Tree - rpms/ca-certificates - src.fedoraproject.org

rpms / ca-certificates

Blame fetch_objsign.sh

Blob History Raw

		6d164ae	`#!/bin/sh`
		6d164ae	`#`
		6d164ae	`# This script fetches the object signing list from the Microsoft list. It then`
		6d164ae	`# mergest that list into the fetched certdata.txt.`
		6d164ae	`#`
		fe9aee3	`giturl="https://github.com/dotnet/sdk"`
		fe9aee3	`gitrawurl="https://raw.githubusercontent.com/dotnet/sdk"`
		fe9aee3	`release="latest"`
		fe9aee3	`treedir="src/Layout/redist/trustedroots/codesignctl.pem"`
		fe9aee3	`target="microsoft_sign_obj_ca.pem"`
		6d164ae	`certdata="./certdata.txt"`
		fe9aee3	`baseurl=""`
		6d164ae	`merge=1`
		6d164ae	`diff=0`
		fe9aee3
		fe9aee3	`function getlatest`
		fe9aee3	`{`
		fe9aee3	`local url=$1`
		fe9aee3	`local latest="0"`
		fe9aee3	`local tags=($(git ls-remote --tags ${url}))`
		fe9aee3	`for tag in "${tags[@]}"`
		fe9aee3	`do`
		fe9aee3	`if [[ ! ${tag} =~ refs/.* ]]; then`
		fe9aee3	`continue # skip hashes`
		fe9aee3	`fi`
		fe9aee3	`if [[ ${tag} =~ .preview. ]]; then`
		fe9aee3	`continue # skip preview tags, we only want release tags`
		fe9aee3	`fi`
		fe9aee3	`if [[ ${tag} =~ .rc. ]]; then`
		fe9aee3	`continue # skip release candidate tags, we only want release tags`
		fe9aee3	`fi`
		fe9aee3	`if [[ ${latest} < ${tag} ]]; then`
		fe9aee3	`latest=$tag`
		fe9aee3	`fi`
		fe9aee3	`done`
		fe9aee3	`latest=${latest##refs/tags/}`
		fe9aee3	`echo $latest`
		fe9aee3	`}`
		fe9aee3
		6d164ae	`while [ -n "$1" ]; do`
		6d164ae	`case $1 in`
		fe9aee3	`"-g")`
		fe9aee3	`shift`
		fe9aee3	`giturl=$1`
		fe9aee3	`;;`
		fe9aee3	`"-r")`
		fe9aee3	`shift`
		fe9aee3	`gitrawurl=$1`
		fe9aee3	`;;`
		fe9aee3	`"-t")`
		fe9aee3	`shift`
		fe9aee3	`treedir=$1`
		fe9aee3	`;;`
		fe9aee3	`"-r")`
		fe9aee3	`shift`
		fe9aee3	`release=$1`
		fe9aee3	`;;`
		6d164ae	`"-u")`
		6d164ae	`shift`
		6d164ae	`baseurl=$1`
		fe9aee3	`release="unknown"`
		6d164ae	`;;`
		6d164ae	`"-o")`
		6d164ae	`shift`
		6d164ae	`target=$1`
		6d164ae	`;;`
		6d164ae	`"-c")`
		6d164ae	`shift`
		6d164ae	`certdata=$1`
		6d164ae	`;;`
		c4c1a32	`"-n")`
		6d164ae	`merge=0`
		6d164ae	`;;`
		6d164ae	`"-d")`
		fe9aee3	`shift`
		6d164ae	`diff=1`
		6d164ae	`difffile=$1`
		6d164ae	`;;`
		6d164ae	`*)`
		6d164ae	`echo "usage: $0 [-u URL] [-o target] [-c certdata] [-n]"`
		fe9aee3	`echo "-g URL git URL to fetch code signing list"`
		fe9aee3	`echo "-r URL raw git URL to fetch code signing list"`
		fe9aee3	`echo "-t URL git tree directory to fetch code signing list"`
		fe9aee3	`echo "-r release code signing list release version"`
		6d164ae	`echo "-u URL base URL to fetch code signing list"`
		6d164ae	`echo "-o target name of the codesigning target"`
		6d164ae	`echo "-c certdata patch to certdata.txt to merge with"`
		6d164ae	`echo "-d diff optional diff file"`
		6d164ae	`echo "-n don't merge"`
		6d164ae	`exit 1`
		6d164ae	`;;`
		6d164ae	`esac`
		6d164ae	`shift`
		6d164ae	`done`
		6d164ae
		fe9aee3	`if [ "${release}" = "latest" ]; then`
		fe9aee3	`release=$(getlatest ${giturl} )`
		fe9aee3	`fi`
		fe9aee3
		fe9aee3	`if [ "${baseurl}" = "" ]; then`
		fe9aee3	`baseurl="${gitrawurl}/${release}/${treedir}"`
		fe9aee3	`fi`
		fe9aee3
		fe9aee3	`echo $release > "./codesign-release.txt"`
		fe9aee3
		fe9aee3	`echo "Fetching release=${release}, ${target} from ${baseurl}"`
		6d164ae
		6d164ae	`wget ${baseurl} -O ${target}`
		6d164ae
		6d164ae	`if [ ${merge} -eq 0 ]; then`
		6d164ae	`exit 0;`
		6d164ae	`fi`
		6d164ae
		6d164ae	`out=${certdata}`
		c4c1a32	`if [ ${diff} -eq 1 ]; then`
		6d164ae	`out=${certdata}.out`
		6d164ae	`fi`
		6d164ae	`python3 ./mergepem2certdata.py -c "${certdata}" -p "${target}" -o "${out}" -t "CKA_TRUST_CODE_SIGNING" -l "Microsoft Code Signing Only Certificate"`
		6d164ae
		6d164ae	`if [ ${diff} -eq 1 ]; then`
		6d164ae	`diff -u ${certdata} ${out} > ${difffile}`
		6d164ae	`mv ${out} ${certdata}`
		6d164ae	`fi`

rpms / ca-certificates

Source Code

Blame fetch_objsign.sh