miao-moe/LanMountainDesktop
1
0
Fork 0
mirror of https://github.com/wwiinnddyy/LanMountainDesktop.git synced 2026-06-20 23:54:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: compare signing keys by SPKI instead of PEM text

Browse Source
This commit is contained in:
lincube
2026-04-20 09:15:08 +08:00
parent c5ef418bd9
commit 62e7d96fe7
1 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
.github/workflows/release.yml vendored
View File

@@ -372,12 +372,12 @@ jobs:
Set-Content -Path $publicKeyPath -Value $derivedPublicKey -NoNewline
$repoPublicKeyPath = "LanMountainDesktop.Launcher/Assets/public-key.pem"
$repoPublicKey = (Get-Content -Path $repoPublicKeyPath -Raw)
$normalizePem = {
param([string]$pem)
return (($pem -replace "`r`n", "`n" -replace "`r", "`n").Trim())
}
if (& $normalizePem $repoPublicKey -ne (& $normalizePem $derivedPublicKey)) {
$repoPublicKeyPem = Get-Content -Path $repoPublicKeyPath -Raw
$repoRsa = [System.Security.Cryptography.RSA]::Create()
$repoRsa.ImportFromPem($repoPublicKeyPem)
$repoSpki = [Convert]::ToBase64String($repoRsa.ExportSubjectPublicKeyInfo())
$derivedSpki = [Convert]::ToBase64String($rsa.ExportSubjectPublicKeyInfo())
if ($repoSpki -ne $derivedSpki) {
Write-Error "Configured signing private key does not match $repoPublicKeyPath. Keep keypair consistent before publishing."
exit 1
}
@@ -662,12 +662,12 @@ jobs:
Set-Content -Path $publicKeyPath -Value $derivedPublicKey -NoNewline
$repoPublicKeyPath = "LanMountainDesktop.Launcher/Assets/public-key.pem"
$repoPublicKey = (Get-Content -Path $repoPublicKeyPath -Raw)
$normalizePem = {
param([string]$pem)
return (($pem -replace "`r`n", "`n" -replace "`r", "`n").Trim())
}
if (& $normalizePem $repoPublicKey -ne (& $normalizePem $derivedPublicKey)) {
$repoPublicKeyPem = Get-Content -Path $repoPublicKeyPath -Raw
$repoRsa = [System.Security.Cryptography.RSA]::Create()
$repoRsa.ImportFromPem($repoPublicKeyPem)
$repoSpki = [Convert]::ToBase64String($repoRsa.ExportSubjectPublicKeyInfo())
$derivedSpki = [Convert]::ToBase64String($rsa.ExportSubjectPublicKeyInfo())
if ($repoSpki -ne $derivedSpki) {
Write-Error "Configured signing private key does not match $repoPublicKeyPath. Keep keypair consistent before publishing."
exit 1
}