Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Embed the Apple root and intermediate certificates directly into quill #8

Closed
wagoodman opened this issue Oct 16, 2022 · 0 comments · Fixed by #34
Closed

Embed the Apple root and intermediate certificates directly into quill #8

wagoodman opened this issue Oct 16, 2022 · 0 comments · Fixed by #34
Assignees
Labels
enhancement New feature or request

Comments

@wagoodman
Copy link
Contributor

Today we require that users run quill attach-chain <p12> to craft a new p12 file that has the full cert chain for use in signing. Without this signing verification will fail. Another way to do this is to bake the Apple certs directly into quill such that the full chain (if it does not already exist in the p12) could be looked up at runtime.

The codesign utility does something like this by looking up the remaining certs in the chain in the system keychain. This won't be possible for all end users of quill since they may not be running on a mac (there is no reason to assume that apple root certs will be on a linux box, for instance).

@wagoodman wagoodman added the question Further information is requested label Oct 16, 2022
@wagoodman wagoodman self-assigned this Apr 8, 2023
@wagoodman wagoodman added enhancement New feature or request and removed question Further information is requested labels Apr 8, 2023
@wagoodman wagoodman changed the title Should we bake the root Apple certs directly into quill? Embed the Apple root and intermediate certificates directly into quill Apr 11, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant