rpms / ca-certificates

Clone
Source Code
GIT

Files

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 main rawhide
  1.   rawhide
  2.   fetch_objsign.sh
Blob Blame History Raw 
#!/bin/sh
#
# This script fetches the object signing list from the Microsoft list. It then
# mergest that list into the fetched certdata.txt.
#
giturl="https://github.com/dotnet/sdk"
gitrawurl="https://raw.githubusercontent.com/dotnet/sdk"
release="latest"
treedir="src/Layout/redist/trustedroots/codesignctl.pem"
target="microsoft_sign_obj_ca.pem"
certdata="./certdata.txt"
baseurl=""
merge=1
diff=0

function getlatest
{
    local url=$1
    local latest="0"
    local tags=($(git ls-remote --tags ${url}))
    for tag in "${tags[@]}"
    do
        if [[ ! ${tag} =~ refs/.* ]];  then
            continue # skip hashes
        fi
        if [[ ${tag} =~ .*preview.* ]];  then
            continue # skip preview tags, we only want release tags
        fi
        if [[ ${tag} =~ .*rc.* ]];  then
            continue # skip release candidate tags, we only want release tags
        fi
        if [[ ${latest} < ${tag} ]]; then
            latest=$tag
        fi
    done
    latest=${latest##refs/tags/}
    echo $latest
}

while [ -n "$1" ]; do
   case $1 in
   "-g")
        shift
	giturl=$1
	;;
   "-r")
        shift
	gitrawurl=$1
	;;
   "-t")
        shift
	treedir=$1
	;;
   "-r")
        shift
	release=$1
	;;
   "-u")
        shift
	baseurl=$1
        release="unknown"
	;;
   "-o")
        shift
	target=$1
	;;
   "-c")
        shift
	certdata=$1
	;;
   "-n")
        merge=0
        ;;
   "-d")
        shift
        diff=1
        difffile=$1
        ;;
    *)
	echo "usage: $0 [-u URL] [-o target] [-c certdata] [-n]"
	echo "-g URL      git URL to fetch code signing list"
	echo "-r URL      raw git URL to fetch code signing list"
	echo "-t URL      git tree directory to fetch code signing list"
	echo "-r release  code signing list release version"
	echo "-u URL      base URL to fetch code signing list"
	echo "-o target   name of the codesigning target"
	echo "-c certdata patch to certdata.txt to merge with"
	echo "-d diff     optional diff file"
        echo "-n          don't merge"
	exit 1
	;;
    esac
    shift
done

if [ "${release}" = "latest" ]; then
     release=$(getlatest ${giturl} )
fi

if [ "${baseurl}" = "" ]; then
     baseurl="${gitrawurl}/${release}/${treedir}"
fi

echo $release > "./codesign-release.txt"

echo "Fetching release=${release}, ${target} from ${baseurl}"

wget ${baseurl} -O ${target}

if [ ${merge} -eq 0 ]; then
    exit 0;
fi

out=${certdata}
if [ ${diff} -eq 1 ]; then
   out=${certdata}.out
fi
python3 ./mergepem2certdata.py -c "${certdata}" -p "${target}" -o "${out}" -t "CKA_TRUST_CODE_SIGNING" -l "Microsoft Code Signing Only Certificate"

if [ ${diff} -eq 1 ]; then
    diff -u ${certdata} ${out} > ${difffile}
    mv ${out} ${certdata}
fi
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.