DanS
85b53baeaf
- Pin the ed25519 public key in xmrig_updater.h, activating signature verification in soft mode (kXmrigRequireSignature=false): a release's ".sig" asset is verified when present, but an unsigned release still installs on TLS + SHA-256. Verified live against the current release (v6.25.2, which ships no .sig yet) — still installs. - gitignore *.ed25519.key / *.ed25519.pub.b64 so a signing secret key can never be committed. - Add a unit test that the pinned key decodes to a valid 32-byte ed25519 key (a malformed paste fails the build, not silently disabling verification). Bug fix (found via a flaky test): verifyXmrigSignature trimmed trailing whitespace BEFORE the raw-64-byte check, so a raw signature whose last byte equals '\n'/'\r'/space/tab (~1.6% of signatures) was corrupted and rejected. Now base64 is tried first (safe to trim) and the raw path uses the exact untrimmed bytes. Added a deterministic regression test that forces a whitespace-terminated raw signature. Suite is stable (0 failures in 10 runs; was ~3/8). Also de-brittled the live integration test: it no longer pins a release-specific binary hash (reaching Done already means the worker verified the binary against the release's own checksum). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
168 KiB
168 KiB