webnet/tailscale
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

{cmd/dist,release/dist}: add support for intermediary QNAP signing certificates

Browse Source 
Updates #23528

Signed-off-by: Percy Wegmann <percy@tailscale.com>
This commit is contained in:
Percy Wegmann
2025-08-15 15:45:17 -05:00
committed by Percy Wegmann
parent 6006bc92b5
commit 192fa6f05d
4 changed files with 31 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files
release/dist/qnap/files/scripts/sign-qpkg.sh
Vendored
+5 -2
View File
@@ -24,7 +24,9 @@ MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEtfLbXkHUVc9oUPTNyaEK3hIwmuGRoTtd
-----END PUBLIC KEY-----" > pkcs11-release-signing-key.pem
openssl dgst -sha384 -verify pkcs11-release-signing-key.pem -signature "$PKCS11_MODULE_PATH.sig" "$PKCS11_MODULE_PATH"
echo "$QNAP_SIGNING_CERT_BASE64" | base64 --decode > cert.crt
echo "$QNAP_SIGNING_CERT_BASE64" | base64 --decode > signer.pem
echo "$QNAP_SIGNING_CERT_INTERMEDIARIES_BASE64" | base64 --decode > certs.pem
openssl cms \
-sign \
@@ -35,6 +37,7 @@ openssl cms \
-inkey "pkcs11:object=$QNAP_SIGNING_KEY_NAME" \
-keyopt rsa_padding_mode:pss \
-keyopt rsa_pss_saltlen:digest \
-signer cert.crt \
-signer signer.pem \
-certfile certs.pem \
-in "$1" \
-out -