2021-05-24 17:49:58 +00:00
|
|
|
#!/bin/sh
|
|
|
|
#
|
|
|
|
# This script fetches the object signing list from the Microsoft list. It then
|
|
|
|
# mergest that list into the fetched certdata.txt.
|
|
|
|
#
|
|
|
|
baseurl="https://ccadb-public.secure.force.com/microsoft/IncludedRootsPEMTxtForMSFT?TrustBitsInclude=Code%20Signing"
|
|
|
|
target="microsoft_code_siging.pem"
|
|
|
|
certdata="./certdata.txt"
|
|
|
|
merge=1
|
|
|
|
diff=0
|
|
|
|
while [ -n "$1" ]; do
|
|
|
|
case $1 in
|
|
|
|
"-u")
|
|
|
|
shift
|
|
|
|
baseurl=$1
|
|
|
|
;;
|
|
|
|
"-o")
|
|
|
|
shift
|
|
|
|
target=$1
|
|
|
|
;;
|
|
|
|
"-c")
|
|
|
|
shift
|
|
|
|
certdata=$1
|
|
|
|
;;
|
2021-05-25 23:48:57 +00:00
|
|
|
"-n")
|
2021-05-24 17:49:58 +00:00
|
|
|
merge=0
|
|
|
|
;;
|
|
|
|
"-d")
|
|
|
|
diff=1
|
|
|
|
difffile=$1
|
|
|
|
;;
|
|
|
|
*)
|
|
|
|
echo "usage: $0 [-u URL] [-o target] [-c certdata] [-n]"
|
|
|
|
echo "-u URL base URL to fetch code signing list"
|
|
|
|
echo "-o target name of the codesigning target"
|
|
|
|
echo "-c certdata patch to certdata.txt to merge with"
|
|
|
|
echo "-d diff optional diff file"
|
|
|
|
echo "-n don't merge"
|
|
|
|
exit 1
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
shift
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
|
|
wget ${baseurl} -O ${target}
|
|
|
|
|
|
|
|
if [ ${merge} -eq 0 ]; then
|
|
|
|
exit 0;
|
|
|
|
fi
|
|
|
|
|
|
|
|
out=${certdata}
|
2021-05-25 23:48:57 +00:00
|
|
|
if [ ${diff} -eq 1 ]; then
|
2021-05-24 17:49:58 +00:00
|
|
|
out=${certdata}.out
|
|
|
|
fi
|
|
|
|
|
|
|
|
python3 ./mergepem2certdata.py -c "${certdata}" -p "${target}" -o "${out}" -t "CKA_TRUST_CODE_SIGNING" -l "Microsoft Code Signing Only Certificate"
|
|
|
|
|
|
|
|
if [ ${diff} -eq 1 ]; then
|
|
|
|
diff -u ${certdata} ${out} > ${difffile}
|
|
|
|
mv ${out} ${certdata}
|
|
|
|
fi
|