3f22d698da
Some checks failed
CI / Test (push) Failing after 12m50s
CI / Build (push) Successful in 1m35s
CI / Build-1 (push) Successful in 1m58s
CI / Build-2 (push) Successful in 1m33s
CI / Build-3 (push) Successful in 1m33s
CI / Build-4 (push) Successful in 1m33s
CI / Build-5 (push) Successful in 1m34s
CI / Lint (push) Failing after 2m30s
CI / Coverage (push) Successful in 2m47s
CI / Vet (push) Successful in 1m59s
Supersedes the previous "disable signature verification" stop-gap. The two checksum tests now run verifyChecksum with signature verification ENABLED using a per-test ed25519 keypair (withReleasePubKey) and a matching checksums.txt.sig served over the exact body — so they cover the real production path end to end instead of skipping it. Adds verifyChecksum-level coverage for the cases that actually protect a self-update: a checksums file signed by the wrong key is rejected, a missing .sig is rejected, and verifyChecksumOnly (--allow-unsigned) still passes on the checksum alone. No production code change. |
||
|---|---|---|
| .. | ||
| cache.go | ||
| download.go | ||
| extract.go | ||
| signature.go | ||
| signature_test.go | ||
| upgrade.go | ||
| upgrade_test.go | ||