Closed fasterthanlime closed 4 years ago
This line:
https://github.com/itchio/butler/blob/e8ae88f002a8e830b24538f76f9738c775990164/cmd/operate/upgrade.go#L235
is a lie.
It doesn't actually fetch signature info, and it never actually checks.
We need a way for the patcher to tell us which files were touched, or to validate in advance the files that are read from for patching (probably better?).
TODO:
pwr/patcher
This line:
https://github.com/itchio/butler/blob/e8ae88f002a8e830b24538f76f9738c775990164/cmd/operate/upgrade.go#L235
is a lie.
It doesn't actually fetch signature info, and it never actually checks.
We need a way for the patcher to tell us which files were touched, or to validate in advance the files that are read from for patching (probably better?).