Closed
Bug 1075705
Opened 10 years ago
Closed 10 years ago
install osslsigncode on linux signing machines
Categories
(Release Engineering :: General, defect)
Release Engineering
General
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: bhearsum, Assigned: bhearsum)
References
Details
Attachments
(1 file, 1 obsolete file)
5.55 KB,
patch
|
dustin
:
review+
bhearsum
:
checked-in+
|
Details | Diff | Splinter Review |
https://bugzilla.mozilla.org/show_bug.cgi?id=711210#c15 suggested that that the version in our EPEL repo (1.3.1) doesn't work, but my own tests have it signing without issue. The version may have changed since that comment. In any case, it looks like I won't need to build a new one.
Attachment #8498328 -
Flags: review?(catlee)
Assignee | ||
Comment 1•10 years ago
|
||
Comment on attachment 8498328 [details] [diff] [review] install osslsigncode on linux signing machines Oof. Turns out my original test was done with Mono signcode. Our current version of osslsigncode doesn't seem to be working after all, or I'm doing it wrong. I also noticed that the current version we have doesn't support sha1 hashes (though I don't know what that means in this context). Need to look into this some more - removing review request for now.
Attachment #8498328 -
Flags: review?(catlee)
Assignee | ||
Comment 2•10 years ago
|
||
Comment on attachment 8498328 [details] [diff] [review] install osslsigncode on linux signing machines We definitely need a newer osslsigncode. The latest version available in EPEL only supports DER keys, which cannot be encrypted. The latest version supports PEM and PVK, which means we don't have to do any conversion. It also supports sha1 hashes and some options to pass in the passphrase. Sounds like it's a better thing all around. I need to get it built and uploaded to the Puppet servers, then I'll post a new patch.
Attachment #8498328 -
Attachment is obsolete: true
Assignee | ||
Comment 3•10 years ago
|
||
After much fuss I managed to get the latest osslsigncode (1.7.1) built. I'm having trouble getting it to sign our test.exe file, but I think that's going to be fixable. Once I make sure everything works by hand, I'll get the package ready to deploy.
Assignee | ||
Comment 4•10 years ago
|
||
Woo, signing works fine with an actual Firefox binary - we probably need a 64-bit test binary to use as a test signing file. That doesn't blocking deploying osslsigncode though.
Assignee | ||
Comment 5•10 years ago
|
||
After struggling with osslsigncode's terrible source package, I managed to get this built (needed to rerun aclocal and automake). I was surprised that I needed a custom repo for this, but I guess that's because there's a different version of it in EPEL?
Attachment #8498881 -
Flags: review?(dustin)
Comment 6•10 years ago
|
||
Comment on attachment 8498881 [details] [diff] [review] install osslsigncode on linux signing machines You needed a custom repo because that's the best practice now :)
Attachment #8498881 -
Flags: review?(dustin) → review+
Assignee | ||
Updated•10 years ago
|
Attachment #8498881 -
Flags: checked-in+
Assignee | ||
Updated•10 years ago
|
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Updated•9 years ago
|
QA Contact: pmoore → mshal
You need to log in
before you can comment on or make changes to this bug.
Description
•