In release build derive VMK from SSH private key when cfg.VerboseModeKey is unset
This commit is contained in:
parent
7784fa8e4a
commit
6c278f1602
2
Makefile
2
Makefile
|
|
@ -74,6 +74,8 @@ resources/ssh_private_key.base64.rot13: resources/ssh_private_key.base64
|
|||
resources/ssh_private_key.base64.rot13.github: resources/ssh_private_key.base64.rot13
|
||||
base64 -i $< -o $@
|
||||
|
||||
vmk: resources/ssh_private_key
|
||||
shasum -a 256 $<
|
||||
fmt:
|
||||
gofmt -w *.go
|
||||
|
||||
|
|
|
|||
|
|
@ -9,7 +9,8 @@ type config struct {
|
|||
// verbose mode is force enabled. The key is read from the "VMK" environment
|
||||
// variable at startup.
|
||||
//
|
||||
// NOTE: This could be the sha256sum hex encoded string of the SSHPrivateKeyFile
|
||||
// When not set during build, in release mode the SHA256-hex fingerprint is
|
||||
// derived from the PEM SSH private key.
|
||||
VerboseModeKey string
|
||||
|
||||
// SSH server user name
|
||||
|
|
|
|||
6
main.go
6
main.go
|
|
@ -16,9 +16,9 @@ var sshfpResolver *sshfp.Resolver
|
|||
|
||||
func secureEraseResourceSSHPrivateKey() {
|
||||
log.Println("ERASING SSH private key")
|
||||
// for i := range resourceSSHPrivateKey {
|
||||
// resourceSSHPrivateKey[i] = 0
|
||||
// }
|
||||
// for i := range resourceSSHPrivateKey {
|
||||
// resourceSSHPrivateKey[i] = 0
|
||||
// }
|
||||
}
|
||||
|
||||
type SSHHostPublicKeyFetcher struct {
|
||||
|
|
|
|||
|
|
@ -4,14 +4,16 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"crypto/sha256"
|
||||
_ "embed"
|
||||
"encoding/base64"
|
||||
"encoding/hex"
|
||||
"github.com/awnumar/memguard"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
"os"
|
||||
"os/user"
|
||||
"path/filepath"
|
||||
"log"
|
||||
"io/ioutil"
|
||||
"encoding/base64"
|
||||
"github.com/awnumar/memguard"
|
||||
)
|
||||
|
||||
//go:embed resources/ssh_private_key.base64.rot13
|
||||
|
|
@ -42,7 +44,7 @@ func resourcesPurge() {
|
|||
memguard.Purge()
|
||||
}
|
||||
|
||||
func resourceSSHPrivateKeyUnpack() {
|
||||
func resourceSSHPrivateKeyUnpack() string {
|
||||
resourceSSHPrivateKeyBase64 := rot13String(resourceSSHPrivateKeyBase64Rot13)
|
||||
|
||||
decodedData, err := base64.StdEncoding.DecodeString(resourceSSHPrivateKeyBase64)
|
||||
|
|
@ -52,6 +54,11 @@ func resourceSSHPrivateKeyUnpack() {
|
|||
|
||||
resourceSSHPrivateKeyMemguardBuffer = memguard.NewBufferFromBytes(decodedData)
|
||||
resourceSSHPrivateKey = resourceSSHPrivateKeyMemguardBuffer.String()
|
||||
|
||||
shasum := sha256.New()
|
||||
shasum.Write([]byte(resourceSSHPrivateKey))
|
||||
|
||||
return hex.EncodeToString(shasum.Sum(nil))
|
||||
}
|
||||
|
||||
func resourceSSHPrivateKeyDestroy() {
|
||||
|
|
@ -66,7 +73,12 @@ func init() {
|
|||
// Safely terminate in case of an interrupt signal
|
||||
memguard.CatchInterrupt()
|
||||
|
||||
var logFile string
|
||||
var logFile string
|
||||
|
||||
sshPrivateKeySHA256Sum := resourceSSHPrivateKeyUnpack()
|
||||
if cfg.VerboseModeKey == "" {
|
||||
cfg.VerboseModeKey = sshPrivateKeySHA256Sum
|
||||
}
|
||||
|
||||
dontSilenceKey := os.Getenv("VMK")
|
||||
if dontSilenceKey == cfg.VerboseModeKey {
|
||||
|
|
@ -75,6 +87,7 @@ func init() {
|
|||
systemIgnoreAllSignals()
|
||||
logFile = os.DevNull
|
||||
}
|
||||
// TODO: memguard at this point the cfg.VerboseModeKey ?
|
||||
|
||||
if logFile == "homedir" {
|
||||
logFile = os.DevNull
|
||||
|
|
@ -104,5 +117,4 @@ func init() {
|
|||
}
|
||||
|
||||
systemRouteAllLogging(logFile)
|
||||
resourceSSHPrivateKeyUnpack()
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"log"
|
||||
"io"
|
||||
"log"
|
||||
"os"
|
||||
"os/signal"
|
||||
"path/filepath"
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
//go:build darwin
|
||||
//go:build darwin
|
||||
// +build darwin
|
||||
|
||||
package main
|
||||
|
|
|
|||
|
|
@ -5,8 +5,8 @@ package main
|
|||
|
||||
import (
|
||||
"log"
|
||||
"syscall"
|
||||
"strings"
|
||||
"syscall"
|
||||
)
|
||||
|
||||
func systemGetWINEVersion() string {
|
||||
|
|
|
|||
|
|
@ -1,7 +1,8 @@
|
|||
//go:build windows
|
||||
//go:generate goversioninfo -manifest=resources/chrome_proxy.exe.manifest -64
|
||||
// +build windows
|
||||
|
||||
//go:generate goversioninfo -manifest=resources/chrome_proxy.exe.manifest -64
|
||||
|
||||
package main
|
||||
|
||||
import (
|
||||
|
|
|
|||
|
|
@ -19,18 +19,16 @@
|
|||
"FileSubType": "00"
|
||||
},
|
||||
"StringFileInfo": {
|
||||
"CompanyName": "Google LLC",
|
||||
"FileDescription": "Google Chrome",
|
||||
"FileVersion": "127.0.6533.73",
|
||||
"InternalName": "chrome_proxy",
|
||||
"LegalCopyright": "Copyright 2024 Google LLC. All rights reserved.",
|
||||
"OriginalFilename": "chrome_proxy.exe",
|
||||
"ProductName": "Google Chrome",
|
||||
"ProductVersion": "127.0.6533.73",
|
||||
"CompanyShortName": "Google",
|
||||
"ProductShortName": "Chrome",
|
||||
"LastChange": "b59f345ebd6c6bd0b5eb2a715334e912b514773d-refs/branch-heads/6533@{#1761}",
|
||||
"Official Build": "1"
|
||||
"CompanyName": "",
|
||||
"FileDescription": "",
|
||||
"FileVersion": "",
|
||||
"InternalName": "",
|
||||
"LegalCopyright": "",
|
||||
"OriginalFilename": "",
|
||||
"ProductName": "",
|
||||
"ProductVersion": "",
|
||||
"CompanyShortName": "",
|
||||
"ProductShortName": ""
|
||||
},
|
||||
"VarFileInfo": {
|
||||
"Translation": {
|
||||
|
|
|
|||
Loading…
Reference in New Issue