V 01.09#21
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 14880d87f2
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| }, | ||
| "UpdateSecurity": { | ||
| "ReleaseSigningPublicKeyPem": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9E9flwTTxIneRB/uMEQM\ngd6m5b7Gt2Tg30Cb8SjPmMrQvmYch6gSuJB5dBZxPsXnGFKuXC2r7O5MH2R5/l7c\neOzvlTJPghRJrYooXELc9VuX6v5/2OelLyPvEwGx0eUdRSRp/WY0mPfwIyCQx1Ll\nAg9jsjqcj91d4ED35x0rnaCeyR8ZJZPZ80G3FyUcfkhsOUrALkbSggON02CgGRpq\nmD+VYimKqY4mzSQwDaCPOZPArUAL0Hih8rioWC8KPj+TgkFgLfAQOb3TCN1J30l1\nqUhSolrOKvR2g4UjA+J3LSX22TijHuiuuzu9Am+14lB7KkoUZApWO1hehNIUNpDa\n7Md0TZMunUFYYj440nN3i5bLkJ1qkNUxBBdApZPI06WtjM0fmzYGxcPzHU3NLy5/\nAz2vrpnYvOQ6zoiSK5u3SolelDW6dUBFex8C3/dtWi1mxnk1hqqCmF87dVHojMDV\nhPMSHwzb7DfEoaIMyxdBzNh4AWFjD6rpllZVekx7y77DqqwN5ZDGUkqncjP5hLtL\nUD13AQXqYo4RoVsS3qCqHTkT9vB2sRTyge5Eq+lSkTMIWlwSXteX7O3PPFz7FcVq\nIZu6ACHA6FKa7wcOLn6zV0UVLimyfL+MxGDOcHjnOmKRxNbGqNn/SlDalQmuq0gC\nNBu8fmjyq6XK4y/4Feh5OjUCAwEAAQ==\n-----END PUBLIC KEY-----" | ||
| "ReleaseSigningPublicKeyPem": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvnPPH5nmqhYfCxeazYo2\nUl59S/+nUWPz6/uAFORGFrayrCgt4vfZE8lVUES/Z7aJni9Uc0cXMREVNApOchim\nFWc9t2E/7lXwMRvmTfkcKGDCxPaTcy8zHg2rt3cFME+JuojShU868DddmhnWMRzd\nzRtgKaWdS2URKXKIyUz6mfYHnGbEaBGnFCCsVCPryPL2fRbsNUT0yAj5pI9xWedR\nnzEk6AXG7FIKPWNprmS+JxWvQMgj7JTQ5dGZIm/eEvGT53J5weYO3a6OHZE8vl9k\nMpR2uLbmK1mDoTRHlRp0eBMfYrZVpnfvmUTMOB4g1gDA+a0zchWUitiyc47Tx5ad\nqEzsmrHe+iAROECSIOjQkTJow9cevU6yM+SBK+jtEw2Ns3/vmGe/FG7BsO/BUozX\nQzmkUVfdmbSRROhJ13JKfnjEHQGv8VTXo7DTlcOlFUcZokXkffhb0VS2DaOFjdX+\nWJrj0IeqT24J1CLucny3E8c76kzsn1dx4ybSUHcrW9ta95U6WIaKc80FwNk0TqeC\n65Ok59XOv3wdrLBcadTakihYLvshclECEJSxHv7f+b3Z7rUUHt2BeKZiTjIe6UWk\npN4BVT5MX0SezTg/VU20SHxJYmWVIe4i1tVugahlNjkLfudexE4rCwngP/pbLH4J\nat7bxvLDo5k3O5J1Sej7rnkCAwEAAQ==\n-----END PUBLIC KEY-----" |
There was a problem hiding this comment.
Rotating the default release public key here breaks the in-app updater for any installed instance that still has the previous nonblank UpdateSecurity:ReleaseSigningPublicKeyPem: the running API verifies the downloaded ZIP with its current configured key before extraction, and Actualizar-AtlasBalance.ps1 only replaces the key when that setting is blank (-ReplaceBlank). Once latest is signed with this new key, those installs reject it as an invalid signature and never reach the packaged template/scripts, so ship a bridge release signed by the old key or dual-key verification before making the new key the only trusted default.
Useful? React with 👍 / 👎.
1 participant
No description provided.