feat(host-agent): Phase 3a signed self-update (minisign) + CI signing gate

Agent only ever runs a binary whose minisign signature verifies against the EMBEDDED public key. NATS host.cmd func 'update' {url}: download binary + .minisig from the CDN -> verify against embedded pubkey -> atomic swap (.old rollback) -> relaunch. URL allowlist (https + cdn. corrosionmgmt.com only, rejects userinfo-bypass), 100MiB cap. Closes the supply-chain hole: even a malicious CDN upload can't run unsigned. CI: build-host-agent.yml signs every artifact with MINISIGN_SECRET_KEY (Gitea secret) and publishes .minisig alongside; the step FAILS the build if the secret is absent (refuses to ship unsigned). Bumped to alpha.6. 6 deterministic tests (accept valid / reject tampered+garbage+empty sig, URL allowlist incl userinfo-bypass, atomic swap+rollback). Fixtures signed with the real release key so tests need no key at runtime. Full suite 50/50 green; musl + native build clean. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-11 20:00:36 -04:00
parent 7c84912ff5
commit 6b3e805ac2
11 changed files with 751 additions and 29 deletions
--- a/.gitea/workflows/build-host-agent.yml
+++ b/.gitea/workflows/build-host-agent.yml
@@ -67,6 +67,24 @@ jobs:
          sha256sum corrosion-host-agent-windows-amd64.exe >> checksums.txt
          cat checksums.txt

+      - name: Sign artifacts (minisign)
+        env:
+          MINISIGN_SECRET_KEY: ${{ secrets.MINISIGN_SECRET_KEY }}
+        run: |
+          if [ -z "$MINISIGN_SECRET_KEY" ]; then
+            echo "::error::MINISIGN_SECRET_KEY secret is not set — refusing to publish unsigned agent artifacts."
+            exit 1
+          fi
+          apt-get install -y -qq minisign
+          printf '%s\n' "$MINISIGN_SECRET_KEY" > /tmp/sign.key
+          cd corrosion-host-agent/bin
+          # Passwordless key (-W generated); feed empty stdin so it never blocks.
+          for f in corrosion-host-agent-linux-amd64 corrosion-host-agent-windows-amd64.exe checksums.txt; do
+            minisign -S -s /tmp/sign.key -m "$f" -x "$f.minisig" < /dev/null
+          done
+          rm -f /tmp/sign.key
+          echo "signed: $(ls *.minisig)"
+
      - name: Create Release
        env:
          RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }}
@@ -82,7 +100,9 @@ jobs:
            "${API_URL}/repos/${REPO}/releases")
          RELEASE_ID=$(echo "$RESPONSE" | grep -o '"id":[0-9]*' | head -1 | grep -o '[0-9]*')

-          for f in corrosion-host-agent-linux-amd64 corrosion-host-agent-windows-amd64.exe checksums.txt; do
+          for f in corrosion-host-agent-linux-amd64 corrosion-host-agent-linux-amd64.minisig \
+                   corrosion-host-agent-windows-amd64.exe corrosion-host-agent-windows-amd64.exe.minisig \
+                   checksums.txt checksums.txt.minisig; do
            curl -s -X POST \
              -H "Authorization: token ${RELEASE_TOKEN}" \
              -H "Content-Type: application/octet-stream" \
@@ -95,7 +115,9 @@ jobs:
          CDN_URL="https://cdn.corrosionmgmt.com"
          VERSION="${{ steps.version.outputs.VERSION }}"

-          for f in corrosion-host-agent-linux-amd64 corrosion-host-agent-windows-amd64.exe checksums.txt; do
+          for f in corrosion-host-agent-linux-amd64 corrosion-host-agent-linux-amd64.minisig \
+                   corrosion-host-agent-windows-amd64.exe corrosion-host-agent-windows-amd64.exe.minisig \
+                   checksums.txt checksums.txt.minisig; do
            curl -s -X POST \
              -F "file=@corrosion-host-agent/bin/$f" \
              "${CDN_URL}/host-agent/alpha/$f"