Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for mobileconfig signing #11

Closed
wants to merge 1 commit into from
Closed

Add support for mobileconfig signing #11

wants to merge 1 commit into from

Conversation

sriccio
Copy link

@sriccio sriccio commented Jun 3, 2022

This is a first attempt at supporting mobileconfig signing as a per "provider" basis.

This adds 3 columns to the provider table:

  • sign - enable or disable signing for this provider (0/1)
  • sign_key - The signing private key for the provider
  • sign_cert - The signing corresponding certificate for the provider

It requires M2Crypto python package and some system packages (example for debian/ubuntu):

  • build-essential
  • python3-dev or python-dev
  • libssl-dev
  • swig

TODO ?:

  • Maybe find a more secure way to store private key in the DB
  • Document the usage
  • Add tests

@sriccio
Add support for mobileconfig signing
8206152 
This is a first attempt at supporting mobileconfig signing as a per "provider" basis.

This adds 3 columns to the provider table:
- sign - enable or disable signing for this provider (0/1)
- sign_key - The signing private key for the provider
- sign_cert - The signing corresponding certificate for the provider

It requires M2Crypto python package and some system packages (example for debian/ubuntu):

- build-essential
- python3-dev or python-dev
- libssl-dev
- swig

TODO ?:
- Maybe find a more secure way to store private key in the DB
- Document the usage
- Add tests
@sriccio
Copy link
Author

sriccio commented Jun 3, 2022

The resulting mobileconfig shows green (verified) when signed:

image

@rseichter
Copy link
Owner

Hello Sébastien.

As stated clearly in the project's main README file, I do not accept code contributions for automx2, mostly to avoid potential copyright issues.

Besides, it is considered proper form to first open an issue describing the proposal one has in mind, allowing for discussion of ideas, methods, and restrictions. This avoids investing time in code which may not be accepted, as happened in this case. Only after that should code be provided. I also consider additional documentation and unit tests covering all affected code necessary right away, not simply listed as TODOs for a later time, as a mark of quality.

I'll be closing this pull request. Please don't take it personally; it definitely is not.

@rseichter rseichter closed this Jun 11, 2022
@sriccio
Copy link
Author

sriccio commented Jun 11, 2022

Hello Ralph,

Thank you for the feedback. It's true I did not read the Contribution part of the README and I went a bit too fast issuing a PR right away. I'll now refrain from doing so. I was just happy to maybe propose something and contribute to a project.

Kind regards.

@sriccio sriccio deleted the mobileconfig_signing branch June 11, 2022 14:21
@rseichter
Copy link
Owner

I can imagine you feeling disappointed, which is not my intent. I have been mulling a signature feature for Mobileconfig myself, but have not come up with a method that fully satisfied me. What crypto package to use, how to safely store the key material, and so forth. If I may, I might revisit your suggestions in the future, for inspiration.

@HLFH HLFH mentioned this pull request Nov 3, 2022
Open
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sriccio @rseichter