actions/runner-images
1
0
Fork 0
mirror of https://github.com/actions/runner-images.git synced 2025-12-24 10:28:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

[macOS] Add DeveloperIDG2CA.cer certificate (#5044)

Browse Source 
* Add DeveloperIDG2CA.cer certificate

* Update certificate test
This commit is contained in:
Aleksandr Chebotov
2022-02-09 10:34:31 +03:00
committed by GitHub
parent 404da76e17
commit a9fba6b110
2 changed files with 28 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
images/macos/provision/configuration/configure-machine.sh
View File

@@ -30,16 +30,30 @@ defaults write com.apple.VoiceOver4/default SCREnableAppleScript -bool YES
# Rotate the certificate before expiration to ensure your apps are installed and signed with an active certificate.
# Confirm that the correct intermediate certificate is installed by verifying the expiration date is set to 2030.
# sudo security delete-certificate -Z FF6797793A3CD798DC5B2ABEF56F73EDC9F83A64 /Library/Keychains/System.keychain
curl https://www.apple.com/certificateauthority/AppleWWDRCAG3.cer --output $HOME/AppleWWDRCAG3.cer --silent
# Big Sur requires user interaction to add a cert https://developer.apple.com/forums/thread/671582, we need to use a workaround with SecItemAdd swift method
if is_Catalina; then
sudo security add-trusted-cert -d -r unspecified -k /Library/Keychains/System.keychain $HOME/AppleWWDRCAG3.cer
else
swiftc $HOME/image-generation/add-certificate.swift
sudo ./add-certificate $HOME/AppleWWDRCAG3.cer
rm add-certificate
if ! is_Catalina; then
swiftc "${HOME}/image-generation/add-certificate.swift"
fi
rm $HOME/AppleWWDRCAG3.cer
certs=(
AppleWWDRCAG3.cer
DeveloperIDG2CA.cer
)
for cert in ${certs[@]}; do
echo "Adding ${cert} certificate"
cert_path="${HOME}/${cert}"
curl "https://www.apple.com/certificateauthority/${cert}" --output ${cert_path} --silent
if is_Catalina; then
sudo security add-trusted-cert -d -r unspecified -k /Library/Keychains/System.keychain ${cert_path}
else
sudo ./add-certificate ${cert_path}
fi
rm ${cert_path}
done
rm -f ./add-certificate
# Create symlink for tests running
if [ ! -d "/usr/local/bin" ];then

6
images/macos/tests/System.Tests.ps1
View File

@@ -15,6 +15,12 @@ Describe "Certificate" {
$certs = security find-certificate -a -c Worldwide -p -Z | Out-String
$certs | Should -Match $sha1Hash
}
It "Developer ID Certification Authority[expired: 2031-09] is installed" {
$sha1Hash = "5B45F61068B29FCC8FFFF1A7E99B78DA9E9C4635"
$certs = security find-certificate -a -c "Developer ID" -p -Z | Out-String
$certs | Should -Match $sha1Hash
}
}
Describe "Audio device" {