summaryrefslogtreecommitdiffstats
path: root/tools/update-verify/release/mar_certs
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 01:47:29 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 01:47:29 +0000
commit0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d (patch)
treea31f07c9bcca9d56ce61e9a1ffd30ef350d513aa /tools/update-verify/release/mar_certs
parentInitial commit. (diff)
downloadfirefox-esr-upstream/115.8.0esr.tar.xz
firefox-esr-upstream/115.8.0esr.zip
Adding upstream version 115.8.0esr.upstream/115.8.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'tools/update-verify/release/mar_certs')
-rw-r--r--tools/update-verify/release/mar_certs/README29
-rw-r--r--tools/update-verify/release/mar_certs/dep1.derbin0 -> 1225 bytes
-rw-r--r--tools/update-verify/release/mar_certs/dep2.derbin0 -> 1225 bytes
-rw-r--r--tools/update-verify/release/mar_certs/nightly_aurora_level3_primary.derbin0 -> 1225 bytes
-rw-r--r--tools/update-verify/release/mar_certs/nightly_aurora_level3_secondary.derbin0 -> 1225 bytes
-rw-r--r--tools/update-verify/release/mar_certs/release_primary.derbin0 -> 1225 bytes
-rw-r--r--tools/update-verify/release/mar_certs/release_secondary.derbin0 -> 1225 bytes
-rw-r--r--tools/update-verify/release/mar_certs/sha1/dep1.derbin0 -> 709 bytes
-rw-r--r--tools/update-verify/release/mar_certs/sha1/dep2.derbin0 -> 713 bytes
-rw-r--r--tools/update-verify/release/mar_certs/sha1/release_primary.derbin0 -> 709 bytes
-rw-r--r--tools/update-verify/release/mar_certs/sha1/release_secondary.derbin0 -> 713 bytes
-rw-r--r--tools/update-verify/release/mar_certs/xpcshellCertificate.derbin0 -> 1189 bytes
12 files changed, 29 insertions, 0 deletions
diff --git a/tools/update-verify/release/mar_certs/README b/tools/update-verify/release/mar_certs/README
new file mode 100644
index 0000000000..dd931ef1d3
--- /dev/null
+++ b/tools/update-verify/release/mar_certs/README
@@ -0,0 +1,29 @@
+These certificates are imported from mozilla-central (https://hg.mozilla.org/mozilla-central/file/tip/toolkit/mozapps/update/updater)
+and used to support staging update verify jobs. These jobs end up replacing the certificates within the binaries
+(through a binary search and replace), and must all be the same length for this to work correctly. If we recreate
+these certificates, and the resulting public certificates are not the same length anymore, the commonName may be
+changed to line them up again. https://github.com/google/der-ascii is a useful tool for doing this. For example:
+
+To convert the certificate to ascii:
+der2ascii -i dep1.der -o dep1.ascii
+
+Then use your favourite editor to change the commonName field. That block will look something like:
+ SEQUENCE {
+ SET {
+ SEQUENCE {
+ # commonName
+ OBJECT_IDENTIFIER { 2.5.4.3 }
+ PrintableString { "CI MAR signing key 1" }
+ }
+ }
+ }
+
+You can pad the PrintableString with spaces to increase the length of the cert (1 space = 1 byte).
+
+Then, convert back to der:
+ascii2der -i dep1.ascii -o newdep1.der
+
+The certificats in the sha1 subdirectory are from
+https://hg.mozilla.org/mozilla-central/file/0fcbe72581bc/toolkit/mozapps/update/updater
+which are the SHA-1 certs from before they where updated in Bug 1105689. They only include the release
+certs, since the nightly certs are different length, and we only care about updates from old ESRs.
diff --git a/tools/update-verify/release/mar_certs/dep1.der b/tools/update-verify/release/mar_certs/dep1.der
new file mode 100644
index 0000000000..5320f41dfa
--- /dev/null
+++ b/tools/update-verify/release/mar_certs/dep1.der
Binary files differ
diff --git a/tools/update-verify/release/mar_certs/dep2.der b/tools/update-verify/release/mar_certs/dep2.der
new file mode 100644
index 0000000000..f3eb568425
--- /dev/null
+++ b/tools/update-verify/release/mar_certs/dep2.der
Binary files differ
diff --git a/tools/update-verify/release/mar_certs/nightly_aurora_level3_primary.der b/tools/update-verify/release/mar_certs/nightly_aurora_level3_primary.der
new file mode 100644
index 0000000000..44fd95dcff
--- /dev/null
+++ b/tools/update-verify/release/mar_certs/nightly_aurora_level3_primary.der
Binary files differ
diff --git a/tools/update-verify/release/mar_certs/nightly_aurora_level3_secondary.der b/tools/update-verify/release/mar_certs/nightly_aurora_level3_secondary.der
new file mode 100644
index 0000000000..90f8e6e82c
--- /dev/null
+++ b/tools/update-verify/release/mar_certs/nightly_aurora_level3_secondary.der
Binary files differ
diff --git a/tools/update-verify/release/mar_certs/release_primary.der b/tools/update-verify/release/mar_certs/release_primary.der
new file mode 100644
index 0000000000..1d94f88ad7
--- /dev/null
+++ b/tools/update-verify/release/mar_certs/release_primary.der
Binary files differ
diff --git a/tools/update-verify/release/mar_certs/release_secondary.der b/tools/update-verify/release/mar_certs/release_secondary.der
new file mode 100644
index 0000000000..474706c4b7
--- /dev/null
+++ b/tools/update-verify/release/mar_certs/release_secondary.der
Binary files differ
diff --git a/tools/update-verify/release/mar_certs/sha1/dep1.der b/tools/update-verify/release/mar_certs/sha1/dep1.der
new file mode 100644
index 0000000000..ec8ce6184d
--- /dev/null
+++ b/tools/update-verify/release/mar_certs/sha1/dep1.der
Binary files differ
diff --git a/tools/update-verify/release/mar_certs/sha1/dep2.der b/tools/update-verify/release/mar_certs/sha1/dep2.der
new file mode 100644
index 0000000000..4d0f244df2
--- /dev/null
+++ b/tools/update-verify/release/mar_certs/sha1/dep2.der
Binary files differ
diff --git a/tools/update-verify/release/mar_certs/sha1/release_primary.der b/tools/update-verify/release/mar_certs/sha1/release_primary.der
new file mode 100644
index 0000000000..11417c35e7
--- /dev/null
+++ b/tools/update-verify/release/mar_certs/sha1/release_primary.der
Binary files differ
diff --git a/tools/update-verify/release/mar_certs/sha1/release_secondary.der b/tools/update-verify/release/mar_certs/sha1/release_secondary.der
new file mode 100644
index 0000000000..16a7ef6d91
--- /dev/null
+++ b/tools/update-verify/release/mar_certs/sha1/release_secondary.der
Binary files differ
diff --git a/tools/update-verify/release/mar_certs/xpcshellCertificate.der b/tools/update-verify/release/mar_certs/xpcshellCertificate.der
new file mode 100644
index 0000000000..ea1fd47faa
--- /dev/null
+++ b/tools/update-verify/release/mar_certs/xpcshellCertificate.der
Binary files differ