releases: Update with new Windows code signing certificate #18425
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
If we plan on doing any further 0.19 releases, this will need to be backported to 0.19. |
|
ACK 3e0df92 I have successfully verified the signature; $ git show 3e50fdbe4e5bb98194e88023468bd77dee78b26e:contrib/windeploy/win-codesign.cert > /tmp/old-win-codesign.cert
$ git show 3e0df92bf216e1dce05ca9bf14049f2e42783c30:contrib/windeploy/win-codesign.cert > /tmp/new-win-codesign.cert
$ openssl cms -verify -inform pem -purpose any -content /tmp/new-win-codesign.cert -CAfile /tmp/old-win-codesign.cert -certfile /tmp/old-win-codesign.cert > /tmp/cert1
-----BEGIN PKCS7-----
MIIC3AYJKoZIhvcNAQcCoIICzTCCAskCAQExDzANBglghkgBZQMEAgEFADALBgkq
hkiG9w0BBwExggKkMIICoAIBATCBkTB8MQswCQYDVQQGEwJHQjEbMBkGA1UECBMS
R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRgwFgYDVQQKEw9T
ZWN0aWdvIExpbWl0ZWQxJDAiBgNVBAMTG1NlY3RpZ28gUlNBIENvZGUgU2lnbmlu
ZyBDQQIRALWcUnSOxv9FQW3xdaMDO6swDQYJYIZIAWUDBAIBBQCggeQwGAYJKoZI
hvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjAwMzI0MjA0ODM3
WjAvBgkqhkiG9w0BCQQxIgQgtLkmnuSQyczDlJSnJeqbi61p3iJ/rpFABrY8JWBO
o74weQYJKoZIhvcNAQkPMWwwajALBglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsG
CWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcN
AwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAEggEA
XaCl3Q8HwI9VpLCb9OY9eQh0QOPyl1KWEc3TP3UvwZwR4/gXkfPOKKf19UnS8eRB
48SgUKRMYWoDYfSVUJRMda9BLkbJbQlHG3LFXhSY2alajpPXEHcMto/XPhVAmqzL
w6aSNY0Gaorow696JHpetpKqAAlL1r2GjeaPYi2aZyIAifuhay/qwA+ig0SqzGOw
UdgFZWMyS5yanq8/WlLCCql6kKOzT4tEqUaleD7R1q8BTcG2+fmhWR8WwJLpIV6y
7GAqt0Cocu8sYpTNBNk8iKHxzZ2hMZKJpH9lHZuiJ/9vSercrvDy2R4/MG+KnBWb
OyiFAt2mC51+63RhLOMJfg==
-----END PKCS7-----
Verification successful
$ dos2unix /tmp/cert1
$ diff -s /tmp/cert1 /tmp/new-win-codesign.cert
Files /tmp/cert1 and /tmp/new-win-codesign.cert are identical |
fanquake
pushed a commit
to fanquake/bitcoin
that referenced
this pull request
May 20, 2020
Github-Pull: bitcoin#18425 Rebased-From: 3e0df92
Merged
maflcko
pushed a commit
that referenced
this pull request
Aug 11, 2020
be95147 Updated appveyor job to checkout a specific vcpkg commit ID. (Aaron Clauson) 1fd9cd2 appveyor: Remove clcache (MarcoFalke) 8c0a959 Remove cached directories and associated script blocks from appveyor CI configuration. (Aaron Clauson) d70f700 lint: fix shellcheck URL in CI install (fanquake) f8f7d91 test: remove Cirrus CI FreeBSD job (fanquake) b7e16a8 Add missing QPainterPath include (Andrew Chow) 30a2814 gui: Avoid Wallet::GetBalance in WalletModel::pollBalanceChanged (João Barbosa) 0d87a5b QA: feature_segwit: Check that template "rules" includes "!segwit" as appropriate (Luke Dashjr) bde6a5a Bugfix: Include "csv","!segwit" in "rules" (Luke Dashjr) e422f65 build: Set libevent minimum version to 2.0.21 (Hennadii Stepanov) 0d0dd6a Update with new Windows code signing certificate (Andrew Chow) Pull request description: Backports the following to the 0.19 branch: * #17946 - Fix GBT: Restore "!segwit" and "csv" to "rules" key * #18160 - gui: Avoid Wallet::GetBalance in WalletModel::pollBalanceChanged * #18425 - releases: Update with new Windows code signing certificate * #18676 - build: Check libevent minimum version in configure script * #19097 - qt: Add missing QPainterPath include (as per #19510) * #18640 - appveyor: Remove clcache * #19444 - test: Remove cached directories and associated script blocks from appveyor config * #19612 - lint: fix shellcheck URL in CI install * #18001 - Updated appveyor job to checkout a specific vcpkg commit ID Closes: #19510. ACKs for top commit: jnewbery: ACK be95147 MarcoFalke: cherry-pick ACK be95147 🌎 Tree-SHA512: 2ec7e3ae1da99799ff6f8cfe26095d6885cffe6952b18a7e236dc5e657b3918225c2601b8c8e17cdff5319c40cb0a214d9fad49b0ff2f54af1db7c81d83a1df5
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The current Windows code signing certificate is about expire (on March 26th 2020). As I have volunteered to take over the Windows code signing duties, I've purchased a new Windows code signing certificate with the same CA and under the same organization (Bitcoin Core Code Signing Association).
A signature by the old certificate over the new certificate has been provided to me. This signature can be verified using
The verification should succeed and the new certificate will be printed out. This can be compared to the contents of
win-codesign.cert.