mirror of
https://github.com/EstrellaXD/Auto_Bangumi.git
synced 2026-07-11 22:47:18 +08:00
Closes the update-chain trust gap: the sha256 came from the same GitHub release as the bundle (integrity, not authenticity), and the boot overlay re-applied ab-writable content as root — including uv sync on an attacker-controllable lockfile. - signing: new module/update/signing.py verifies an ed25519 signature; public key embedded in the image at /app/ab_update_pubkey.pem (outside the overlay-replaceable tree, so it is the trust root). Private key lives only in CI (UPDATE_SIGNING_KEY secret). - updater: discover the .zip.sig asset, verify the signature after the sha256 check, reject any release without a signature, retain the verified bundle.zip+.sig for boot re-verification, and swap them on rollback. - boot_overlay: re-verify the signed bundle at every boot and extract the module tree / webui dist FROM the verified zip — never from the ab-writable current/ tree; read the version from the zip manifest, not the ab-writable applied.json; drop to the ab user before any fallback uv sync so lockfile build hooks can't run as root; zip-slip guard uses is_relative_to (also fixed in updater._safe_extract). - CI: build.yml signs the bundle with UPDATE_SIGNING_KEY and publishes the .zip.sig; the build fails if the secret is unset. - deps: cryptography made an explicit dependency. Tests cover bad-signature reject, unsigned-release reject, legacy overlay without a signed bundle reject, verified-bundle retention, and boot-overlay signature verification. Full backend suite: 1079 passed. Ops: run `gh secret set UPDATE_SIGNING_KEY < ~/.autobangumi/update-signing-key.pem` before the 3.3 release. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01FAxVyRwrY7z5NotTtgnwVs