Bug 1531165: Use sha2 hashes for authenticode signing r=aki
authorChris AtLee <catlee@mozilla.com>
Tue, 12 Mar 2019 21:12:39 +0000
changeset 8469 8b59e64ffde0d09d02729e49cc8a5b136fb8815a
parent 8468 9de2fa1c4b0e65f60d23fae79c848cf6ff86f0bc
child 8470 e7cfca9a2b6e63c38aa6f65042b3eeb54b7fa9f1
push id6192
push usercatlee@mozilla.com
push dateThu, 14 Mar 2019 15:53:01 +0000
reviewersaki
bugs1531165
Bug 1531165: Use sha2 hashes for authenticode signing r=aki Differential Revision: https://phabricator.services.mozilla.com/D22133
lib/python/signing/utils.py
--- a/lib/python/signing/utils.py
+++ b/lib/python/signing/utils.py
@@ -82,23 +82,23 @@ def osslsigncode_signfile(inputfile, out
     if fake:
         time.sleep(1)
         return
 
     stdout = tempfile.TemporaryFile()
     args = [
         '-certs', '%s/MozAuthenticode.spc' % keydir,
         '-key', '%s/MozAuthenticode.pvk' % keydir,
-        '-i', 'http://www.mozilla.com',
-        '-h', 'sha1',
+        '-i', 'https://www.mozilla.com',
+        '-h', 'sha2',
         '-in', inputfile,
         '-out', outputfile,
     ]
     if timestamp:
-        args.extend(['-t', 'http://timestamp.verisign.com/scripts/timestamp.dll'])
+        args.extend(['-ts', 'http://timestamp.digicert.com'])
     # requires osslsigncode >= 1.6
     if includedummycert:
         args.extend(['-ac', '%s/StubDummy.cert' % keydir])
 
     try:
         import pexpect
         proc = pexpect.spawn('osslsigncode', args)
         # We use logfile_read because we only want stdout/stderr, _not_ stdin.