feat(mining): enforce xmrig signatures + fix multi-platform checksum/asset bugs
Now that the release publishes a valid .sig per archive (verified against the pinned key for linux/win/macOS), enable enforcement and fix two bugs that the newer multi-platform release (v6.25.3, which added a macOS build) exposed: - kXmrigRequireSignature = true: refuse any install whose release doesn't publish a valid ed25519 signature over the archive. Verified live end-to-end against the signed v6.25.3 (archive SHA-256 + signature -> install). - Drop the redundant inner-binary SHA-256 check. It keyed on the inner filename, but both the linux and macOS archives contain a binary literally named "xmrig", so the two "xmrig (…)" checksum lines collided in the map and the linux install compared against the macOS hash -> spurious "could not verify" failure. The whole archive is already verified (SHA-256 + signature), so every extracted member is authentic by transitivity — the per-member check added nothing but ambiguity. - Fix the macOS platform token: the asset is named "...-macos-x86_64.zip", not "...-macos-x64", so selectXmrigAsset never matched it. currentXmrigPlatformToken() now returns "macos-x86_64" on Intel macs (arm64 has no build -> Unavailable). Added a matcher test for the macOS naming. Both variants build; suite stable (0 failures / multiple runs); live require-mode install verified. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -321,8 +321,11 @@ void XmrigUpdater::runInstall(std::string targetDir)
|
||||
}
|
||||
}
|
||||
|
||||
// 3. Extract the wanted binaries (flatten the versioned subdir), verifying the miner binary's
|
||||
// SHA-256 in memory before writing the executable to disk.
|
||||
// 3. Extract the wanted binaries (flatten the versioned subdir). No per-member hash check is
|
||||
// needed: the whole archive was already verified above (SHA-256, and the ed25519 signature
|
||||
// when a key is pinned), so every member is authentic by transitivity. (A per-member check
|
||||
// keyed on the inner filename is also ambiguous — e.g. both the linux and macOS archives
|
||||
// contain a binary literally named "xmrig".)
|
||||
setProgress(State::Extracting, "Installing miner…");
|
||||
const std::vector<std::string> wanted = xmrigExtractBasenames(token);
|
||||
const std::string minerName = wanted.front(); // "xmrig" / "xmrig.exe"
|
||||
@@ -350,17 +353,6 @@ void XmrigUpdater::runInstall(std::string targetDir)
|
||||
void* mem = mz_zip_reader_extract_to_heap(&zip, i, &outSize, 0);
|
||||
if (!mem) { failed = true; break; }
|
||||
|
||||
// For the miner binary, verify the inner-binary SHA-256 before writing the executable.
|
||||
if (base == minerName) {
|
||||
const std::string actual = sha256Hex(mem, outSize);
|
||||
const auto it = checksums.find(minerName);
|
||||
if (it == checksums.end() || actual != it->second) {
|
||||
mz_free(mem);
|
||||
failed = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
// Atomic write: temp file in target dir, then rename over the destination.
|
||||
const std::string finalPath = (fs::path(targetDir) / base).string();
|
||||
const std::string tmpPath = finalPath + ".tmp";
|
||||
|
||||
Reference in New Issue
Block a user