Skip to content

Commit

Permalink
fix(apk): always append .rsa.pub to key name (#808)
Browse files Browse the repository at this point in the history
  • Loading branch information
caarlos0 authored Mar 30, 2024
1 parent 1667ef9 commit 2118e9a
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 1 deletion.
5 changes: 4 additions & 1 deletion apk/apk.go
Original file line number Diff line number Diff line change
Expand Up @@ -281,7 +281,10 @@ func createSignatureBuilder(digest []byte, info *nfpm.Info) func(*tar.Writer) er
return errNoKeyAddress
}

keyname = addr.Address + ".rsa.pub"
keyname = addr.Address
}
if !strings.HasSuffix(keyname, ".rsa.pub") {
keyname += ".rsa.pub"
}

// In principle apk supports RSA signatures over SHA256/512 keys, but in
Expand Down
22 changes: 22 additions & 0 deletions apk/apk_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -315,6 +315,28 @@ func TestControl(t *testing.T) {
require.Equal(t, string(bts), w.String())
}

func TestSignatureName(t *testing.T) {
info := exampleInfo()
info.APK.Signature.KeyFile = "../internal/sign/testdata/rsa.priv"
info.APK.Signature.KeyName = "testkey"
info.APK.Signature.KeyPassphrase = "hunter2"
err := nfpm.PrepareForPackager(info, "apk")
require.NoError(t, err)

digest := sha1.New().Sum(nil) // nolint:gosec

var signatureTarGz bytes.Buffer
tw := tar.NewWriter(&signatureTarGz)
require.NoError(t, createSignatureBuilder(digest, info)(tw))

signature := extractFromTar(t, signatureTarGz.Bytes(), ".SIGN.RSA.testkey.rsa.pub")
err = sign.RSAVerifySHA1Digest(digest, signature, "../internal/sign/testdata/rsa.pub")
require.NoError(t, err)

err = Default.Package(info, io.Discard)
require.NoError(t, err)
}

func TestSignature(t *testing.T) {
info := exampleInfo()
info.APK.Signature.KeyFile = "../internal/sign/testdata/rsa.priv"
Expand Down

0 comments on commit 2118e9a

Please sign in to comment.