releases: Update with new Windows code signing certificate #18425

pull achow101 wants to merge 1 commits into bitcoin:master from achow101:win-cert-3-20 changing 1 files +28 −28
  1. achow101 commented at 8:59 pm on March 24, 2020: member

    The current Windows code signing certificate is about expire (on March 26th 2020). As I have volunteered to take over the Windows code signing duties, I’ve purchased a new Windows code signing certificate with the same CA and under the same organization (Bitcoin Core Code Signing Association).

    A signature by the old certificate over the new certificate has been provided to me. This signature can be verified using

    0openssl cms -verify -inform pem -purpose any -content path/to/new/win-codesign.cert -CAfile path/to/old/win-codesign.cert -certfile path/to/old/win-codesign.cert
    

    The verification should succeed and the new certificate will be printed out. This can be compared to the contents of win-codesign.cert.

     0-----BEGIN PKCS7-----
     1MIIC3AYJKoZIhvcNAQcCoIICzTCCAskCAQExDzANBglghkgBZQMEAgEFADALBgkq
     2hkiG9w0BBwExggKkMIICoAIBATCBkTB8MQswCQYDVQQGEwJHQjEbMBkGA1UECBMS
     3R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRgwFgYDVQQKEw9T
     4ZWN0aWdvIExpbWl0ZWQxJDAiBgNVBAMTG1NlY3RpZ28gUlNBIENvZGUgU2lnbmlu
     5ZyBDQQIRALWcUnSOxv9FQW3xdaMDO6swDQYJYIZIAWUDBAIBBQCggeQwGAYJKoZI
     6hvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjAwMzI0MjA0ODM3
     7WjAvBgkqhkiG9w0BCQQxIgQgtLkmnuSQyczDlJSnJeqbi61p3iJ/rpFABrY8JWBO
     8o74weQYJKoZIhvcNAQkPMWwwajALBglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsG
     9CWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcN
    10AwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAEggEA
    11XaCl3Q8HwI9VpLCb9OY9eQh0QOPyl1KWEc3TP3UvwZwR4/gXkfPOKKf19UnS8eRB
    1248SgUKRMYWoDYfSVUJRMda9BLkbJbQlHG3LFXhSY2alajpPXEHcMto/XPhVAmqzL
    13w6aSNY0Gaorow696JHpetpKqAAlL1r2GjeaPYi2aZyIAifuhay/qwA+ig0SqzGOw
    14UdgFZWMyS5yanq8/WlLCCql6kKOzT4tEqUaleD7R1q8BTcG2+fmhWR8WwJLpIV6y
    157GAqt0Cocu8sYpTNBNk8iKHxzZ2hMZKJpH9lHZuiJ/9vSercrvDy2R4/MG+KnBWb
    16OyiFAt2mC51+63RhLOMJfg==
    17-----END PKCS7-----
    
  2. Update with new Windows code signing certificate 3e0df92bf2
  3. achow101 commented at 9:00 pm on March 24, 2020: member
    If we plan on doing any further 0.19 releases, this will need to be backported to 0.19.
  4. theuni approved
  5. theuni commented at 9:04 pm on March 24, 2020: member

    ACK 3e0df92bf216e1dce05ca9bf14049f2e42783c30.

    Verified that the signature is good :p

    Thanks for volunteering!

  6. fanquake added the label Windows on Mar 24, 2020
  7. laanwj added the label Needs backport (0.19) on Mar 25, 2020
  8. laanwj added this to the milestone 0.20.0 on Mar 25, 2020
  9. laanwj commented at 4:04 pm on March 25, 2020: member

    ACK 3e0df92bf216e1dce05ca9bf14049f2e42783c30

    I have successfully verified the signature;

     0$ git show 3e50fdbe4e5bb98194e88023468bd77dee78b26e:contrib/windeploy/win-codesign.cert > /tmp/old-win-codesign.cert
     1$ git show 3e0df92bf216e1dce05ca9bf14049f2e42783c30:contrib/windeploy/win-codesign.cert > /tmp/new-win-codesign.cert
     2$ openssl cms -verify -inform pem -purpose any -content /tmp/new-win-codesign.cert -CAfile /tmp/old-win-codesign.cert -certfile /tmp/old-win-codesign.cert > /tmp/cert1
     3-----BEGIN PKCS7-----
     4MIIC3AYJKoZIhvcNAQcCoIICzTCCAskCAQExDzANBglghkgBZQMEAgEFADALBgkq
     5hkiG9w0BBwExggKkMIICoAIBATCBkTB8MQswCQYDVQQGEwJHQjEbMBkGA1UECBMS
     6R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRgwFgYDVQQKEw9T
     7ZWN0aWdvIExpbWl0ZWQxJDAiBgNVBAMTG1NlY3RpZ28gUlNBIENvZGUgU2lnbmlu
     8ZyBDQQIRALWcUnSOxv9FQW3xdaMDO6swDQYJYIZIAWUDBAIBBQCggeQwGAYJKoZI
     9hvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjAwMzI0MjA0ODM3
    10WjAvBgkqhkiG9w0BCQQxIgQgtLkmnuSQyczDlJSnJeqbi61p3iJ/rpFABrY8JWBO
    11o74weQYJKoZIhvcNAQkPMWwwajALBglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsG
    12CWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcN
    13AwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAEggEA
    14XaCl3Q8HwI9VpLCb9OY9eQh0QOPyl1KWEc3TP3UvwZwR4/gXkfPOKKf19UnS8eRB
    1548SgUKRMYWoDYfSVUJRMda9BLkbJbQlHG3LFXhSY2alajpPXEHcMto/XPhVAmqzL
    16w6aSNY0Gaorow696JHpetpKqAAlL1r2GjeaPYi2aZyIAifuhay/qwA+ig0SqzGOw
    17UdgFZWMyS5yanq8/WlLCCql6kKOzT4tEqUaleD7R1q8BTcG2+fmhWR8WwJLpIV6y
    187GAqt0Cocu8sYpTNBNk8iKHxzZ2hMZKJpH9lHZuiJ/9vSercrvDy2R4/MG+KnBWb
    19OyiFAt2mC51+63RhLOMJfg==
    20-----END PKCS7-----
    21Verification successful
    22$ dos2unix /tmp/cert1
    23$ diff -s /tmp/cert1  /tmp/new-win-codesign.cert
    24Files /tmp/cert1 and /tmp/new-win-codesign.cert are identical
    
  10. laanwj merged this on Mar 25, 2020
  11. laanwj closed this on Mar 25, 2020

  12. fanquake referenced this in commit 0d0dd6ae96 on May 20, 2020
  13. fanquake removed the label Needs backport (0.19) on May 20, 2020
  14. MarcoFalke referenced this in commit 28a9df7d76 on Aug 11, 2020
  15. DrahtBot locked this on Feb 15, 2022


achow101 theuni laanwj

Labels
Windows

Milestone
0.20.0


github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-19 06:12 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me