Skip to content
  • Lukas Reschke's avatar
    Add code integrity check · 49710155
    Lukas Reschke authored
    This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository.
    
    Furthermore, there is a basic implementation to display problems with the code integrity on the update screen.
    
    Code signing basically happens the following way:
    
    - There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release 😉). This certificate is not intended to be used for signing directly and only is used to sign new certificates.
    - Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`,  apps need to be signed with a certificate that either has a CN of `core` (shipped apps!)  or the AppID.
    - The command ...
    49710155