c4c1a32e95
Fix the updated merge scripts to handle this. Prune Expired certificates from certdata.txt and the object signing cert list Update to CKBI 2.48 from NSS 3.64 Removing: # Certificate "Verisign Class 3 Public Primary Certification Authority - G3" # Certificate "GeoTrust Universal CA 2" # Certificate "QuoVadis Root CA" # Certificate "Sonera Class 2 Root CA" # Certificate "Taiwan GRCA" # Certificate "VeriSign Class 3 Public Primary Certification Authority - G4" # Certificate "EE Certification Centre Root CA" # Certificate "LuxTrust Global Root 2" # Certificate "Symantec Class 1 Public Primary Certification Authority - G4" # Certificate "Symantec Class 2 Public Primary Certification Authority - G4" Adding: # Certificate "Microsoft ECC Root Certificate Authority 2017" # Certificate "Microsoft RSA Root Certificate Authority 2017" # Certificate "e-Szigno Root CA 2017" # Certificate "certSIGN Root CA G2" # Certificate "Trustwave Global Certification Authority" # Certificate "Trustwave Global ECC P256 Certification Authority" # Certificate "Trustwave Global ECC P384 Certification Authority" # Certificate "NAVER Global Root Certification Authority" # Certificate "AC RAIZ FNMT-RCM SERVIDORES SEGUROS" # Certificate "GlobalSign Secure Mail Root R45" # Certificate "GlobalSign Secure Mail Root E45" # Certificate "GlobalSign Root R46" # Certificate "GlobalSign Root E46" # Certificate "Certum EC-384 CA" # Certificate "Certum Trusted Root CA" # Certificate "GlobalSign Code Signing Root R45" # Certificate "GlobalSign Code Signing Root E45" # Certificate "Halcom Root Certificate Authority" # Certificate "Symantec Class 3 Public Primary Certification Authority - G6" # Certificate "GLOBALTRUST" # Certificate "MULTICERT Root Certification Authority 01" # Certificate "Verizon Global Root CA" # Certificate "Tunisian Root Certificate Authority - TunRootCA2" # Certificate "CAEDICOM Root" # Certificate "COMODO Certification Authority" # Certificate "Security Communication ECC RootCA1" # Certificate "Security Communication RootCA3" # Certificate "AC RAIZ DNIE" # Certificate "VeriSign Class 3 Public Primary Certification Authority - G3" # Certificate "NetLock Platina (Class Platinum) Főtanúsítvány" # Certificate "GLOBALTRUST 2015" # Certificate "emSign Root CA - G2" # Certificate "emSign Root CA - C2"
63 lines
1.3 KiB
Bash
Executable File
63 lines
1.3 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# This script fetches the object signing list from the Microsoft list. It then
|
|
# mergest that list into the fetched certdata.txt.
|
|
#
|
|
baseurl="https://ccadb-public.secure.force.com/microsoft/IncludedRootsPEMTxtForMSFT?TrustBitsInclude=Code%20Signing"
|
|
target="microsoft_code_siging.pem"
|
|
certdata="./certdata.txt"
|
|
merge=1
|
|
diff=0
|
|
while [ -n "$1" ]; do
|
|
case $1 in
|
|
"-u")
|
|
shift
|
|
baseurl=$1
|
|
;;
|
|
"-o")
|
|
shift
|
|
target=$1
|
|
;;
|
|
"-c")
|
|
shift
|
|
certdata=$1
|
|
;;
|
|
"-n")
|
|
merge=0
|
|
;;
|
|
"-d")
|
|
diff=1
|
|
difffile=$1
|
|
;;
|
|
*)
|
|
echo "usage: $0 [-u URL] [-o target] [-c certdata] [-n]"
|
|
echo "-u URL base URL to fetch code signing list"
|
|
echo "-o target name of the codesigning target"
|
|
echo "-c certdata patch to certdata.txt to merge with"
|
|
echo "-d diff optional diff file"
|
|
echo "-n don't merge"
|
|
exit 1
|
|
;;
|
|
esac
|
|
shift
|
|
done
|
|
|
|
|
|
wget ${baseurl} -O ${target}
|
|
|
|
if [ ${merge} -eq 0 ]; then
|
|
exit 0;
|
|
fi
|
|
|
|
out=${certdata}
|
|
if [ ${diff} -eq 1 ]; then
|
|
out=${certdata}.out
|
|
fi
|
|
|
|
python3 ./mergepem2certdata.py -c "${certdata}" -p "${target}" -o "${out}" -t "CKA_TRUST_CODE_SIGNING" -l "Microsoft Code Signing Only Certificate"
|
|
|
|
if [ ${diff} -eq 1 ]; then
|
|
diff -u ${certdata} ${out} > ${difffile}
|
|
mv ${out} ${certdata}
|
|
fi
|