stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
main
git.stella-ops.org/scripts/sdk/generate-cert.sh
StellaOps Bot 9f6e6f7fb3
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Signals CI & Image / signals-ci (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Policy Simulation / policy-simulate (push) Has been cancelled
Details
SDK Publish & Sign / sdk-publish (push) Has been cancelled
Details
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
devportal-offline / build-offline (push) Has been cancelled
Details
up
2025-11-25 22:09:44 +02:00

35 lines
932 B
Bash
Raw Permalink Blame History

#!/usr/bin/env bash
set -euo pipefail
# Generates an offline-friendly code-signing certificate (self-signed) for NuGet package signing.
OUT_DIR=${OUT_DIR:-out/sdk-signing}
SUBJECT=${SUBJECT:-"/CN=StellaOps SDK Signing/O=StellaOps"}
DAYS=${DAYS:-3650}
PFX_NAME=${PFX_NAME:-sdk-signing.pfx}
PASSWORD=${PASSWORD:-""}
mkdir -p "$OUT_DIR"
PRIV="$OUT_DIR/sdk-signing.key"
CRT="$OUT_DIR/sdk-signing.crt"
PFX="$OUT_DIR/$PFX_NAME"
openssl req -x509 -newkey rsa:4096 -sha256 -days "$DAYS" \
-nodes -subj "$SUBJECT" -keyout "$PRIV" -out "$CRT"
openssl pkcs12 -export -out "$PFX" -inkey "$PRIV" -in "$CRT" -passout pass:"$PASSWORD"
BASE64_PFX=$(base64 < "$PFX" | tr -d '\n')
cat > "$OUT_DIR/README.txt" <<EOF
PFX file: $PFX
Password: ${PASSWORD:-<empty>}
Base64:
$BASE64_PFX
Secrets to set:
SDK_SIGNING_CERT_B64=$BASE64_PFX
SDK_SIGNING_CERT_PASSWORD=$PASSWORD
EOF
printf "Generated signing cert -> %s (base64 in README)\n" "$PFX"
Reference in New Issue View Git Blame Copy Permalink