From 002a3eeffef567314e664171d536e35d28b2da86 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 20 Sep 2025 18:04:07 +0000 Subject: [PATCH] fix(deps): update module github.com/mouuff/go-rocket-update to v1.5.6 --- go.mod | 2 +- go.sum | 2 + vendor/github.com/kardianos/osext/LICENSE | 27 --- vendor/github.com/kardianos/osext/README.md | 21 -- vendor/github.com/kardianos/osext/osext.go | 33 --- .../github.com/kardianos/osext/osext_go18.go | 9 - .../github.com/kardianos/osext/osext_plan9.go | 22 -- .../kardianos/osext/osext_procfs.go | 36 --- .../kardianos/osext/osext_sysctl.go | 126 ----------- .../kardianos/osext/osext_windows.go | 36 --- .../mouuff/go-rocket-update/LICENSE | 206 ++---------------- .../internal/crypto/crypto.go | 22 +- .../internal/crypto/signatures.go | 9 +- .../internal/fileio/fileio.go | 7 +- .../internal/fileio/patcher.go | 5 +- .../pkg/provider/provider_decompress.go | 4 +- .../pkg/provider/provider_github.go | 5 +- .../pkg/provider/provider_gitlab.go | 5 +- .../pkg/provider/provider_gzip.go | 6 +- .../pkg/provider/provider_local.go | 3 +- .../pkg/provider/provider_zip.go | 4 +- .../go-rocket-update/pkg/updater/updater.go | 14 +- vendor/modules.txt | 3 +- 23 files changed, 69 insertions(+), 538 deletions(-) delete mode 100644 vendor/github.com/kardianos/osext/LICENSE delete mode 100644 vendor/github.com/kardianos/osext/README.md delete mode 100644 vendor/github.com/kardianos/osext/osext.go delete mode 100644 vendor/github.com/kardianos/osext/osext_go18.go delete mode 100644 vendor/github.com/kardianos/osext/osext_plan9.go delete mode 100644 vendor/github.com/kardianos/osext/osext_procfs.go delete mode 100644 vendor/github.com/kardianos/osext/osext_sysctl.go delete mode 100644 vendor/github.com/kardianos/osext/osext_windows.go diff --git a/go.mod b/go.mod index dcb5340..3341ff9 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module go.davsk.net/frodo go 1.23.4 require ( - github.com/mouuff/go-rocket-update v1.5.4 + github.com/mouuff/go-rocket-update v1.5.6 github.com/spf13/cobra v1.9.1 github.com/spf13/viper v1.20.0 golang.org/x/sys v0.31.0 diff --git a/go.sum b/go.sum index 668e5db..f6e75da 100644 --- a/go.sum +++ b/go.sum @@ -30,6 +30,8 @@ github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyua github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mouuff/go-rocket-update v1.5.4 h1:3WCqriXSzfcrMq7AhIW4AjG9EptWeJRBCvJRZ8iRWyo= github.com/mouuff/go-rocket-update v1.5.4/go.mod h1:CnOyUYCxAJyC1g1mebSGC7gJysLTlX+RpxKgD1B0zLs= +github.com/mouuff/go-rocket-update v1.5.6 h1:rPlValNW2w8lDs0BFyTwQIrm8ZK4AxgSkQ4Mzn2LK+o= +github.com/mouuff/go-rocket-update v1.5.6/go.mod h1:c8aC+54ym+GsjihxJEkNnOPaoFLuJbp58YyqubVBvpg= github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM= github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs= github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M= diff --git a/vendor/github.com/kardianos/osext/LICENSE b/vendor/github.com/kardianos/osext/LICENSE deleted file mode 100644 index 7448756..0000000 --- a/vendor/github.com/kardianos/osext/LICENSE +++ /dev/null @@ -1,27 +0,0 @@ -Copyright (c) 2012 The Go Authors. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. - * Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/github.com/kardianos/osext/README.md b/vendor/github.com/kardianos/osext/README.md deleted file mode 100644 index 15cbc3d..0000000 --- a/vendor/github.com/kardianos/osext/README.md +++ /dev/null @@ -1,21 +0,0 @@ -### Extensions to the "os" package. - -[![GoDoc](https://godoc.org/github.com/kardianos/osext?status.svg)](https://godoc.org/github.com/kardianos/osext) - -## Find the current Executable and ExecutableFolder. - -As of go1.8 the Executable function may be found in `os`. The Executable function -in the std lib `os` package is used if available. - -There is sometimes utility in finding the current executable file -that is running. This can be used for upgrading the current executable -or finding resources located relative to the executable file. Both -working directory and the os.Args[0] value are arbitrary and cannot -be relied on; os.Args[0] can be "faked". - -Multi-platform and supports: - * Linux - * OS X - * Windows - * Plan 9 - * BSDs. diff --git a/vendor/github.com/kardianos/osext/osext.go b/vendor/github.com/kardianos/osext/osext.go deleted file mode 100644 index 17f380f..0000000 --- a/vendor/github.com/kardianos/osext/osext.go +++ /dev/null @@ -1,33 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Extensions to the standard "os" package. -package osext // import "github.com/kardianos/osext" - -import "path/filepath" - -var cx, ce = executableClean() - -func executableClean() (string, error) { - p, err := executable() - return filepath.Clean(p), err -} - -// Executable returns an absolute path that can be used to -// re-invoke the current program. -// It may not be valid after the current program exits. -func Executable() (string, error) { - return cx, ce -} - -// Returns same path as Executable, returns just the folder -// path. Excludes the executable name and any trailing slash. -func ExecutableFolder() (string, error) { - p, err := Executable() - if err != nil { - return "", err - } - - return filepath.Dir(p), nil -} diff --git a/vendor/github.com/kardianos/osext/osext_go18.go b/vendor/github.com/kardianos/osext/osext_go18.go deleted file mode 100644 index 009d8a9..0000000 --- a/vendor/github.com/kardianos/osext/osext_go18.go +++ /dev/null @@ -1,9 +0,0 @@ -//+build go1.8,!openbsd - -package osext - -import "os" - -func executable() (string, error) { - return os.Executable() -} diff --git a/vendor/github.com/kardianos/osext/osext_plan9.go b/vendor/github.com/kardianos/osext/osext_plan9.go deleted file mode 100644 index 95e2371..0000000 --- a/vendor/github.com/kardianos/osext/osext_plan9.go +++ /dev/null @@ -1,22 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//+build !go1.8 - -package osext - -import ( - "os" - "strconv" - "syscall" -) - -func executable() (string, error) { - f, err := os.Open("/proc/" + strconv.Itoa(os.Getpid()) + "/text") - if err != nil { - return "", err - } - defer f.Close() - return syscall.Fd2path(int(f.Fd())) -} diff --git a/vendor/github.com/kardianos/osext/osext_procfs.go b/vendor/github.com/kardianos/osext/osext_procfs.go deleted file mode 100644 index e1f16f8..0000000 --- a/vendor/github.com/kardianos/osext/osext_procfs.go +++ /dev/null @@ -1,36 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build !go1.8,android !go1.8,linux !go1.8,netbsd !go1.8,solaris !go1.8,dragonfly - -package osext - -import ( - "errors" - "fmt" - "os" - "runtime" - "strings" -) - -func executable() (string, error) { - switch runtime.GOOS { - case "linux", "android": - const deletedTag = " (deleted)" - execpath, err := os.Readlink("/proc/self/exe") - if err != nil { - return execpath, err - } - execpath = strings.TrimSuffix(execpath, deletedTag) - execpath = strings.TrimPrefix(execpath, deletedTag) - return execpath, nil - case "netbsd": - return os.Readlink("/proc/curproc/exe") - case "dragonfly": - return os.Readlink("/proc/curproc/file") - case "solaris": - return os.Readlink(fmt.Sprintf("/proc/%d/path/a.out", os.Getpid())) - } - return "", errors.New("ExecPath not implemented for " + runtime.GOOS) -} diff --git a/vendor/github.com/kardianos/osext/osext_sysctl.go b/vendor/github.com/kardianos/osext/osext_sysctl.go deleted file mode 100644 index 33cee25..0000000 --- a/vendor/github.com/kardianos/osext/osext_sysctl.go +++ /dev/null @@ -1,126 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build !go1.8,darwin !go1.8,freebsd openbsd - -package osext - -import ( - "os" - "os/exec" - "path/filepath" - "runtime" - "syscall" - "unsafe" -) - -var initCwd, initCwdErr = os.Getwd() - -func executable() (string, error) { - var mib [4]int32 - switch runtime.GOOS { - case "freebsd": - mib = [4]int32{1 /* CTL_KERN */, 14 /* KERN_PROC */, 12 /* KERN_PROC_PATHNAME */, -1} - case "darwin": - mib = [4]int32{1 /* CTL_KERN */, 38 /* KERN_PROCARGS */, int32(os.Getpid()), -1} - case "openbsd": - mib = [4]int32{1 /* CTL_KERN */, 55 /* KERN_PROC_ARGS */, int32(os.Getpid()), 1 /* KERN_PROC_ARGV */} - } - - n := uintptr(0) - // Get length. - _, _, errNum := syscall.Syscall6(syscall.SYS___SYSCTL, uintptr(unsafe.Pointer(&mib[0])), 4, 0, uintptr(unsafe.Pointer(&n)), 0, 0) - if errNum != 0 { - return "", errNum - } - if n == 0 { // This shouldn't happen. - return "", nil - } - buf := make([]byte, n) - _, _, errNum = syscall.Syscall6(syscall.SYS___SYSCTL, uintptr(unsafe.Pointer(&mib[0])), 4, uintptr(unsafe.Pointer(&buf[0])), uintptr(unsafe.Pointer(&n)), 0, 0) - if errNum != 0 { - return "", errNum - } - if n == 0 { // This shouldn't happen. - return "", nil - } - - var execPath string - switch runtime.GOOS { - case "openbsd": - // buf now contains **argv, with pointers to each of the C-style - // NULL terminated arguments. - var args []string - argv := uintptr(unsafe.Pointer(&buf[0])) - Loop: - for { - argp := *(**[1 << 20]byte)(unsafe.Pointer(argv)) - if argp == nil { - break - } - for i := 0; uintptr(i) < n; i++ { - // we don't want the full arguments list - if string(argp[i]) == " " { - break Loop - } - if argp[i] != 0 { - continue - } - args = append(args, string(argp[:i])) - n -= uintptr(i) - break - } - if n < unsafe.Sizeof(argv) { - break - } - argv += unsafe.Sizeof(argv) - n -= unsafe.Sizeof(argv) - } - execPath = args[0] - // There is no canonical way to get an executable path on - // OpenBSD, so check PATH in case we are called directly - if execPath[0] != '/' && execPath[0] != '.' { - execIsInPath, err := exec.LookPath(execPath) - if err == nil { - execPath = execIsInPath - } - } - default: - for i, v := range buf { - if v == 0 { - buf = buf[:i] - break - } - } - execPath = string(buf) - } - - var err error - // execPath will not be empty due to above checks. - // Try to get the absolute path if the execPath is not rooted. - if execPath[0] != '/' { - execPath, err = getAbs(execPath) - if err != nil { - return execPath, err - } - } - // For darwin KERN_PROCARGS may return the path to a symlink rather than the - // actual executable. - if runtime.GOOS == "darwin" { - if execPath, err = filepath.EvalSymlinks(execPath); err != nil { - return execPath, err - } - } - return execPath, nil -} - -func getAbs(execPath string) (string, error) { - if initCwdErr != nil { - return execPath, initCwdErr - } - // The execPath may begin with a "../" or a "./" so clean it first. - // Join the two paths, trailing and starting slashes undetermined, so use - // the generic Join function. - return filepath.Join(initCwd, filepath.Clean(execPath)), nil -} diff --git a/vendor/github.com/kardianos/osext/osext_windows.go b/vendor/github.com/kardianos/osext/osext_windows.go deleted file mode 100644 index 074b3b3..0000000 --- a/vendor/github.com/kardianos/osext/osext_windows.go +++ /dev/null @@ -1,36 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//+build !go1.8 - -package osext - -import ( - "syscall" - "unicode/utf16" - "unsafe" -) - -var ( - kernel = syscall.MustLoadDLL("kernel32.dll") - getModuleFileNameProc = kernel.MustFindProc("GetModuleFileNameW") -) - -// GetModuleFileName() with hModule = NULL -func executable() (exePath string, err error) { - return getModuleFileName() -} - -func getModuleFileName() (string, error) { - var n uint32 - b := make([]uint16, syscall.MAX_PATH) - size := uint32(len(b)) - - r0, _, e1 := getModuleFileNameProc.Call(0, uintptr(unsafe.Pointer(&b[0])), uintptr(size)) - n = uint32(r0) - if n == 0 { - return "", e1 - } - return string(utf16.Decode(b[0:n])), nil -} diff --git a/vendor/github.com/mouuff/go-rocket-update/LICENSE b/vendor/github.com/mouuff/go-rocket-update/LICENSE index 53320c3..8d504d6 100644 --- a/vendor/github.com/mouuff/go-rocket-update/LICENSE +++ b/vendor/github.com/mouuff/go-rocket-update/LICENSE @@ -1,185 +1,21 @@ -This software is licensed under the LGPLv3, included below. - -As a special exception to the GNU Lesser General Public License version 3 -("LGPL3"), the copyright holders of this Library give you permission to -convey to a third party a Combined Work that links statically or dynamically -to this Library without providing any Minimal Corresponding Source or -Minimal Application Code as set out in 4d or providing the installation -information set out in section 4e, provided that you comply with the other -provisions of LGPL3 and provided that you meet, for the Application the -terms and conditions of the license(s) which apply to the Application. - -Except as stated in this special exception, the provisions of LGPL3 will -continue to comply in full to this Library. If you modify this Library, you -may apply this exception to your version of this Library, but you are not -obliged to do so. If you do not wish to do so, delete this exception -statement from your version. This exception does not (and cannot) modify any -license terms which apply to the Application, with which you must still -comply. - - - GNU LESSER GENERAL PUBLIC LICENSE - Version 3, 29 June 2007 - - Copyright (C) 2007 Free Software Foundation, Inc. - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - - This version of the GNU Lesser General Public License incorporates -the terms and conditions of version 3 of the GNU General Public -License, supplemented by the additional permissions listed below. - - 0. Additional Definitions. - - As used herein, "this License" refers to version 3 of the GNU Lesser -General Public License, and the "GNU GPL" refers to version 3 of the GNU -General Public License. - - "The Library" refers to a covered work governed by this License, -other than an Application or a Combined Work as defined below. - - An "Application" is any work that makes use of an interface provided -by the Library, but which is not otherwise based on the Library. -Defining a subclass of a class defined by the Library is deemed a mode -of using an interface provided by the Library. - - A "Combined Work" is a work produced by combining or linking an -Application with the Library. The particular version of the Library -with which the Combined Work was made is also called the "Linked -Version". - - The "Minimal Corresponding Source" for a Combined Work means the -Corresponding Source for the Combined Work, excluding any source code -for portions of the Combined Work that, considered in isolation, are -based on the Application, and not on the Linked Version. - - The "Corresponding Application Code" for a Combined Work means the -object code and/or source code for the Application, including any data -and utility programs needed for reproducing the Combined Work from the -Application, but excluding the System Libraries of the Combined Work. - - 1. Exception to Section 3 of the GNU GPL. - - You may convey a covered work under sections 3 and 4 of this License -without being bound by section 3 of the GNU GPL. - - 2. Conveying Modified Versions. - - If you modify a copy of the Library, and, in your modifications, a -facility refers to a function or data to be supplied by an Application -that uses the facility (other than as an argument passed when the -facility is invoked), then you may convey a copy of the modified -version: - - a) under this License, provided that you make a good faith effort to - ensure that, in the event an Application does not supply the - function or data, the facility still operates, and performs - whatever part of its purpose remains meaningful, or - - b) under the GNU GPL, with none of the additional permissions of - this License applicable to that copy. - - 3. Object Code Incorporating Material from Library Header Files. - - The object code form of an Application may incorporate material from -a header file that is part of the Library. You may convey such object -code under terms of your choice, provided that, if the incorporated -material is not limited to numerical parameters, data structure -layouts and accessors, or small macros, inline functions and templates -(ten or fewer lines in length), you do both of the following: - - a) Give prominent notice with each copy of the object code that the - Library is used in it and that the Library and its use are - covered by this License. - - b) Accompany the object code with a copy of the GNU GPL and this license - document. - - 4. Combined Works. - - You may convey a Combined Work under terms of your choice that, -taken together, effectively do not restrict modification of the -portions of the Library contained in the Combined Work and reverse -engineering for debugging such modifications, if you also do each of -the following: - - a) Give prominent notice with each copy of the Combined Work that - the Library is used in it and that the Library and its use are - covered by this License. - - b) Accompany the Combined Work with a copy of the GNU GPL and this license - document. - - c) For a Combined Work that displays copyright notices during - execution, include the copyright notice for the Library among - these notices, as well as a reference directing the user to the - copies of the GNU GPL and this license document. - - d) Do one of the following: - - 0) Convey the Minimal Corresponding Source under the terms of this - License, and the Corresponding Application Code in a form - suitable for, and under terms that permit, the user to - recombine or relink the Application with a modified version of - the Linked Version to produce a modified Combined Work, in the - manner specified by section 6 of the GNU GPL for conveying - Corresponding Source. - - 1) Use a suitable shared library mechanism for linking with the - Library. A suitable mechanism is one that (a) uses at run time - a copy of the Library already present on the user's computer - system, and (b) will operate properly with a modified version - of the Library that is interface-compatible with the Linked - Version. - - e) Provide Installation Information, but only if you would otherwise - be required to provide such information under section 6 of the - GNU GPL, and only to the extent that such information is - necessary to install and execute a modified version of the - Combined Work produced by recombining or relinking the - Application with a modified version of the Linked Version. (If - you use option 4d0, the Installation Information must accompany - the Minimal Corresponding Source and Corresponding Application - Code. If you use option 4d1, you must provide the Installation - Information in the manner specified by section 6 of the GNU GPL - for conveying Corresponding Source.) - - 5. Combined Libraries. - - You may place library facilities that are a work based on the -Library side by side in a single library together with other library -facilities that are not Applications and are not covered by this -License, and convey such a combined library under terms of your -choice, if you do both of the following: - - a) Accompany the combined library with a copy of the same work based - on the Library, uncombined with any other library facilities, - conveyed under the terms of this License. - - b) Give prominent notice with the combined library that part of it - is a work based on the Library, and explaining where to find the - accompanying uncombined form of the same work. - - 6. Revised Versions of the GNU Lesser General Public License. - - The Free Software Foundation may publish revised and/or new versions -of the GNU Lesser General Public License from time to time. Such new -versions will be similar in spirit to the present version, but may -differ in detail to address new problems or concerns. - - Each version is given a distinguishing version number. If the -Library as you received it specifies that a certain numbered version -of the GNU Lesser General Public License "or any later version" -applies to it, you have the option of following the terms and -conditions either of that published version or of any later version -published by the Free Software Foundation. If the Library as you -received it does not specify a version number of the GNU Lesser -General Public License, you may choose any version of the GNU Lesser -General Public License ever published by the Free Software Foundation. - - If the Library as you received it specifies that a proxy can decide -whether future versions of the GNU Lesser General Public License shall -apply, that proxy's public statement of acceptance of any version is -permanent authorization for you to choose that version for the -Library. +MIT License + +Copyright (c) 2025 Arnaud Aliès + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/vendor/github.com/mouuff/go-rocket-update/internal/crypto/crypto.go b/vendor/github.com/mouuff/go-rocket-update/internal/crypto/crypto.go index 5311e93..580a5dd 100644 --- a/vendor/github.com/mouuff/go-rocket-update/internal/crypto/crypto.go +++ b/vendor/github.com/mouuff/go-rocket-update/internal/crypto/crypto.go @@ -7,7 +7,7 @@ import ( "crypto/sha256" "crypto/x509" "encoding/pem" - "errors" + "fmt" "io" "os" ) @@ -38,11 +38,11 @@ func GeneratePrivateKey() (*rsa.PrivateKey, error) { func GetFileSignature(priv *rsa.PrivateKey, path string) ([]byte, error) { hash, err := ChecksumFileSHA256(path) if err != nil { - return nil, err + return nil, fmt.Errorf("could not checksum file: %w", err) } signature, err := rsa.SignPKCS1v15(rand.Reader, priv, crypto.SHA256, hash) if err != nil { - return nil, err + return nil, fmt.Errorf("could not PKCS1v15 sign file: %w", err) } return signature, nil } @@ -51,11 +51,11 @@ func GetFileSignature(priv *rsa.PrivateKey, path string) ([]byte, error) { func VerifyFileSignature(pub *rsa.PublicKey, signature []byte, path string) error { hash, err := ChecksumFileSHA256(path) if err != nil { - return err + return fmt.Errorf("could not checksum file: %w", err) } err = rsa.VerifyPKCS1v15(pub, crypto.SHA256, hash, signature) if err != nil { - return err + return fmt.Errorf("could not PKCS1v15 verify file: %w", err) } return nil } @@ -76,12 +76,12 @@ func ExportPrivateKeyAsPem(privateKey *rsa.PrivateKey) []byte { func ParsePemPrivateKey(privPEM []byte) (*rsa.PrivateKey, error) { block, _ := pem.Decode(privPEM) if block == nil { - return nil, errors.New("failed to parse PEM block containing the key") + return nil, fmt.Errorf("failed to parse PEM block containing the key") } priv, err := x509.ParsePKCS1PrivateKey(block.Bytes) if err != nil { - return nil, err + return nil, fmt.Errorf("could not parse PKCS1 private key: %w", err) } return priv, nil @@ -91,7 +91,7 @@ func ParsePemPrivateKey(privPEM []byte) (*rsa.PrivateKey, error) { func ExportPublicKeyAsPem(publicKey *rsa.PublicKey) ([]byte, error) { pubkeyBytes, err := x509.MarshalPKIXPublicKey(publicKey) if err != nil { - return nil, err + return nil, fmt.Errorf("could not PKIX marshal public key: %w", err) } pubkeyPem := pem.EncodeToMemory( &pem.Block{ @@ -106,12 +106,12 @@ func ExportPublicKeyAsPem(publicKey *rsa.PublicKey) ([]byte, error) { func ParsePemPublicKey(pubPEM []byte) (*rsa.PublicKey, error) { block, _ := pem.Decode(pubPEM) if block == nil { - return nil, errors.New("failed to parse PEM block containing the key") + return nil, fmt.Errorf("failed to parse PEM block containing the key") } pub, err := x509.ParsePKIXPublicKey(block.Bytes) if err != nil { - return nil, err + return nil, fmt.Errorf("could not parse PKIX public key: %w", err) } switch pub := pub.(type) { @@ -120,5 +120,5 @@ func ParsePemPublicKey(pubPEM []byte) (*rsa.PublicKey, error) { default: break } - return nil, errors.New("Key type is not rsa.PublicKey") + return nil, fmt.Errorf("key type is not rsa.PublicKey") } diff --git a/vendor/github.com/mouuff/go-rocket-update/internal/crypto/signatures.go b/vendor/github.com/mouuff/go-rocket-update/internal/crypto/signatures.go index 53e36e7..d39841b 100644 --- a/vendor/github.com/mouuff/go-rocket-update/internal/crypto/signatures.go +++ b/vendor/github.com/mouuff/go-rocket-update/internal/crypto/signatures.go @@ -3,8 +3,7 @@ package crypto import ( "crypto/rsa" "encoding/json" - "errors" - "io/ioutil" + "fmt" "os" "path/filepath" ) @@ -43,7 +42,7 @@ func GetFolderSignatures(priv *rsa.PrivateKey, root string) (*Signatures, error) // LoadSignaturesFromJSON loads signatures from a JSON file func LoadSignaturesFromJSON(path string) (signatures *Signatures, err error) { - signaturesJSON, err := ioutil.ReadFile(path) + signaturesJSON, err := os.ReadFile(path) if err != nil { return } @@ -61,7 +60,7 @@ func WriteSignaturesToJSON(dest string, signatures *Signatures) error { if err != nil { return err } - err = ioutil.WriteFile(dest, signaturesJSON, 0644) + err = os.WriteFile(dest, signaturesJSON, 0644) if err != nil { return err } @@ -120,7 +119,7 @@ func (s *Signatures) Get(relPath string) ([]byte, error) { if val, ok := s.SignaturesMap[filepath.ToSlash(relPath)]; ok { return val, nil } - return nil, errors.New("Signature for file not found") + return nil, fmt.Errorf("signature for file '%s' not found", relPath) } // Remove removes a signature of a file given a relative path diff --git a/vendor/github.com/mouuff/go-rocket-update/internal/fileio/fileio.go b/vendor/github.com/mouuff/go-rocket-update/internal/fileio/fileio.go index 168fe6d..2de3473 100644 --- a/vendor/github.com/mouuff/go-rocket-update/internal/fileio/fileio.go +++ b/vendor/github.com/mouuff/go-rocket-update/internal/fileio/fileio.go @@ -4,10 +4,7 @@ import ( "crypto/sha256" "encoding/hex" "io" - "io/ioutil" "os" - - "github.com/kardianos/osext" ) // CopyFile copies file contents from file source to file destination @@ -75,10 +72,10 @@ func CompareFiles(fileA, fileB string) (bool, error) { // TempDir creates a new temporary directory func TempDir() (string, error) { - return ioutil.TempDir("", "rocket-updater") + return os.MkdirTemp("", "rocket-updater") } // GetExecutable get the path to the current executable func GetExecutable() (string, error) { - return osext.Executable() + return os.Executable() } diff --git a/vendor/github.com/mouuff/go-rocket-update/internal/fileio/patcher.go b/vendor/github.com/mouuff/go-rocket-update/internal/fileio/patcher.go index 243a40d..88c96b9 100644 --- a/vendor/github.com/mouuff/go-rocket-update/internal/fileio/patcher.go +++ b/vendor/github.com/mouuff/go-rocket-update/internal/fileio/patcher.go @@ -1,7 +1,6 @@ package fileio import ( - "io/ioutil" "os" ) @@ -17,7 +16,7 @@ type Patcher struct { // Apply replaces the file located at DestinationPath with the one located at BackupPath and // then new file is created at DestinationPath with the content of SourcePath func (p *Patcher) Apply() error { - content, err := ioutil.ReadFile(p.SourcePath) + content, err := os.ReadFile(p.SourcePath) if err != nil { return err } @@ -26,7 +25,7 @@ func (p *Patcher) Apply() error { if err != nil { return err } - err = ioutil.WriteFile(p.DestinationPath, content, p.Mode) + err = os.WriteFile(p.DestinationPath, content, p.Mode) if err != nil { p.Rollback() return err diff --git a/vendor/github.com/mouuff/go-rocket-update/pkg/provider/provider_decompress.go b/vendor/github.com/mouuff/go-rocket-update/pkg/provider/provider_decompress.go index fba4390..bbded51 100644 --- a/vendor/github.com/mouuff/go-rocket-update/pkg/provider/provider_decompress.go +++ b/vendor/github.com/mouuff/go-rocket-update/pkg/provider/provider_decompress.go @@ -1,7 +1,7 @@ package provider import ( - "errors" + "fmt" "strings" ) @@ -16,5 +16,5 @@ func Decompress(path string) (Provider, error) { Path: path, }, nil } - return nil, errors.New("provider.Decompress unknown file type for file: " + path) + return nil, fmt.Errorf("provider.Decompress unknown file type for file: %s", path) } diff --git a/vendor/github.com/mouuff/go-rocket-update/pkg/provider/provider_github.go b/vendor/github.com/mouuff/go-rocket-update/pkg/provider/provider_github.go index 79abd7b..2faa447 100644 --- a/vendor/github.com/mouuff/go-rocket-update/pkg/provider/provider_github.go +++ b/vendor/github.com/mouuff/go-rocket-update/pkg/provider/provider_github.go @@ -2,7 +2,6 @@ package provider import ( "encoding/json" - "errors" "fmt" "io" "net/http" @@ -41,7 +40,7 @@ func (c *Github) repositoryInfo() (*githubRepositoryInfo, error) { re := regexp.MustCompile(`github\.com/(.*?)/(.*?)$`) submatches := re.FindAllStringSubmatch(c.RepositoryURL, 1) if len(submatches) < 1 { - return nil, errors.New("Invalid github URL:" + c.RepositoryURL) + return nil, fmt.Errorf("invalid github URL: %s", c.RepositoryURL) } return &githubRepositoryInfo{ RepositoryOwner: submatches[0][1], @@ -159,7 +158,7 @@ func (c *Github) GetLatestVersion() (string, error) { return "", err } if len(tags) < 1 { - return "", errors.New("This github project has no tags") + return "", fmt.Errorf("this github project has no tags") } return tags[0].Name, nil } diff --git a/vendor/github.com/mouuff/go-rocket-update/pkg/provider/provider_gitlab.go b/vendor/github.com/mouuff/go-rocket-update/pkg/provider/provider_gitlab.go index 9b6d334..5dad8c4 100644 --- a/vendor/github.com/mouuff/go-rocket-update/pkg/provider/provider_gitlab.go +++ b/vendor/github.com/mouuff/go-rocket-update/pkg/provider/provider_gitlab.go @@ -2,7 +2,6 @@ package provider import ( "encoding/json" - "errors" "fmt" "io" "net/http" @@ -65,7 +64,7 @@ func (c *Gitlab) getArchiveURL() (string, error) { return link.DirectURL, nil } } - return "", errors.New("Link not found for name: " + c.ArchiveName) + return "", fmt.Errorf("link not found for name: %s", c.ArchiveName) } // getReleases gets tags of the repository @@ -93,7 +92,7 @@ func (c *Gitlab) getLatestRelease() (*gitlabRelease, error) { return nil, err } if len(releases) < 1 { - return nil, errors.New("This gitlab project has no releases") + return nil, fmt.Errorf("this gitlab project has no releases") } return &releases[0], nil } diff --git a/vendor/github.com/mouuff/go-rocket-update/pkg/provider/provider_gzip.go b/vendor/github.com/mouuff/go-rocket-update/pkg/provider/provider_gzip.go index 7a19e7c..041807a 100644 --- a/vendor/github.com/mouuff/go-rocket-update/pkg/provider/provider_gzip.go +++ b/vendor/github.com/mouuff/go-rocket-update/pkg/provider/provider_gzip.go @@ -3,7 +3,7 @@ package provider import ( "archive/tar" "compress/gzip" - "errors" + "fmt" "io" "os" "path/filepath" @@ -102,7 +102,7 @@ func (c *Gzip) GetLatestVersion() (string, error) { // Walk walks all the files provided func (c *Gzip) Walk(walkFn WalkFunc) error { if c.localProvider == nil { - return errors.New("nil c.localProvider") + return fmt.Errorf("nil c.localProvider") } return c.localProvider.Walk(walkFn) } @@ -110,7 +110,7 @@ func (c *Gzip) Walk(walkFn WalkFunc) error { // Retrieve file relative to "provider" to destination func (c *Gzip) Retrieve(src string, dest string) error { if c.localProvider == nil { - return errors.New("nil c.localProvider") + return fmt.Errorf("nil c.localProvider") } return c.localProvider.Retrieve(src, dest) } diff --git a/vendor/github.com/mouuff/go-rocket-update/pkg/provider/provider_local.go b/vendor/github.com/mouuff/go-rocket-update/pkg/provider/provider_local.go index 1424c86..fe6fcf5 100644 --- a/vendor/github.com/mouuff/go-rocket-update/pkg/provider/provider_local.go +++ b/vendor/github.com/mouuff/go-rocket-update/pkg/provider/provider_local.go @@ -1,7 +1,6 @@ package provider import ( - "io/ioutil" "os" "path/filepath" @@ -32,7 +31,7 @@ func (c *Local) Close() error { // GetLatestVersion gets the latest version func (c *Local) GetLatestVersion() (string, error) { - content, err := ioutil.ReadFile(filepath.Join(c.Path, "VERSION")) + content, err := os.ReadFile(filepath.Join(c.Path, "VERSION")) if err != nil { return "", err } diff --git a/vendor/github.com/mouuff/go-rocket-update/pkg/provider/provider_zip.go b/vendor/github.com/mouuff/go-rocket-update/pkg/provider/provider_zip.go index fbed588..d671fc9 100644 --- a/vendor/github.com/mouuff/go-rocket-update/pkg/provider/provider_zip.go +++ b/vendor/github.com/mouuff/go-rocket-update/pkg/provider/provider_zip.go @@ -2,7 +2,7 @@ package provider import ( "archive/zip" - "errors" + "fmt" "io" "os" ) @@ -43,7 +43,7 @@ func (c *Zip) GetLatestVersion() (string, error) { // Walk walks all the files provided func (c *Zip) Walk(walkFn WalkFunc) error { if c.reader == nil { - return errors.New("nil reader zip.ReadCloser") + return fmt.Errorf("nil zip.reader") } for _, f := range c.reader.File { if f != nil { diff --git a/vendor/github.com/mouuff/go-rocket-update/pkg/updater/updater.go b/vendor/github.com/mouuff/go-rocket-update/pkg/updater/updater.go index 68d9a62..4be4770 100644 --- a/vendor/github.com/mouuff/go-rocket-update/pkg/updater/updater.go +++ b/vendor/github.com/mouuff/go-rocket-update/pkg/updater/updater.go @@ -1,6 +1,7 @@ package updater import ( + "fmt" "os" "path/filepath" "strings" @@ -61,7 +62,7 @@ func (u *Updater) findExecutableRemotePath() (string, error) { return nil }) if err != nil { - return "", err + return "", fmt.Errorf("could not find excutable remote path: %w", err) } return executableRemotePath, nil } @@ -165,3 +166,14 @@ func (u *Updater) Rollback() (err error) { } return executablePatcher.Rollback() } + +// CleanUp removes the old executable after updating. (*.old files) +// Warning: This also prevents any rollback in the future. +func (u *Updater) CleanUp() (err error) { + executablePatcher, err := u.getExecutablePatcher("") + if err != nil { + return err + } + + return executablePatcher.CleanUp() +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 993896c..392e84f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -13,12 +13,11 @@ github.com/go-viper/mapstructure/v2/internal/errors github.com/inconshreveable/mousetrap # github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 ## explicit -github.com/kardianos/osext # github.com/magiconair/properties v1.8.7 ## explicit; go 1.19 # github.com/mitchellh/mapstructure v1.5.0 ## explicit; go 1.14 -# github.com/mouuff/go-rocket-update v1.5.4 +# github.com/mouuff/go-rocket-update v1.5.6 ## explicit; go 1.12 github.com/mouuff/go-rocket-update/internal/constant github.com/mouuff/go-rocket-update/internal/crypto