Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Verify setup authenticity during update #51
When installing update via built-in update routine (Windows and Linux installers) the program downloads new setup from NZBGet download area.
The downloaded file must be verified before execution.
Both Windows version and Linux version are compiled using OpenSSL. The verification mechanism must use OpenSSL functionality. This is because the update scripts cannot rely on any external programs such as GnuPG or similar. We can't expect those programs to exist on every system.
OpenSSL provides functions for signing and verification. During signing process we can use openssl-binary, which we can expect to be installed on the build machine. The verification must be implemented in NZBGet.
Create private key
Export public key
Verification in NZBGet