sh4d0wup 0.11.0

Signing-key abuse and update exploitation framework
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

---

upstreams:
  github:
    url: https://github.com/
  github-api:
    url: https://api.github.com/
  ghcr:
    url: https://ghcr.io/

tls:
  names: ["github.com", "api.github.com", "ghcr.io"]

check:
  image: docker.io/homebrew/brew
  install_certs: ['tee', '-a', '/etc/ssl/certs/ca-certificates.crt']
  register_hosts:
    - github.com
    - api.github.com
    - ghcr.io
  cmds:
    - HOMEBREW_NO_AUTO_UPDATE=1 brew install libsodium

artifacts:
  upstream_bottle:
    type: url
    url: https://ghcr.io/v2/homebrew/core/libsodium/blobs/sha256:1ab2c66fc8ae6c1245b49c9bd7a32853c1b348afe7086d4c2d3baf5ea30bbac9
    headers:
      authorization: "Bearer QQ=="
  upstream_manifest:
    type: url
    url: https://ghcr.io/v2/homebrew/core/libsodium/manifests/1.0.18_1
    headers:
      authorization: "Bearer QQ=="
      accept: "application/vnd.oci.image.index.v1+json"

routes:
  - host: github.com
    type: proxy
    args:
      upstream: github
  - host: api.github.com
    type: proxy
    args:
      upstream: github-api

  - path: /v2/homebrew/core/libsodium/manifests/1.0.18_1
    host: ghcr.io
    type: static
    args:
      artifact: upstream_manifest
      headers:
        content-type: "application/vnd.oci.image.index.v1+json"
  - host: ghcr.io
    type: static
    args:
      path_template: "/v2/homebrew/core/libsodium/blobs/sha256:{{sha256}}"
      artifacts:
        - upstream_bottle
  - host: ghcr.io
    type: proxy
    args:
      upstream: ghcr

  - type: static
    args:
      status: 400
      data: ''