releases: Update with new Windows code signing certificate #18425

pull achow101 wants to merge 1 commits into bitcoin:master from achow101:win-cert-3-20 changing 1 files +28 −28
  1. achow101 commented at 8:59 pm on March 24, 2020: member

    The current Windows code signing certificate is about expire (on March 26th 2020). As I have volunteered to take over the Windows code signing duties, I’ve purchased a new Windows code signing certificate with the same CA and under the same organization (Bitcoin Core Code Signing Association).

    A signature by the old certificate over the new certificate has been provided to me. This signature can be verified using

    0openssl cms -verify -inform pem -purpose any -content path/to/new/win-codesign.cert -CAfile path/to/old/win-codesign.cert -certfile path/to/old/win-codesign.cert

    The verification should succeed and the new certificate will be printed out. This can be compared to the contents of win-codesign.cert.

     0-----BEGIN PKCS7-----
 1MIIC3AYJKoZIhvcNAQcCoIICzTCCAskCAQExDzANBglghkgBZQMEAgEFADALBgkq
 2hkiG9w0BBwExggKkMIICoAIBATCBkTB8MQswCQYDVQQGEwJHQjEbMBkGA1UECBMS
 3R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRgwFgYDVQQKEw9T
 4ZWN0aWdvIExpbWl0ZWQxJDAiBgNVBAMTG1NlY3RpZ28gUlNBIENvZGUgU2lnbmlu
 5ZyBDQQIRALWcUnSOxv9FQW3xdaMDO6swDQYJYIZIAWUDBAIBBQCggeQwGAYJKoZI
 6hvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjAwMzI0MjA0ODM3
 7WjAvBgkqhkiG9w0BCQQxIgQgtLkmnuSQyczDlJSnJeqbi61p3iJ/rpFABrY8JWBO
 8o74weQYJKoZIhvcNAQkPMWwwajALBglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsG
 9CWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcN
10AwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAEggEA
11XaCl3Q8HwI9VpLCb9OY9eQh0QOPyl1KWEc3TP3UvwZwR4/gXkfPOKKf19UnS8eRB
1248SgUKRMYWoDYfSVUJRMda9BLkbJbQlHG3LFXhSY2alajpPXEHcMto/XPhVAmqzL
13w6aSNY0Gaorow696JHpetpKqAAlL1r2GjeaPYi2aZyIAifuhay/qwA+ig0SqzGOw
14UdgFZWMyS5yanq8/WlLCCql6kKOzT4tEqUaleD7R1q8BTcG2+fmhWR8WwJLpIV6y
157GAqt0Cocu8sYpTNBNk8iKHxzZ2hMZKJpH9lHZuiJ/9vSercrvDy2R4/MG+KnBWb
16OyiFAt2mC51+63RhLOMJfg==
17-----END PKCS7-----
  2. Update with new Windows code signing certificate 3e0df92bf2
  3. achow101 commented at 9:00 pm on March 24, 2020: member
    If we plan on doing any further 0.19 releases, this will need to be backported to 0.19.
  4. theuni approved
  5. theuni commented at 9:04 pm on March 24, 2020: member

    ACK 3e0df92bf216e1dce05ca9bf14049f2e42783c30.

    Verified that the signature is good :p

    Thanks for volunteering!

  6. fanquake added the label Windows on Mar 24, 2020
  7. laanwj added the label Needs backport (0.19) on Mar 25, 2020
  8. laanwj added this to the milestone 0.20.0 on Mar 25, 2020
  9. laanwj commented at 4:04 pm on March 25, 2020: member

    ACK 3e0df92bf216e1dce05ca9bf14049f2e42783c30

    I have successfully verified the signature;

     0$ git show 3e50fdbe4e5bb98194e88023468bd77dee78b26e:contrib/windeploy/win-codesign.cert > /tmp/old-win-codesign.cert
 1$ git show 3e0df92bf216e1dce05ca9bf14049f2e42783c30:contrib/windeploy/win-codesign.cert > /tmp/new-win-codesign.cert
 2$ openssl cms -verify -inform pem -purpose any -content /tmp/new-win-codesign.cert -CAfile /tmp/old-win-codesign.cert -certfile /tmp/old-win-codesign.cert > /tmp/cert1
 3-----BEGIN PKCS7-----
 4MIIC3AYJKoZIhvcNAQcCoIICzTCCAskCAQExDzANBglghkgBZQMEAgEFADALBgkq
 5hkiG9w0BBwExggKkMIICoAIBATCBkTB8MQswCQYDVQQGEwJHQjEbMBkGA1UECBMS
 6R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRgwFgYDVQQKEw9T
 7ZWN0aWdvIExpbWl0ZWQxJDAiBgNVBAMTG1NlY3RpZ28gUlNBIENvZGUgU2lnbmlu
 8ZyBDQQIRALWcUnSOxv9FQW3xdaMDO6swDQYJYIZIAWUDBAIBBQCggeQwGAYJKoZI
 9hvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjAwMzI0MjA0ODM3
10WjAvBgkqhkiG9w0BCQQxIgQgtLkmnuSQyczDlJSnJeqbi61p3iJ/rpFABrY8JWBO
11o74weQYJKoZIhvcNAQkPMWwwajALBglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsG
12CWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcN
13AwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAEggEA
14XaCl3Q8HwI9VpLCb9OY9eQh0QOPyl1KWEc3TP3UvwZwR4/gXkfPOKKf19UnS8eRB
1548SgUKRMYWoDYfSVUJRMda9BLkbJbQlHG3LFXhSY2alajpPXEHcMto/XPhVAmqzL
16w6aSNY0Gaorow696JHpetpKqAAlL1r2GjeaPYi2aZyIAifuhay/qwA+ig0SqzGOw
17UdgFZWMyS5yanq8/WlLCCql6kKOzT4tEqUaleD7R1q8BTcG2+fmhWR8WwJLpIV6y
187GAqt0Cocu8sYpTNBNk8iKHxzZ2hMZKJpH9lHZuiJ/9vSercrvDy2R4/MG+KnBWb
19OyiFAt2mC51+63RhLOMJfg==
20-----END PKCS7-----
21Verification successful
22$ dos2unix /tmp/cert1
23$ diff -s /tmp/cert1  /tmp/new-win-codesign.cert
24Files /tmp/cert1 and /tmp/new-win-codesign.cert are identical
  10. laanwj merged this on Mar 25, 2020
  11. laanwj closed this on Mar 25, 2020
  12. fanquake referenced this in commit 0d0dd6ae96 on May 20, 2020
  13. fanquake removed the label Needs backport (0.19) on May 20, 2020
  14. MarcoFalke referenced this in commit 28a9df7d76 on Aug 11, 2020
  15. DrahtBot locked this on Feb 15, 2022


achow101 theuni laanwj

Labels
Windows

Milestone
0.20.0

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-11-17 21:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me