up

2025-11-25 22:09:44 +02:00
parent 6bee1fdcf5
commit 9f6e6f7fb3
116 changed files with 4495 additions and 730 deletions
--- a/scripts/sdk/generate-cert.sh
+++ b/scripts/sdk/generate-cert.sh
@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+set -euo pipefail
+# Generates an offline-friendly code-signing certificate (self-signed) for NuGet package signing.
+
+OUT_DIR=${OUT_DIR:-out/sdk-signing}
+SUBJECT=${SUBJECT:-"/CN=StellaOps SDK Signing/O=StellaOps"}
+DAYS=${DAYS:-3650}
+PFX_NAME=${PFX_NAME:-sdk-signing.pfx}
+PASSWORD=${PASSWORD:-""}
+
+mkdir -p "$OUT_DIR"
+
+PRIV="$OUT_DIR/sdk-signing.key"
+CRT="$OUT_DIR/sdk-signing.crt"
+PFX="$OUT_DIR/$PFX_NAME"
+
+openssl req -x509 -newkey rsa:4096 -sha256 -days "$DAYS" \
+  -nodes -subj "$SUBJECT" -keyout "$PRIV" -out "$CRT"
+
+openssl pkcs12 -export -out "$PFX" -inkey "$PRIV" -in "$CRT" -passout pass:"$PASSWORD"
+
+BASE64_PFX=$(base64 < "$PFX" | tr -d '\n')
+
+cat > "$OUT_DIR/README.txt" <<EOF
+PFX file: $PFX
+Password: ${PASSWORD:-<empty>}
+Base64:
+$BASE64_PFX
+Secrets to set:
+  SDK_SIGNING_CERT_B64=$BASE64_PFX
+  SDK_SIGNING_CERT_PASSWORD=$PASSWORD
+EOF
+
+printf "Generated signing cert -> %s (base64 in README)\n" "$PFX"