AUTH-2653 renabled signing
This commit is contained in:
Dalton
parent
2463d6b92c
commit
8764fbfdfa
|
|
@ -28,72 +28,68 @@ cp -r . ../src/github.com/cloudflare/cloudflared
|
||||||
cd ../src/github.com/cloudflare/cloudflared
|
cd ../src/github.com/cloudflare/cloudflared
|
||||||
GOCACHE="$PWD/../../../../" GOPATH="$PWD/../../../../" CGO_ENABLED=1 make cloudflared
|
GOCACHE="$PWD/../../../../" GOPATH="$PWD/../../../../" CGO_ENABLED=1 make cloudflared
|
||||||
|
|
||||||
# TODO: AUTH-2653 - The CFD_CODE_SIGN_KEY and CFD_INSTALLER_KEY are "doubly" gpg encrypted.
|
# Add code signing private key to the key chain
|
||||||
# this needs to be fixed, but I don't have access to the keys to do it.
|
if [[ -n "${CFD_CODE_SIGN_KEY:-}" ]]; then
|
||||||
# The private keys are on from Dane's laptop
|
if [[ -n "${CFD_CODE_SIGN_PASS:-}" ]]; then
|
||||||
|
# write private key to disk and then import it keychain
|
||||||
|
echo -n -e ${CFD_CODE_SIGN_KEY} | base64 -D > ${CODE_SIGN_PRIV}
|
||||||
|
security import ${CODE_SIGN_PRIV} -A -P "${CFD_CODE_SIGN_PASS}"
|
||||||
|
rm ${CODE_SIGN_PRIV}
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
# # Add code signing private key to the key chain
|
# Add code signing certificate to the key chain
|
||||||
# if [[ -n "${CFD_CODE_SIGN_KEY:-}" ]]; then
|
if [[ -n "${CFD_CODE_SIGN_CERT:-}" ]]; then
|
||||||
# if [[ -n "${CFD_CODE_SIGN_PASS:-}" ]]; then
|
# write certificate to disk and then import it keychain
|
||||||
# # write private key to disk and then import it keychain
|
echo -n -e ${CFD_CODE_SIGN_CERT} | base64 -D > ${CODE_SIGN_CERT}
|
||||||
# echo -n -e ${CFD_CODE_SIGN_KEY} | base64 -D > ${CODE_SIGN_PRIV}
|
security import ${CODE_SIGN_CERT}
|
||||||
# security import ${CODE_SIGN_PRIV} -A -P "${CFD_CODE_SIGN_PASS}"
|
rm ${CODE_SIGN_CERT}
|
||||||
# rm ${CODE_SIGN_PRIV}
|
fi
|
||||||
# fi
|
|
||||||
# fi
|
|
||||||
|
|
||||||
# # Add code signing certificate to the key chain
|
# Add package signing private key to the key chain
|
||||||
# if [[ -n "${CFD_CODE_SIGN_CERT:-}" ]]; then
|
if [[ -n "${CFD_INSTALLER_KEY:-}" ]]; then
|
||||||
# # write certificate to disk and then import it keychain
|
if [[ -n "${CFD_INSTALLER_PASS:-}" ]]; then
|
||||||
# echo -n -e ${CFD_CODE_SIGN_CERT} | base64 -D > ${CODE_SIGN_CERT}
|
# write private key to disk and then import it into the keychain
|
||||||
# security import ${CODE_SIGN_CERT}
|
echo -n -e ${CFD_INSTALLER_KEY} | base64 -D > ${INSTALLER_PRIV}
|
||||||
# rm ${CODE_SIGN_CERT}
|
security import ${INSTALLER_PRIV} -A -P "${CFD_INSTALLER_PASS}"
|
||||||
# fi
|
rm ${INSTALLER_PRIV}
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
# # Add package signing private key to the key chain
|
# Add package signing certificate to the key chain
|
||||||
# if [[ -n "${CFD_INSTALLER_KEY:-}" ]]; then
|
if [[ -n "${CFD_INSTALLER_CERT:-}" ]]; then
|
||||||
# if [[ -n "${CFD_INSTALLER_PASS:-}" ]]; then
|
# write certificate to disk and then import it keychain
|
||||||
# # write private key to disk and then import it into the keychain
|
echo -n -e ${CFD_INSTALLER_CERT} | base64 -D > ${INSTALLER_CERT}
|
||||||
# echo -n -e ${CFD_INSTALLER_KEY} | base64 -D > ${INSTALLER_PRIV}
|
security import ${INSTALLER_CERT}
|
||||||
# security import ${INSTALLER_PRIV} -A -P "${CFD_INSTALLER_PASS}"
|
rm ${INSTALLER_CERT}
|
||||||
# rm ${INSTALLER_PRIV}
|
fi
|
||||||
# fi
|
|
||||||
# fi
|
|
||||||
|
|
||||||
# # Add package signing certificate to the key chain
|
# get the code signing certificate name
|
||||||
# if [[ -n "${CFD_INSTALLER_CERT:-}" ]]; then
|
if [[ -n "${CFD_CODE_SIGN_NAME:-}" ]]; then
|
||||||
# # write certificate to disk and then import it keychain
|
CODE_SIGN_NAME="${CFD_CODE_SIGN_NAME}"
|
||||||
# echo -n -e ${CFD_INSTALLER_CERT} | base64 -D > ${INSTALLER_CERT}
|
else
|
||||||
# security import ${INSTALLER_CERT}
|
if [[ -n "$(security find-identity -v | cut -d'"' -f 2 -s | grep "Developer ID Application:")" ]]; then
|
||||||
# rm ${INSTALLER_CERT}
|
CODE_SIGN_NAME=$(security find-identity -v | cut -d'"' -f 2 -s | grep "Developer ID Application:")
|
||||||
# fi
|
else
|
||||||
|
CODE_SIGN_NAME=""
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
# # get the code signing certificate name
|
# get the package signing certificate name
|
||||||
# if [[ -n "${CFD_CODE_SIGN_NAME:-}" ]]; then
|
if [[ -n "${CFD_INSTALLER_NAME:-}" ]]; then
|
||||||
# CODE_SIGN_NAME="${CFD_CODE_SIGN_NAME}"
|
PKG_SIGN_NAME="${CFD_INSTALLER_NAME}"
|
||||||
# else
|
else
|
||||||
# if [[ -n "$(security find-identity -v | cut -d'"' -f 2 -s | grep "Developer ID Application:")" ]]; then
|
if [[ -n "$(security find-identity -v | cut -d'"' -f 2 -s | grep "Developer ID Installer:")" ]]; then
|
||||||
# CODE_SIGN_NAME=$(security find-identity -v | cut -d'"' -f 2 -s | grep "Developer ID Application:")
|
PKG_SIGN_NAME=$(security find-identity -v | cut -d'"' -f 2 -s | grep "Developer ID Installer:")
|
||||||
# else
|
else
|
||||||
# CODE_SIGN_NAME=""
|
PKG_SIGN_NAME=""
|
||||||
# fi
|
fi
|
||||||
# fi
|
fi
|
||||||
|
|
||||||
# # get the package signing certificate name
|
# sign the cloudflared binary
|
||||||
# if [[ -n "${CFD_INSTALLER_NAME:-}" ]]; then
|
if [[ -n "${CODE_SIGN_NAME:-}" ]]; then
|
||||||
# PKG_SIGN_NAME="${CFD_INSTALLER_NAME}"
|
codesign -s "${CODE_SIGN_NAME}" -f -v --timestamp --options runtime ${BINARY_NAME}
|
||||||
# else
|
fi
|
||||||
# if [[ -n "$(security find-identity -v | cut -d'"' -f 2 -s | grep "Developer ID Installer:")" ]]; then
|
|
||||||
# PKG_SIGN_NAME=$(security find-identity -v | cut -d'"' -f 2 -s | grep "Developer ID Installer:")
|
|
||||||
# else
|
|
||||||
# PKG_SIGN_NAME=""
|
|
||||||
# fi
|
|
||||||
# fi
|
|
||||||
|
|
||||||
# # sign the cloudflared binary
|
|
||||||
# if [[ -n "${CODE_SIGN_NAME:-}" ]]; then
|
|
||||||
# codesign -s "${CODE_SIGN_NAME}" -f -v --timestamp --options runtime ${BINARY_NAME}
|
|
||||||
# fi
|
|
||||||
|
|
||||||
|
|
||||||
# creating build directory
|
# creating build directory
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue