sonderau/PSG-Conduit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: initial PSG Launcher scaffold

Browse Source
This commit is contained in:
Bailey Taylor
2026-05-27 09:01:09 +08:00
commit 2c9b591c52
110 changed files with 11150 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
scripts/keygen.ps1 Normal file
View File

@@ -0,0 +1,66 @@
<#
.SYNOPSIS
Generate the ed25519 keypair used to sign the apps manifest and app packages.
.DESCRIPTION
Produces two files in .\keys\ :
manifest-private.pem — KEEP SECRET. Never commit, never put on the server.
manifest-public.pem — Safe to commit; goes in src-tauri/src/config.rs.
Also prints the raw 32-byte public key as base64 (the value for config.rs).
.NOTES
Requires OpenSSL 3.x. Install via: winget install ShiningLight.OpenSSL.Light
Verify: openssl version
#>
param(
[string]$OutputDir = ".\keys"
)
$ErrorActionPreference = "Stop"
# ── Locate OpenSSL (probes common Windows install paths if not on PATH) ───────
. "$PSScriptRoot\_openssl.ps1"
New-Item -ItemType Directory -Force -Path $OutputDir | Out-Null
$privPath = Join-Path $OutputDir "manifest-private.pem"
$pubPath = Join-Path $OutputDir "manifest-public.pem"
# ── Generate ed25519 keypair ─────────────────────────────────────────────────
Write-Host "`nGenerating Ed25519 keypair..." -ForegroundColor Yellow
& openssl genpkey -algorithm ed25519 -out $privPath
& openssl pkey -in $privPath -pubout -out $pubPath
# ── Extract raw 32-byte public key as base64 ─────────────────────────────────
# OpenSSL DER-encodes the public key as SubjectPublicKeyInfo (SPKI).
# Ed25519 SPKI = 12-byte header + 32-byte raw key = 44 bytes total.
# Write to a temp file so we can read the raw bytes.
$tempDer = Join-Path $env:TEMP "psg-pubkey-$([System.Guid]::NewGuid()).der"
& openssl pkey -in $privPath -pubout -outform DER -out $tempDer
$derBytes = [IO.File]::ReadAllBytes($tempDer)
Remove-Item $tempDer -Force
# Skip the 12-byte SPKI header to get the raw 32-byte key
$rawKeyBytes = $derBytes[12..43]
$rawKeyB64 = [Convert]::ToBase64String($rawKeyBytes)
# ── Output ───────────────────────────────────────────────────────────────────
Write-Host ""
Write-Host "Keys written to $OutputDir" -ForegroundColor Green
Write-Host " Private : $privPath ← KEEP SECRET, never commit" -ForegroundColor Red
Write-Host " Public : $pubPath"
Write-Host ""
Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Yellow
Write-Host "Paste this value into src-tauri/src/config.rs as MANIFEST_PUBLIC_KEY_B64:" -ForegroundColor Yellow
Write-Host ""
Write-Host " $rawKeyB64" -ForegroundColor Cyan
Write-Host ""
Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Yellow
Write-Host ""
Write-Host "Next steps:"
Write-Host " 1. Copy the base64 value above into config.rs"
Write-Host " 2. Store manifest-private.pem as the Gitea CI secret MANIFEST_SIGNING_KEY"
Write-Host " 3. Run 'npm run tauri signer generate' for the Tauri self-updater key"
Write-Host " and store that in CI as TAURI_SIGNING_PRIVATE_KEY"