Initial commit: docker-compose-updater

Go 项目，包含：
- 服务端 updater：两阶段协议，ECDSA 签名验证，AES-GCM 加密
- 发送端 dcu-send：Gitea Action CLI
- internal/auth：加解密/签名/会话管理
- internal/docker：Docker CLI 容器查找/拉取/重建
- action/：Gitea Action 定义
- deploy/Dockerfile：多阶段构建
- .gitea/workflows/build.yaml：CI/CD

keys/generate.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+set -euo pipefail
+
+DIR="$(cd "$(dirname "$0")" && pwd)"
+
+echo "=== 生成 ECDSA P-256 密钥对 ==="
+
+# 生成私钥
+openssl ecparam -genkey -name prime256v1 -out "$DIR/signing-private.pem"
+chmod 600 "$DIR/signing-private.pem"
+
+# 导出公钥
+openssl ec -in "$DIR/signing-private.pem" -pubout -out "$DIR/signing-public.pem"
+
+echo ""
+echo "✅ 已生成:"
+echo "   公钥: $DIR/signing-public.pem   ← 提交仓库，构建时嵌入 updater"
+echo "   私钥: $DIR/signing-private.pem  ← 不要提交！拷到 Gitea Secrets"
+echo ""
+echo "添加到 Gitea Secrets:"
+echo "   名称: UPDATER_SIGNING_KEY"
+echo "   值:  cat $DIR/signing-private.pem 的内容"

keys/signing-public.pem

@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1z1U8uShOCNxeMK6cYtHsyyVkPbt
+T+7ZuBKNuV1cDmDb3WtVLK1cPwW3oMXCs2Q2tgeDDidlPsO2+ypTKx3Igw==
+-----END PUBLIC KEY-----