TrueCloudLab/rclone
16
0
Fork 4
Code Issues 1 Pull requests Projects Releases 4 Packages Wiki Activity Actions

selfupdate: replace deprecated x/crypto/openpgp package with ProtonMail/go-crypto

Browse source
This commit is contained in:
albertony 2022-06-24 18:11:45 +02:00
parent c9d67c86fb
commit 1f9560e873
3 changed files with 7 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
cmd/selfupdate/verify.go
View file

@ -10,9 +10,9 @@ import (
"fmt"
"strings"
"github.com/ProtonMail/go-crypto/openpgp"
"github.com/ProtonMail/go-crypto/openpgp/clearsign"
"github.com/rclone/rclone/fs"
"golang.org/x/crypto/openpgp"
"golang.org/x/crypto/openpgp/clearsign"
)
var ncwPublicKeyPGP = `-----BEGIN PGP PUBLIC KEY BLOCK-----
@ -59,7 +59,7 @@ func verifyHashsum(ctx context.Context, siteURL, version, archive string, hash [
}
block, rest := clearsign.Decode(sumsBuf)
// block.Bytes = block.Bytes[1:] // uncomment to test invalid signature
_, err = openpgp.CheckDetachedSignature(keyRing, bytes.NewReader(block.Bytes), block.ArmoredSignature.Body)
_, err = openpgp.CheckDetachedSignature(keyRing, bytes.NewReader(block.Bytes), block.ArmoredSignature.Body, nil)
if err != nil || len(rest) > 0 {
return errors.New("invalid hashsum signature")
}