Documentation
¶
Overview ¶
Package trustkeys exposes the public keys embedded in the gtb binary for self-update signature verification (Phase 2 of the remote-update-checksum-verification spec).
To embed a release public key, drop its ASCII-armored form into internal/trustkeys/keys/<name>.asc. Every *.asc file in that directory is embedded at build time and surfaced to the SelfUpdater via props.Tool.Signing.EmbeddedKeys (wired in internal/cmd/root).
The directory ships with the active release public key(s) under keys/*.asc alongside a .gitkeep placeholder. When no *.asc file is present Keys returns nil, which leaves the embedded trust anchor unset and keeps signature verification dormant (setup.DefaultRequireSignature is false) until a key is added and the rollout flips the default. See docs/development/phase2-signing-prep.md.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Keys ¶
func Keys() [][]byte
Keys returns every embedded ASCII-armored public key (the contents of internal/trustkeys/keys/*.asc). It returns nil when no key files are present, which leaves the embedded trust anchor unset.
A walk or read failure over the embedded filesystem is a build-time corruption of the binary's trust anchors, not a recoverable runtime condition — Keys panics rather than silently returning a partial or empty trust set, which would let verification fall open. Use KeysE to handle the error explicitly.
func KeysE ¶ added in v0.17.0
KeysE is the error-returning form of Keys. It propagates any error encountered while walking or reading the embedded keys directory rather than swallowing it, so trust-anchor corruption fails loud at the call site instead of degrading silently to an empty (verification-open) set.
Types ¶
This section is empty.
Source Files