CS.txt,update-mscertsign.sh: Add update script for CS.txt now that MS has update CCADB.
This commit is contained in:
parent
1ff5a0a672
commit
92dbb064c5
123
CS.txt
123
CS.txt
@ -1,4 +1,4 @@
|
||||
# Mozilla no longer provides any trust information for code signing, opting only
|
||||
Mozilla no longer provides any trust information for code signing, opting only
|
||||
# to supply VERIFY trust, so that Mozilla neither provides policy, nor removes
|
||||
# the functionality from NSS. The following list of certificate hashes (already
|
||||
# installed as they have TLS trust from Mozilla) are also trusted by Microsoft
|
||||
@ -8,40 +8,101 @@
|
||||
# See https://www.ccadb.org/ for joint efforts between Google, Microsoft, and
|
||||
# Mozilla to create a unified trust store.
|
||||
|
||||
# List current as of 2021-08-07 04:30:00 UTC
|
||||
# List current as of Thu 16 Sep 2021 11:54:54 PM UTC.
|
||||
# Move this list to $SSLDIR and use -i to add code signing trust
|
||||
|
||||
02265526
|
||||
fa5da96b
|
||||
9482e63a
|
||||
e35234b1
|
||||
6869459d
|
||||
31e28f42
|
||||
532c5267
|
||||
a17e7e98
|
||||
06dc52d5
|
||||
40193066
|
||||
0f6fa695
|
||||
6d41d539
|
||||
de6d66f3
|
||||
32888f65
|
||||
42c52aa6
|
||||
0e939519
|
||||
2a8f6cd3
|
||||
5fa25d3d
|
||||
7719f463
|
||||
f51bb24c
|
||||
9816715c
|
||||
40547a79
|
||||
0f5dc4f3
|
||||
5860aaa6
|
||||
08063a00
|
||||
ae1c5a5b
|
||||
c01eb047
|
||||
f0c70a8d
|
||||
0bf05006
|
||||
6fa5da56
|
||||
988a38cb
|
||||
749e9e03
|
||||
d7e8dc79
|
||||
064e0aa9
|
||||
244b5494
|
||||
3513523f
|
||||
4304c5e5
|
||||
442adcac
|
||||
48bec511
|
||||
4a6481c9
|
||||
4bfab552
|
||||
4f316efb
|
||||
5ad8a5d6
|
||||
5cd81ad7
|
||||
607986c7
|
||||
653b494a
|
||||
6b99d060
|
||||
75d1b2ed
|
||||
aee5f10d
|
||||
b1159c4c
|
||||
b7a5b843
|
||||
c28a8a30
|
||||
cbf06781
|
||||
76faf6c0
|
||||
e18bfb83
|
||||
f3377b1b
|
||||
cd58d51e
|
||||
d6325660
|
||||
d7e8dc79
|
||||
dd8e9d41
|
||||
ee64a828
|
||||
ef954a4e
|
||||
f081611a
|
||||
f30dd6ad
|
||||
f3377b1b
|
||||
f387163d
|
||||
f39fc864
|
||||
4bfab552
|
||||
09789157
|
||||
fc5a8f99
|
||||
|
||||
f30dd6ad
|
||||
6b99d060
|
||||
aee5f10d
|
||||
ee64a828
|
||||
930ac5d2
|
||||
653b494a
|
||||
e36a6752
|
||||
e113c810
|
||||
ef954a4e
|
||||
02265526
|
||||
106f3e4d
|
||||
442adcac
|
||||
48bec511
|
||||
c47d9980
|
||||
76cb8f92
|
||||
eed8c118
|
||||
b1159c4c
|
||||
9d04f354
|
||||
3513523f
|
||||
607986c7
|
||||
dd8e9d41
|
||||
244b5494
|
||||
75d1b2ed
|
||||
7f3d5d1d
|
||||
f081611a
|
||||
cbf06781
|
||||
1636090b
|
||||
a8e3405a
|
||||
062cdee6
|
||||
5ad8a5d6
|
||||
1d3472b9
|
||||
dc4d6a89
|
||||
8160b96c
|
||||
b66938e9
|
||||
f39fc864
|
||||
4f316efb
|
||||
9b5697b0
|
||||
f249de83
|
||||
d887a5bb
|
||||
5273a94c
|
||||
57bcb2da
|
||||
706f604c
|
||||
c1ddac89
|
||||
5e98733a
|
||||
67e4ca4b
|
||||
14bc7599
|
||||
bc1f461c
|
||||
4b718d9b
|
||||
fe22bb9d
|
||||
c1223238
|
||||
9ccd262b
|
||||
1c3b872e
|
||||
a4596d83
|
||||
|
33
update-mscertsign.sh
Normal file
33
update-mscertsign.sh
Normal file
@ -0,0 +1,33 @@
|
||||
#!/bin/bash
|
||||
# Simple script to use Microsoft code signing trust from CCADB
|
||||
|
||||
CSURL="https://ccadb-public.secure.force.com/microsoft/IncludedRootsPEMTxtForMSFT?MicrosoftEKUs=Code%20Signing"
|
||||
|
||||
rm -f mscertsign.txt CS.txt
|
||||
wget -O mscertsign.txt ${CSURL}
|
||||
|
||||
echo " Mozilla no longer provides any trust information for code signing, opting only
|
||||
# to supply VERIFY trust, so that Mozilla neither provides policy, nor removes
|
||||
# the functionality from NSS. The following list of certificate hashes (already
|
||||
# installed as they have TLS trust from Mozilla) are also trusted by Microsoft
|
||||
# for code signing. The Microsoft Trusted Root Certificate Program's inclusion
|
||||
# policy is available for review at:
|
||||
# https://docs.microsoft.com/en-us/security/trusted-root/program-requirements.
|
||||
# See https://www.ccadb.org/ for joint efforts between Google, Microsoft, and
|
||||
# Mozilla to create a unified trust store.
|
||||
" > CS.txt
|
||||
|
||||
date=`date -u`
|
||||
echo "# List current as of ${date}." >> CS.txt
|
||||
echo -e "# Move this list to \$SSLDIR and use -i to add code signing trust\n" \
|
||||
>> CS.txt
|
||||
|
||||
startlist=`grep -n "^-----BEGIN" mscertsign.txt | cut -d ":" -f 1`
|
||||
for certbegin in ${startlist}; do
|
||||
awk "NR==$certbegin,/^-----END CERTIFICATE-----/" mscertsign.txt \
|
||||
> ${certbegin}.crt
|
||||
openssl x509 -noout -in ${certbegin}.crt -hash >> CS.txt
|
||||
rm ${certbegin}.crt
|
||||
done
|
||||
rm -r mscertsign.txt
|
||||
|
Loading…
Reference in New Issue
Block a user