Skip to content

Commit 9892ddd

Browse files
FudoshikiFudoshiki
authored
Update public key (#77)
1 parent b01d15f commit 9892ddd

File tree

3 files changed

+23
-16
lines changed

3 files changed

+23
-16
lines changed

config/config.exs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
import Config
22

33
config :esbuild,
4-
version: "0.23.0",
4+
version: "0.25.0",
55
another: [
66
args: ["--version"]
77
]

lib/esbuild.ex

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
defmodule Esbuild do
22
# https://registry.npmjs.org/esbuild/latest
3-
@latest_version "0.23.0"
3+
@latest_version "0.25.0"
44

55
@moduledoc """
66
Esbuild is an installer and runner for [esbuild](https://esbuild.github.io).

lib/esbuild/npm_registry.ex

Lines changed: 21 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -3,15 +3,22 @@ defmodule Esbuild.NpmRegistry do
33
require Logger
44

55
# source: https://registry.npmjs.org/-/npm/v1/keys
6-
@public_key_pem """
7-
-----BEGIN PUBLIC KEY-----
8-
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1Olb3zMAFFxXKHiIkQO5cJ3Yhl5i
9-
6UPp+IhuteBJbuHcA5UogKo0EWtlWwW6KSaKoTNEYL7JlCQiVnkhBktUgg==
10-
-----END PUBLIC KEY-----
11-
"""
6+
@public_keys %{
7+
"SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA" => """
8+
-----BEGIN PUBLIC KEY-----
9+
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1Olb3zMAFFxXKHiIkQO5cJ3Yhl5i
10+
6UPp+IhuteBJbuHcA5UogKo0EWtlWwW6KSaKoTNEYL7JlCQiVnkhBktUgg==
11+
-----END PUBLIC KEY-----
12+
""",
13+
"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U" => """
14+
-----BEGIN PUBLIC KEY-----
15+
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEY6Ya7W++7aUPzvMTrezH6Ycx3c+H
16+
OKYCcNGybJZSCJq/fd7Qa8uuAKtdIkUQtQiEKERhAmE5lMMJhP8OkDOa2g==
17+
-----END PUBLIC KEY-----
18+
"""
19+
}
1220

1321
@base_url "https://registry.npmjs.org"
14-
@public_key_id "SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA"
1522

1623
def fetch_package!(name, version) do
1724
url = "#{@base_url}/#{name}/#{version}"
@@ -39,12 +46,12 @@ defmodule Esbuild.NpmRegistry do
3946
fetch_file!(url)
4047
|> Jason.decode!()
4148

42-
%{"sig" => signature} =
49+
%{"keyid" => keyid, "sig" => signature} =
4350
signatures
44-
|> Enum.find(fn %{"keyid" => keyid} -> keyid == @public_key_id end) ||
51+
|> Enum.find(fn %{"keyid" => keyid} -> is_map_key(@public_keys, keyid) end) ||
4552
raise "missing signature"
4653

47-
verify_signature!("#{id}:#{integrity}", signature)
54+
verify_signature!("#{id}:#{integrity}", keyid, signature)
4855
tar = fetch_file!(tarball)
4956

5057
[hash_alg, checksum] =
@@ -128,12 +135,12 @@ defmodule Esbuild.NpmRegistry do
128135
end
129136
end
130137

131-
defp verify_signature!(message, signature) do
138+
defp verify_signature!(message, key_id, signature) do
132139
:public_key.verify(
133140
message,
134141
:sha256,
135142
Base.decode64!(signature),
136-
public_key()
143+
public_key(key_id)
137144
) or raise "invalid signature"
138145
end
139146

@@ -146,8 +153,8 @@ defmodule Esbuild.NpmRegistry do
146153
binary_checksum == checksum or raise "invalid checksum"
147154
end
148155

149-
defp public_key do
150-
[entry] = :public_key.pem_decode(@public_key_pem)
156+
defp public_key(key_id) do
157+
[entry] = :public_key.pem_decode(@public_keys[key_id])
151158
:public_key.pem_entry_decode(entry)
152159
end
153160

0 commit comments

Comments
 (0)