diff options
| author | Andre Heinecke <aheinecke@gnupg.org> | 2024-08-13 12:34:23 +0200 |
|---|---|---|
| committer | Andre Heinecke <aheinecke@gnupg.org> | 2024-08-15 22:45:06 +0200 |
| commit | 3d015d106f4e718a12cb660c2269df1bfc9e1bec (patch) | |
| tree | 5de3792386f85bda969642662d9f94273fc1a428 /tools | |
| parent | build-aux: Add cleanup to gpg-authcode-sign.sh (diff) | |
| download | gnupg2-3d015d106f4e718a12cb660c2269df1bfc9e1bec.tar.xz gnupg2-3d015d106f4e718a12cb660c2269df1bfc9e1bec.zip | |
build-aux: Add PKCS#8 authenticode key support
* tools/gpg-authcode-sign.sh: Assume PKCS#8 if the key file
does not end with .p12 or .pfx.
--
Since using encrypted PKCS#12 containers with askpass
is unpractical when signing many files. This adds support
to use an PKCS#8 key for codesigning.
Diffstat (limited to 'tools')
| -rwxr-xr-x | tools/gpg-authcode-sign.sh | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/tools/gpg-authcode-sign.sh b/tools/gpg-authcode-sign.sh index 6e623ed06..615e1bac7 100755 --- a/tools/gpg-authcode-sign.sh +++ b/tools/gpg-authcode-sign.sh @@ -261,9 +261,9 @@ elif [ "$AUTHENTICODE_KEY" = none ]; then echo >&2 "$PGM: Signing disabled; would sign: '$inname'" [ "$inname" != "$outname" ] && cp "$inname" "$outname" -else +elif [[ "$AUTHENTICODE_KEY" =~ \.p12$ || "$AUTHENTICODE_KEY" =~ \.pfx$ ]]; then - echo >&2 "$PGM: Signing using key $AUTHENTICODE_KEY" + echo >&2 "$PGM: Signing using PKCS#12 container $AUTHENTICODE_KEY" osslsigncode sign -certs "$AUTHENTICODE_CERTS" \ -pkcs12 "$AUTHENTICODE_KEY" -askpass \ -ts "$AUTHENTICODE_TSURL" \ @@ -272,6 +272,17 @@ else cp "$outname.tmp" "$outname" rm "$outname.tmp" +else + + echo >&2 "$PGM: Signing using unprotected key $AUTHENTICODE_KEY" + osslsigncode sign -certs "$AUTHENTICODE_CERTS" \ + -key "$AUTHENTICODE_KEY" \ + -ts "$AUTHENTICODE_TSURL" \ + -h sha256 -n "$desc" -i "$url" \ + -in "$inname" -out "$outname.tmp" + cp "$outname.tmp" "$outname" + rm "$outname.tmp" + fi if [ -z "$dryrun" ]; then |