cmd/geth: implement vulnerability check (#21859)
* cmd/geth: implement vulnerability check * cmd/geth: use minisign to verify vulnerability feed * cmd/geth: add the test too * cmd/geth: more minisig/signify testing * cmd/geth: support multiple pubfiles for signing * cmd/geth: add @holiman minisig pubkey * cmd/geth: polishes on vulnerability check * cmd/geth: fix ineffassign linter nit * cmd/geth: add CVE to version check struct * cmd/geth/testdata: add missing testfile * cmd/geth: add more keys to versionchecker * cmd/geth: support file:// URLs in version check * cmd/geth: improve key ID printing when signature check fails Co-authored-by: Felix Lange <fjl@twurst.com>
This commit is contained in:
Martin Holst Swende
committed by
GitHub
GitHub
parent
7770e41cb5
commit
15339cf1c9
@ -31,6 +31,18 @@ import (
|
||||
)
|
||||
|
||||
var (
|
||||
VersionCheckUrlFlag = cli.StringFlag{
|
||||
Name: "check.url",
|
||||
Usage: "URL to use when checking vulnerabilities",
|
||||
Value: "https://geth.ethereum.org/docs/vulnerabilities/vulnerabilities.json",
|
||||
}
|
||||
VersionCheckVersionFlag = cli.StringFlag{
|
||||
Name: "check.version",
|
||||
Usage: "Version to check",
|
||||
Value: fmt.Sprintf("Geth/v%v/%v-%v/%v",
|
||||
params.VersionWithCommit(gitCommit, gitDate),
|
||||
runtime.GOOS, runtime.GOARCH, runtime.Version()),
|
||||
}
|
||||
makecacheCommand = cli.Command{
|
||||
Action: utils.MigrateFlags(makecache),
|
||||
Name: "makecache",
|
||||
@ -65,6 +77,21 @@ Regular users do not need to execute it.
|
||||
Category: "MISCELLANEOUS COMMANDS",
|
||||
Description: `
|
||||
The output of this command is supposed to be machine-readable.
|
||||
`,
|
||||
}
|
||||
versionCheckCommand = cli.Command{
|
||||
Action: utils.MigrateFlags(versionCheck),
|
||||
Flags: []cli.Flag{
|
||||
VersionCheckUrlFlag,
|
||||
VersionCheckVersionFlag,
|
||||
},
|
||||
Name: "version-check",
|
||||
Usage: "Checks (online) whether the current version suffers from any known security vulnerabilities",
|
||||
ArgsUsage: "<versionstring (optional)>",
|
||||
Category: "MISCELLANEOUS COMMANDS",
|
||||
Description: `
|
||||
The version-check command fetches vulnerability-information from https://geth.ethereum.org/docs/vulnerabilities/vulnerabilities.json,
|
||||
and displays information about any security vulnerabilities that affect the currently executing version.
|
||||
`,
|
||||
}
|
||||
licenseCommand = cli.Command{
|
||||
|
||||
Reference in New Issue
Block a user