From 16d3805221274f6419ce1a6b5f73abf7d90c9fa6 Mon Sep 17 00:00:00 2001 From: develar Date: Thu, 5 May 2016 09:13:30 +0200 Subject: [PATCH] fix: bundle StartSSL certs --- certs/sca.code2.crt | 34 ++++++++++++++++++++++++++++++ certs/sca.code3.crt | 34 ++++++++++++++++++++++++++++++ package.json | 2 +- src/codeSign.ts | 18 ++++++++++------ test/install-linux-dependencies.sh | 6 ++---- 5 files changed, 83 insertions(+), 11 deletions(-) create mode 100644 certs/sca.code2.crt create mode 100644 certs/sca.code3.crt diff --git a/certs/sca.code2.crt b/certs/sca.code2.crt new file mode 100644 index 00000000000..f09c30e73b3 --- /dev/null +++ b/certs/sca.code2.crt @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF2DCCA8CgAwIBAgIQbDvSft08lJ6Vjiips8dXoDANBgkqhkiG9w0BAQsFADB9 +MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi +U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh +cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTUxMjE2MDEwMDA1WhcN +MzAxMjE2MDEwMDA1WjB1MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20g +THRkLjEpMCcGA1UECxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkx +IzAhBgNVBAMTGlN0YXJ0Q29tIENsYXNzIDIgT2JqZWN0IENBMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRQEWPeyxYYsCDJgrQgmwIF3uWgZ2RUrHRhp +5NoalgWXLmR5Gqk9UTNa0Hdq9AKTQcOOunAbq9h7dG+Y6Ne5qT5odqSJoCKsF9Yp ++Lu4YZ/SB9BmDjBHICtwAh7+cwkccTS14n6prKin8Y46QAZ2ksr3eGzvWAVzfX+D +UOmiVQLjAK6Wp8bCZHvj+FhAlS5Ne7/dggDeSVWnMyPm2k/5YKOTVXExJJaAlYkm +yH1OiC3soTkkGb6aJjGJPHiaiNJ4pjkySX5l2p4DQ7K1/J6ft5Vw9PuqwmYrF0Vi +Gnn38kzB2d9UI9Q+dFmHUbV+cnr+FoGl6CiUDd5ZIF1HMrb8hwIDAQABo4IBWjCC +AVYwDgYDVR0PAQH/BAQDAgEGMBMGA1UdJQQMMAoGCCsGAQUFBwMDMBIGA1UdEwEB +/wQIMAYBAf8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5zdGFydHNz +bC5jb20vc2ZzY2EuY3JsMGYGCCsGAQUFBwEBBFowWDAkBggrBgEFBQcwAYYYaHR0 +cDovL29jc3Auc3RhcnRzc2wuY29tMDAGCCsGAQUFBzAChiRodHRwOi8vYWlhLnN0 +YXJ0c3NsLmNvbS9jZXJ0cy9jYS5jcnQwHQYDVR0OBBYEFD5ik5rXxxnuPo9JEIVV +FSDjlIQcMB8GA1UdIwQYMBaAFE4L7xqkQFulF2mHMMo0aEPQQa7yMD8GA1UdIAQ4 +MDYwNAYEVR0gADAsMCoGCCsGAQUFBwIBFh5odHRwOi8vd3d3LnN0YXJ0c3NsLmNv +bS9wb2xpY3kwDQYJKoZIhvcNAQELBQADggIBAGOlPNWzbSco2Ou6U68wC+pKXRLV ++ZrKcPpMY4zXTVR+RupS54WhJCManab2P1ncPlHTbRMbPjfHnyj0sIdpvwcV49n0 +nizMF3MBxaKJEnBBEfHs9Krgjc4qKjR2nOywlzxJ0M27RthR5XjyjQ1ofHlOisYg +MzcyKyMT7YYpxxoC0wTgAh0DNmE5Q/GKFOaDd3S5gTqrR9AQzGaC3IxCKBFtcwvk +51W98lNRtMbm+oJze5T+dL2wIhyWK58sEIl2paAVfAfWGH3umYL46scLn8BXDFch +N1Jgrg07DqY6gxCqSdubPhVHZInuVagktWmrnS6N9V/vVLz+OaX4Mkas8n1J1RIR ++GV8ZQVmTM49l6L+fpv/h95MWLhQOcXanbIY/2cdNEuz5AkhfvDNTQnLxYEMIyMO +tW2QIwwZdz92vMTU17G9goxXYjSm09yw+iBniH9G/xGz39BV3bwa8ZtKHzDoZ54H +T6JT2AraDhrWTwFXv8Xrvv2cir+k0h5bIWlDtImH7Jm152edb77f5JI8JrPf6jxc +UrhNH4xHxe2kGs8ERA39oYlT0dKQIb0obTN6FOF63hBRFFhGB7NuX2FeFjJsZFCk +oJkpsEauObb7Rh+C02+fnHfoi6ivKwUC9BOsWlI4xn7GMe27niL6k7wpK0L6MTG5 +/6gxwosqaMA1aukw +-----END CERTIFICATE----- diff --git a/certs/sca.code3.crt b/certs/sca.code3.crt new file mode 100644 index 00000000000..e85b562f601 --- /dev/null +++ b/certs/sca.code3.crt @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF5DCCA8ygAwIBAgIQeCJDoVPfKAof+uFc0ChMhjANBgkqhkiG9w0BAQsFADB9 +MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi +U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh +cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTUxMjE2MDEwMDA1WhcN +MzAxMjE2MDEwMDA1WjB1MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20g +THRkLjEpMCcGA1UECxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkx +IzAhBgNVBAMTGlN0YXJ0Q29tIENsYXNzIDMgT2JqZWN0IENBMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2GwlNhRkXHnNYZgCnwWVUbzIQGbKV1cyk2Wg +VbvCet+v/uVVKDJn5mMvwu9lwMHmd+1NpKW93kwI4lb1aUwgJGSwtL/a+jlv8Gw6 +MizkD2PwVK3R9qvia0TR2W7mZDf7qFufa2CNb6bpqSyoPKawAgABb80UoKzKsOWo +05q6NeR+Z2lt7SR5mop8MPDsOgdnKA/17opoOfSly6F6Jg1r5P5yqWtXxPDexmbM +/LG/+K1IKJHcb7Kj0soNnBUV9GP+2kAmEUCh0cTD1LCdrYVFiWkDVNmD3dBIQN67 +oeNNH0Ak8cDgjhJGGwgvku4ZZWG7FPWFfakuYpIvaY8AJXd61wIDAQABo4IBZjCC +AWIwDgYDVR0PAQH/BAQDAgEGMB8GA1UdJQQYMBYGCCsGAQUFBwMDBgorBgEEAYI3 +PQEBMBIGA1UdEwEB/wQIMAYBAf8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDov +L2NybC5zdGFydHNzbC5jb20vc2ZzY2EuY3JsMGYGCCsGAQUFBwEBBFowWDAkBggr +BgEFBQcwAYYYaHR0cDovL29jc3Auc3RhcnRzc2wuY29tMDAGCCsGAQUFBzAChiRo +dHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9jYS5jcnQwHQYDVR0OBBYEFGZ6 +ns2cc4ZqaaCu+oy7GI8I7NUEMB8GA1UdIwQYMBaAFE4L7xqkQFulF2mHMMo0aEPQ +Qa7yMD8GA1UdIAQ4MDYwNAYEVR0gADAsMCoGCCsGAQUFBwIBFh5odHRwOi8vd3d3 +LnN0YXJ0c3NsLmNvbS9wb2xpY3kwDQYJKoZIhvcNAQELBQADggIBAAsfd/CktuaS +BfVH8XRzpWAat6GYrrqAmfG4ltT6I+nKYwWCCACvlMwhOVPVUZhoAcDg9lO+WBGY +vdmuEeef79MjTcxnK3heW5WbSqO7TDRH4Sl5RkfJxdMornUbwmO9+f27UaeyApNA +U156nWn5/jQu9BqLbAtCAInhJy+ohQrn7YUm9LjI066Bl6M3LDjl25dTJa6QFqEb +Z9AVxbrJm6+MceHup8CLYPK/XDoV4l4c0/+0+Fh1ArptEoMz/8QMXJdj/7ERZoFE +QMMjwPYclW8nynQAhlBq080GIXsB2I9JlUFjCFcGv2fs3A6sWSoBG8eZ5yt1DWEj +BIxS0i68e1FQkqKfonh0lYOe87eWWcquEdiem7hKDMLoOTYoZummdtrE/zHisl2N +aSSKW1h9i6/SjLxSMQ8dkC+WqEaadzarmS9VzQ21eAPkiKkTzHJtesj2d3m4Ss+F +Hh5K+C5HLlo26y4X/9t1wH2UaEwzdXZDItGAAFeHfhPB8FVK8uufBOGoLTq3rqeJ +fLGoD/3yJp3w90Ad9KTJEEww3GTQtVIRN8n8W1Umvom9Y99CBHF6T4vyzqzD9tvg +mvoucIJCNoKGgMWufQJ69GAOyh0wltsU9OhMmTyyA44rUPeZY4CEsvUbvrkMPzTK +3Nf9o45cDnB+lBNPMhv/pI9cdfWcpFjJ +-----END CERTIFICATE----- diff --git a/package.json b/package.json index 01e1022204f..915e6c91618 100644 --- a/package.json +++ b/package.json @@ -106,7 +106,7 @@ "ts-babel": "^0.8.6", "tsconfig-glob": "^0.4.3", "tslint": "next", - "typescript": "^1.9.0-dev.20160504", + "typescript": "1.9.0-dev.20160505", "whitespace": "^2.0.0" }, "babel": { diff --git a/src/codeSign.ts b/src/codeSign.ts index 47b3200bf55..9b8370595d5 100644 --- a/src/codeSign.ts +++ b/src/codeSign.ts @@ -26,7 +26,7 @@ export function generateKeychainName(): string { } export function createKeychain(keychainName: string, cscLink: string, cscKeyPassword: string, cscILink?: string | null, cscIKeyPassword?: string | null, csaLink?: string | null): Promise { - const certLinks = csaLink == null ? ["https://startssl.com/certs/sca.code2.crt", "https://startssl.com/certs/sca.code3.crt"] : [csaLink] + const certLinks = csaLink == null ? [] : [csaLink] certLinks.push(cscLink) if (cscILink != null) { certLinks.push(cscILink) @@ -52,13 +52,19 @@ export function createKeychain(keychainName: string, cscLink: string, cscKeyPass }) } -async function importCerts(keychainName: string, paths: Array, keyPasswords: Array, importAppleCerts: boolean): Promise { - for (let f of paths.slice(0, -keyPasswords.length)) { - await exec("security", ["import", f, "-k", keychainName, "-T", "/usr/bin/codesign"]) +async function importCerts(keychainName: string, paths: Array, keyPasswords: Array, importBundledCerts: boolean): Promise { + const certFiles = paths.slice(0, -keyPasswords.length) + if (importBundledCerts) { + const bundledCertsPath = path.join(__dirname, "..", "certs") + certFiles.push( + path.join(bundledCertsPath, "AppleWWDRCA.cer"), + path.join(bundledCertsPath, "sca.code2.crt"), + path.join(bundledCertsPath, "sca.code3.crt") + ) } - if (importAppleCerts) { - await exec("security", ["import", path.join(__dirname, "..", "certs", "AppleWWDRCA.cer"), "-k", keychainName, "-T", "/usr/bin/codesign"]) + for (let file of certFiles) { + await exec("security", ["import", file, "-k", keychainName, "-T", "/usr/bin/codesign"]) } const namePromises: Array> = [] diff --git a/test/install-linux-dependencies.sh b/test/install-linux-dependencies.sh index 0cfa411fb04..5786533bbb2 100755 --- a/test/install-linux-dependencies.sh +++ b/test/install-linux-dependencies.sh @@ -3,8 +3,6 @@ gem install --no-rdoc --no-ri fpm wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | sudo apt-key add - sudo dpkg --add-architecture i386 - -sudo add-apt-repository ppa:wine/wine-builds -y +sudo add-apt-repository ppa:ubuntu-wine/ppa -y sudo apt-get update - -sudo apt-get install -y winehq-devel \ No newline at end of file +sudo apt-get install wine1.8 -y \ No newline at end of file