
|
|
||||||
echo "Signing keys.json..."
|
|
||||||
"$SIGNTOOL" sign-json -key "$KEY_FILE" security/keys.json
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "Done!"
|
|
||||||
@@ -1,6 +0,0 @@
|
|||||||
{
|
|
||||||
"version": 1,
|
|
||||||
"updated_at": 1735560000,
|
|
||||||
"keys": [],
|
|
||||||
"signature": ""
|
|
||||||
}
|
|
||||||
@@ -1,6 +0,0 @@
|
|||||||
{
|
|
||||||
"version": 1,
|
|
||||||
"updated_at": 1735560000,
|
|
||||||
"entries": [],
|
|
||||||
"signature": ""
|
|
||||||
}
|
|
||||||
Reference in New Issue
Block a user