mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
build-aux: Add PKCS#8 authenticode key support
* tools/gpg-authcode-sign.sh: Assume PKCS#8 if the key file does not end with .p12 or .pfx. -- Since using encrypted PKCS#12 containers with askpass is unpractical when signing many files. This adds support to use an PKCS#8 key for codesigning.
This commit is contained in:
parent
536fc8d33d
commit
3d015d106f
@ -261,9 +261,9 @@ elif [ "$AUTHENTICODE_KEY" = none ]; then
|
|||||||
echo >&2 "$PGM: Signing disabled; would sign: '$inname'"
|
echo >&2 "$PGM: Signing disabled; would sign: '$inname'"
|
||||||
[ "$inname" != "$outname" ] && cp "$inname" "$outname"
|
[ "$inname" != "$outname" ] && cp "$inname" "$outname"
|
||||||
|
|
||||||
else
|
elif [[ "$AUTHENTICODE_KEY" =~ \.p12$ || "$AUTHENTICODE_KEY" =~ \.pfx$ ]]; then
|
||||||
|
|
||||||
echo >&2 "$PGM: Signing using key $AUTHENTICODE_KEY"
|
echo >&2 "$PGM: Signing using PKCS#12 container $AUTHENTICODE_KEY"
|
||||||
osslsigncode sign -certs "$AUTHENTICODE_CERTS" \
|
osslsigncode sign -certs "$AUTHENTICODE_CERTS" \
|
||||||
-pkcs12 "$AUTHENTICODE_KEY" -askpass \
|
-pkcs12 "$AUTHENTICODE_KEY" -askpass \
|
||||||
-ts "$AUTHENTICODE_TSURL" \
|
-ts "$AUTHENTICODE_TSURL" \
|
||||||
@ -272,6 +272,17 @@ else
|
|||||||
cp "$outname.tmp" "$outname"
|
cp "$outname.tmp" "$outname"
|
||||||
rm "$outname.tmp"
|
rm "$outname.tmp"
|
||||||
|
|
||||||
|
else
|
||||||
|
|
||||||
|
echo >&2 "$PGM: Signing using unprotected key $AUTHENTICODE_KEY"
|
||||||
|
osslsigncode sign -certs "$AUTHENTICODE_CERTS" \
|
||||||
|
-key "$AUTHENTICODE_KEY" \
|
||||||
|
-ts "$AUTHENTICODE_TSURL" \
|
||||||
|
-h sha256 -n "$desc" -i "$url" \
|
||||||
|
-in "$inname" -out "$outname.tmp"
|
||||||
|
cp "$outname.tmp" "$outname"
|
||||||
|
rm "$outname.tmp"
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -z "$dryrun" ]; then
|
if [ -z "$dryrun" ]; then
|
||||||
|
Loading…
x
Reference in New Issue
Block a user