mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
build-aux: Add PKCS#8 authenticode key support
* tools/gpg-authcode-sign.sh: Assume PKCS#8 if the key file does not end with .p12 or .pfx. -- Since using encrypted PKCS#12 containers with askpass is unpractical when signing many files. This adds support to use an PKCS#8 key for codesigning.
This commit is contained in:
parent
536fc8d33d
commit
3d015d106f
@ -261,9 +261,9 @@ elif [ "$AUTHENTICODE_KEY" = none ]; then
|
||||
echo >&2 "$PGM: Signing disabled; would sign: '$inname'"
|
||||
[ "$inname" != "$outname" ] && cp "$inname" "$outname"
|
||||
|
||||
else
|
||||
elif [[ "$AUTHENTICODE_KEY" =~ \.p12$ || "$AUTHENTICODE_KEY" =~ \.pfx$ ]]; then
|
||||
|
||||
echo >&2 "$PGM: Signing using key $AUTHENTICODE_KEY"
|
||||
echo >&2 "$PGM: Signing using PKCS#12 container $AUTHENTICODE_KEY"
|
||||
osslsigncode sign -certs "$AUTHENTICODE_CERTS" \
|
||||
-pkcs12 "$AUTHENTICODE_KEY" -askpass \
|
||||
-ts "$AUTHENTICODE_TSURL" \
|
||||
@ -272,6 +272,17 @@ else
|
||||
cp "$outname.tmp" "$outname"
|
||||
rm "$outname.tmp"
|
||||
|
||||
else
|
||||
|
||||
echo >&2 "$PGM: Signing using unprotected key $AUTHENTICODE_KEY"
|
||||
osslsigncode sign -certs "$AUTHENTICODE_CERTS" \
|
||||
-key "$AUTHENTICODE_KEY" \
|
||||
-ts "$AUTHENTICODE_TSURL" \
|
||||
-h sha256 -n "$desc" -i "$url" \
|
||||
-in "$inname" -out "$outname.tmp"
|
||||
cp "$outname.tmp" "$outname"
|
||||
rm "$outname.tmp"
|
||||
|
||||
fi
|
||||
|
||||
if [ -z "$dryrun" ]; then
|
||||
|
Loading…
x
Reference in New Issue
Block a user