Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-06 14:58:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 98
fleet/third_party/httpsig-go/UPDATE_INSTRUCTIONS
Victor Lyuboslavsky c25fed2492
Added a vendored version of httpsig-go. (#30820) 
For #30473

This change adds a vendored `httpsig-go` library to our repo. We cannot
use the upstream library because it has not merged the change we need:
https://github.com/remitly-oss/httpsig-go/pull/25

Thus, we need our own copy at this point.

The instructions for keeping this library up to date (if needed) are in
`UPDATE_INSTRUCTIONS`.

None of the coderabbitai review comments are relevant to the
code/features we are going to use for HTTP message signatures.

We will use this library in subsequent PRs for the TPM-backed HTTP
message signature feature.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Introduced a Go library for HTTP message signing and verification,
supporting multiple cryptographic algorithms (RSA, ECDSA, Ed25519,
HMAC).
* Added utilities for key management, including JWK and PEM key
handling.
* Provided HTTP client and server helpers for automatic request signing
and signature verification.
* Implemented structured error handling and metadata extraction for
signatures.

* **Documentation**
  * Added comprehensive README, usage examples, and update instructions.
* Included license and configuration files for third-party and testing
tools.

* **Tests**
* Added extensive unit, integration, and fuzz tests covering signing,
verification, and key handling.
* Included official RFC test vectors and various test data files for
robust validation.

* **Chores**
* Integrated continuous integration workflows and ignore files for code
quality and security analysis.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-14 20:26:50 +02:00

42 lines
1.4 KiB
Text
Raw Blame History

These are instructions for pulling in the latest changes from the upstream version of this library.
The `UPSTREAM_COMMIT` file tracks the upstream version that we last synced with.
_Notes:_
- Update `/path/to/your/monorepo` below to your fleet repo location
- These instructions have not been fully tested.
```bash
export FLEET_REPO=/path/to/your/monorepo
# Clone upstream
git clone https://github.com/remitly-oss/httpsig-go.git ~/httpsig-go-merge
cd ~/httpsig-go-merge
# Check out the last upstream commit we vendored
git checkout $(cat "$FLEET_REPO"/third_party/httpsig-go/UPSTREAM_COMMIT)
# Create a branch for our downstream changes
git checkout -b internal-changes
# Copy current vendored version into this working repo
rsync -a --delete "$FLEET_REPO"/third_party/httpsig-go/ ./ --exclude .git
git add .
git commit -m "Apply downstream changes"
# Fetch upstream updates and merge them
git fetch origin
git checkout main
git merge origin/main
git checkout internal-changes
git merge main # resolve conflicts
# Copy merged result back into monorepo
rsync -a --delete ./ "$FLEET_REPO"/third_party/httpsig-go/ --exclude .git
# Record the new upstream commit. Manually double check that it matches the upstream commit.
git rev-parse origin/main > "$FLEET_REPO"/third_party/httpsig-go/UPSTREAM_COMMIT
# Commit to monorepo
cd "$FLEET_REPO"
git add third_party/httpsig-go
git commit -m "Update httpsig-go with latest upstream changes"
```
Reference in a new issue View git blame Copy permalink