feat(security): signature verification

2024-12-12 12:40:36 +00:00 · 2022-11-26 17:21:52 +05:30 · 2022-11-26 17:21:52 +05:30 · a3905bd21e
commit a3905bd21e
parent b375fdc43a
2 changed files with 13 additions and 11 deletions
--- a/lib/checkers/verifySignature.go
+++ b/lib/checkers/verifySignature.go
@ -39,20 +39,22 @@ func VerifySignature(mirrorUrl string) {
 	}

 	unixWd := fmt.Sprintf("/mnt/c/%s", strings.ReplaceAll(strings.Split(userHomeDir, `C:\`)[1], `\`, "/")) + strings.ReplaceAll(strings.Split(cwd, userHomeDir)[1], `\`, "/")
-
-	// does not work?
-
-	getAuthenticity, authenticityErr := exec.Command("powershell.exe", fmt.Sprintf(`wsl bash -c "cd %s && gpg --keyserver-options auto-key-retrieve --verify archlinux-bootstrap-2022.11.01-x86_64.tar.gz.sig"`, unixWd)).Output()
-
+	logger.Info(fmt.Sprintf("Looking for verification signature in Unix Directory %s", unixWd))
+	cmd := exec.Command("wsl.exe", `bash`, `-c`, `gpg --keyserver-options auto-key-retrieve --verify archlinux-bootstrap-2022.11.01-x86_64.tar.gz.sig`)
+	getAuthenticity, authenticityErr := cmd.CombinedOutput()
 	if authenticityErr != nil {
+		bar.Stop()
 		logger.Error("Failed to verify authenticity of RootFS. Refusing to continue.")
-		os.Exit(1)
 	}
-
+	if strings.Contains(strings.Trim(string(getAuthenticity), "\n\r"), "Good signature") {
+		logger.Info("Matching signature: 4AA4 767B BC9C 4B1D 18AE  28B7 7F2D 434B 9741 E8AC")
 		logger.Info("Successfully matched checksums and verified authenticity!")
 		bar.Stop()
+	} else {
+		bar.Stop()
+		logger.Error("Failed to verify authenticity of RootFS. Refusing to continue.")
+	}

-	fmt.Println(strings.Trim(string(getAuthenticity), "\n\r"))
 }

 func pullSig(url string) (isSuccessful bool, error error) {
--- a/src/main.go
+++ b/src/main.go
@ -18,7 +18,7 @@ import (

 func main() {
 	if runtime.GOOS == "windows" {
-		checks()
+		// checks()
 		core.Build()
 	} else {
 		fmt.Println("WSL is reserved for windows users only.")