AUTH-2653 renabled signing

This commit is contained in:
Dalton 2020-09-04 11:29:17 -05:00
parent 2463d6b92c
commit 8764fbfdfa
1 changed files with 56 additions and 60 deletions

View File

@ -28,72 +28,68 @@ cp -r . ../src/github.com/cloudflare/cloudflared
cd ../src/github.com/cloudflare/cloudflared cd ../src/github.com/cloudflare/cloudflared
GOCACHE="$PWD/../../../../" GOPATH="$PWD/../../../../" CGO_ENABLED=1 make cloudflared GOCACHE="$PWD/../../../../" GOPATH="$PWD/../../../../" CGO_ENABLED=1 make cloudflared
# TODO: AUTH-2653 - The CFD_CODE_SIGN_KEY and CFD_INSTALLER_KEY are "doubly" gpg encrypted. # Add code signing private key to the key chain
# this needs to be fixed, but I don't have access to the keys to do it. if [[ -n "${CFD_CODE_SIGN_KEY:-}" ]]; then
# The private keys are on from Dane's laptop if [[ -n "${CFD_CODE_SIGN_PASS:-}" ]]; then
# write private key to disk and then import it keychain
echo -n -e ${CFD_CODE_SIGN_KEY} | base64 -D > ${CODE_SIGN_PRIV}
security import ${CODE_SIGN_PRIV} -A -P "${CFD_CODE_SIGN_PASS}"
rm ${CODE_SIGN_PRIV}
fi
fi
# # Add code signing private key to the key chain # Add code signing certificate to the key chain
# if [[ -n "${CFD_CODE_SIGN_KEY:-}" ]]; then if [[ -n "${CFD_CODE_SIGN_CERT:-}" ]]; then
# if [[ -n "${CFD_CODE_SIGN_PASS:-}" ]]; then # write certificate to disk and then import it keychain
# # write private key to disk and then import it keychain echo -n -e ${CFD_CODE_SIGN_CERT} | base64 -D > ${CODE_SIGN_CERT}
# echo -n -e ${CFD_CODE_SIGN_KEY} | base64 -D > ${CODE_SIGN_PRIV} security import ${CODE_SIGN_CERT}
# security import ${CODE_SIGN_PRIV} -A -P "${CFD_CODE_SIGN_PASS}" rm ${CODE_SIGN_CERT}
# rm ${CODE_SIGN_PRIV} fi
# fi
# fi
# # Add code signing certificate to the key chain # Add package signing private key to the key chain
# if [[ -n "${CFD_CODE_SIGN_CERT:-}" ]]; then if [[ -n "${CFD_INSTALLER_KEY:-}" ]]; then
# # write certificate to disk and then import it keychain if [[ -n "${CFD_INSTALLER_PASS:-}" ]]; then
# echo -n -e ${CFD_CODE_SIGN_CERT} | base64 -D > ${CODE_SIGN_CERT} # write private key to disk and then import it into the keychain
# security import ${CODE_SIGN_CERT} echo -n -e ${CFD_INSTALLER_KEY} | base64 -D > ${INSTALLER_PRIV}
# rm ${CODE_SIGN_CERT} security import ${INSTALLER_PRIV} -A -P "${CFD_INSTALLER_PASS}"
# fi rm ${INSTALLER_PRIV}
fi
fi
# # Add package signing private key to the key chain # Add package signing certificate to the key chain
# if [[ -n "${CFD_INSTALLER_KEY:-}" ]]; then if [[ -n "${CFD_INSTALLER_CERT:-}" ]]; then
# if [[ -n "${CFD_INSTALLER_PASS:-}" ]]; then # write certificate to disk and then import it keychain
# # write private key to disk and then import it into the keychain echo -n -e ${CFD_INSTALLER_CERT} | base64 -D > ${INSTALLER_CERT}
# echo -n -e ${CFD_INSTALLER_KEY} | base64 -D > ${INSTALLER_PRIV} security import ${INSTALLER_CERT}
# security import ${INSTALLER_PRIV} -A -P "${CFD_INSTALLER_PASS}" rm ${INSTALLER_CERT}
# rm ${INSTALLER_PRIV} fi
# fi
# fi
# # Add package signing certificate to the key chain # get the code signing certificate name
# if [[ -n "${CFD_INSTALLER_CERT:-}" ]]; then if [[ -n "${CFD_CODE_SIGN_NAME:-}" ]]; then
# # write certificate to disk and then import it keychain CODE_SIGN_NAME="${CFD_CODE_SIGN_NAME}"
# echo -n -e ${CFD_INSTALLER_CERT} | base64 -D > ${INSTALLER_CERT} else
# security import ${INSTALLER_CERT} if [[ -n "$(security find-identity -v | cut -d'"' -f 2 -s | grep "Developer ID Application:")" ]]; then
# rm ${INSTALLER_CERT} CODE_SIGN_NAME=$(security find-identity -v | cut -d'"' -f 2 -s | grep "Developer ID Application:")
# fi else
CODE_SIGN_NAME=""
fi
fi
# # get the code signing certificate name # get the package signing certificate name
# if [[ -n "${CFD_CODE_SIGN_NAME:-}" ]]; then if [[ -n "${CFD_INSTALLER_NAME:-}" ]]; then
# CODE_SIGN_NAME="${CFD_CODE_SIGN_NAME}" PKG_SIGN_NAME="${CFD_INSTALLER_NAME}"
# else else
# if [[ -n "$(security find-identity -v | cut -d'"' -f 2 -s | grep "Developer ID Application:")" ]]; then if [[ -n "$(security find-identity -v | cut -d'"' -f 2 -s | grep "Developer ID Installer:")" ]]; then
# CODE_SIGN_NAME=$(security find-identity -v | cut -d'"' -f 2 -s | grep "Developer ID Application:") PKG_SIGN_NAME=$(security find-identity -v | cut -d'"' -f 2 -s | grep "Developer ID Installer:")
# else else
# CODE_SIGN_NAME="" PKG_SIGN_NAME=""
# fi fi
# fi fi
# # get the package signing certificate name # sign the cloudflared binary
# if [[ -n "${CFD_INSTALLER_NAME:-}" ]]; then if [[ -n "${CODE_SIGN_NAME:-}" ]]; then
# PKG_SIGN_NAME="${CFD_INSTALLER_NAME}" codesign -s "${CODE_SIGN_NAME}" -f -v --timestamp --options runtime ${BINARY_NAME}
# else fi
# if [[ -n "$(security find-identity -v | cut -d'"' -f 2 -s | grep "Developer ID Installer:")" ]]; then
# PKG_SIGN_NAME=$(security find-identity -v | cut -d'"' -f 2 -s | grep "Developer ID Installer:")
# else
# PKG_SIGN_NAME=""
# fi
# fi
# # sign the cloudflared binary
# if [[ -n "${CODE_SIGN_NAME:-}" ]]; then
# codesign -s "${CODE_SIGN_NAME}" -f -v --timestamp --options runtime ${BINARY_NAME}
# fi
# creating build directory # creating build directory