Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CHEF-5815: Update signing of all msi packages with new cli tool - smctl #1128

Merged
merged 20 commits into from
Sep 22, 2023
Merged

CHEF-5815: Update signing of all msi packages with new cli tool - smctl #1128

merged 20 commits into from
Sep 22, 2023

Conversation

ahasunos
Copy link
Collaborator

@ahasunos ahasunos commented Sep 13, 2023
edited by sean-simmons-progress
Loading

Description

This PR attempts at making changes to the cli tool used for signing the msi packages.

The main reason for this change is that all Code Signing EV certificates must now have a HSM to store their private keys.

https://cabforum.org/baseline-requirements-code-signing/

https://knowledge.digicert.com/alerts/code-signings-new-private-key-storage-requirement.html

Maintainers

Please ensure that you check for:

  • If this change impacts git cache validity, it bumps the git cache
    serial number
  • If this change impacts compatibility with omnibus-software, the
    corresponding change is reviewed and there is a release plan
  • If this change impacts compatibility with the omnibus cookbook, the
    corresponding change is reviewed and there is a release plan

@ahasunos ahasunos requested review from a team as code owners September 13, 2023 13:39
@ahasunos ahasunos changed the title Attempt at using a new cli tool for signing all msi packages [WIP] Attempt at using a new cli tool for signing all msi packages Sep 13, 2023
@ahasunos ahasunos force-pushed the ss/update-signing-cli-tool branch from 8522782 to 9b3c8f2 Compare September 13, 2023 17:28
sean-simmons-progress and others added 9 commits September 13, 2023 20:02
@sean-simmons-progress
testing patch here, trying to remove +
fad5ed4 
Signed-off-by: Sean Simmons <[email protected]>
@sean-simmons-progress
reverting this change, it did not remove the + in the file name
993aed2 
Signed-off-by: Sean Simmons <[email protected]>
@ahasunos
HACK: Temporary workaround to remove '+' from package name; causing s…
db439e4 
…igning to fail

Signed-off-by: Sonu Saha <[email protected]>
@ahasunos
REVERT changes made to subsituting + with _
806826c 
Signed-off-by: Sonu Saha <[email protected]>
@ahasunos
Update semver to include '_' instead of '+'
a03e03b 
Signed-off-by: Sonu Saha <[email protected]>
@ahasunos
CHORE: Add temporary logs & change + to _
10269ea 
Signed-off-by: Sonu Saha <[email protected]>
@sean-simmons-progress
changing from _ to -
e8d08c5 
Signed-off-by: Sean Simmons <[email protected]>
@sean-simmons-progress
changing from _ to -
2546a1d 
Signed-off-by: Sean Simmons <[email protected]>
@sean-simmons-progress
changing from _ to -
2fef25c 
Signed-off-by: Sean Simmons <[email protected]>
@sean-simmons-progress sean-simmons-progress mentioned this pull request Sep 14, 2023
Closed
3 tasks
@ahasunos ahasunos changed the title [WIP] Attempt at using a new cli tool for signing all msi packages CHEF-5815: Update signing of all msi packages with new cli tool - smctl Sep 14, 2023
sean-simmons-progress
sean-simmons-progress requested changes Sep 14, 2023
View reviewed changes
Copy link
Collaborator

@sean-simmons-progress sean-simmons-progress left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just allowing folks time to review this PR ~

marcparadise
marcparadise requested changes Sep 18, 2023
View reviewed changes
lib/omnibus/build_version.rb Outdated Show resolved Hide resolved
lib/omnibus/build_version_dsl.rb Outdated Show resolved Hide resolved
lib/omnibus/build_version_dsl.rb Show resolved Hide resolved
lib/omnibus/packagers/windows_base.rb Outdated Show resolved Hide resolved
lib/omnibus/packagers/windows_base.rb Show resolved Hide resolved
lib/omnibus/packagers/windows_base.rb Show resolved Hide resolved
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 1 Code Smell

No Coverage information No Coverage information
0.0% 0.0% Duplication

@sean-simmons-progress sean-simmons-progress merged commit ad5e90b into main Sep 22, 2023
@sean-simmons-progress sean-simmons-progress deleted the ss/update-signing-cli-tool branch September 22, 2023 14:37
@tpowell-progress tpowell-progress mentioned this pull request Oct 17, 2023
Merged
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tpowell-progress tpowell-progress tpowell-progress approved these changes

@marcparadise marcparadise marcparadise approved these changes

@sean-simmons-progress sean-simmons-progress sean-simmons-progress approved these changes

@johnmccrae johnmccrae Awaiting requested review from johnmccrae

@vkarve-chef vkarve-chef Awaiting requested review from vkarve-chef

@PrajaktaPurohit PrajaktaPurohit Awaiting requested review from PrajaktaPurohit

@neha-p6 neha-p6 Awaiting requested review from neha-p6

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ahasunos @marcparadise @tpowell-progress @sean-simmons-progress