feature request - upgrading and proper signing #40
Description
This request follows on from the PKG bundling request.
With the package properly signed using the OSX toolset, it means we can do upgrades that are secure and tamper proof that check the signing.
There are many golang updaters out there that have various features btw, but this one looks good:
https://github.com/syncthing/syncthing/tree/master/lib/upgrade
- Checks signatures
- Battle Tested (handles allot of corner cases)
- Manages version checking.
- Tests
Also check this:
https://github.com/syncthing/syncthing/blob/master/build.go
Its a nice way to do it. The golang team does the same with a root build.go.
Lastly between the bundling and the upgrading we need to upload the bundle somewhere:
https://github.com/golang/build/blob/master/cmd/release/upload.go
I think that this makes it very easy to bundle and deploy and because its all golang based easy to fix and cross platform.
Curious what you think and any things you want changed etc ?