diff --git a/.github/workflows/check-certificates.yml b/.github/workflows/check-certificates.yml deleted file mode 100644 index fdb6d2c9..00000000 --- a/.github/workflows/check-certificates.yml +++ /dev/null @@ -1,105 +0,0 @@ -# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-certificates.md -name: Check Signing Certificates - -# See: https://docs.github.com/en/actions/reference/events-that-trigger-workflows -on: - push: - paths: - - ".github/workflows/check-certificates.ya?ml" - - "certs/**" - pull_request: - paths: - - ".github/workflows/check-certificates.ya?ml" - - "certs/**" - schedule: - # Run every 10 hours. - - cron: "0 */10 * * *" - workflow_dispatch: - repository_dispatch: - -env: - # Begin notifications when there are less than this many days remaining before expiration. - EXPIRATION_WARNING_PERIOD: 30 - -jobs: - get-certificates-list: - runs-on: ubuntu-latest - outputs: - certificates: ${{ steps.get-files.outputs.certificates }} - - steps: - - name: Checkout repository - uses: actions/checkout@v2 - - - name: Set certificates path environment variable - run: | - # See: https://docs.github.com/en/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable - echo "FILES=\"$(ls ${{ github.workspace }}/certs/* | xargs | sed 's/ /","/g')\"" >> $GITHUB_ENV - - - name: Get files list - id: get-files - run: | - JSON=$(echo '[${{ join(env.FILES) }}]' | jq -c '{"cert_file": .}') - echo "::set-output name=certificates::$JSON" - - check-certificates: - name: ${{ matrix.cert_file }} - needs: get-certificates-list - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: ${{fromJSON(needs.get-certificates-list.outputs.certificates)}} - - steps: - - name: Checkout repository - uses: actions/checkout@v2 - - - name: Get days remaining before certificate expiration date - id: get-days-before-expiration - run: | - EXPIRATION_DATE="$( - ( - openssl x509 \ - -inform der \ - -in ${{ matrix.cert_file }} \ - -enddate -noout - ) | ( - grep \ - --max-count=1 \ - --only-matching \ - --perl-regexp \ - 'notAfter=(\K.*)' - ) - )" - - DAYS_BEFORE_EXPIRATION="$((($(date --utc --date="$EXPIRATION_DATE" +%s) - $(date --utc +%s)) / 60 / 60 / 24))" - - # Display the expiration information in the log. - echo "Certificate expiration date: $EXPIRATION_DATE" - echo "Days remaining before expiration: $DAYS_BEFORE_EXPIRATION" - - echo "::set-output name=days::$DAYS_BEFORE_EXPIRATION" - - - name: Check if expiration notification period has been reached - id: check-expiration - run: | - DAYS=${{ steps.get-days-before-expiration.outputs.days }} - if [[ $DAYS -lt ${{ env.EXPIRATION_WARNING_PERIOD }} ]]; then - echo "::error::${{ matrix.cert_file }} will expire in $DAYS days!!!" - exit 1 - fi - - - name: Slack notification of pending certificate expiration - # Only run when the workflow will have access to the certificate secrets. - if: > - failure() && - github.event_name == 'schedule' - env: - SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} - SLACK_MESSAGE: | - :warning::warning::warning::warning: - WARNING: ${{ github.repository }} ${{ matrix.cert_file }} will expire in ${{ steps.get-days-before-expiration.outputs.days }} days!!! - :warning::warning::warning::warning: - SLACK_COLOR: danger - MSG_MINIMAL: true - uses: rtCamp/action-slack-notify@v2 diff --git a/certs/AddTrustExternalCA_Root.cer b/certs/AddTrustExternalCA_Root.cer deleted file mode 100644 index f61f3d57..00000000 Binary files a/certs/AddTrustExternalCA_Root.cer and /dev/null differ diff --git a/certs/BaltimoreCyberTrust_Root.cer b/certs/BaltimoreCyberTrust_Root.cer deleted file mode 100644 index da96dbb2..00000000 Binary files a/certs/BaltimoreCyberTrust_Root.cer and /dev/null differ diff --git a/certs/Digicert_Root.cer b/certs/Digicert_Root.cer deleted file mode 100644 index dae01965..00000000 Binary files a/certs/Digicert_Root.cer and /dev/null differ diff --git a/certs/GeoTrustGlobalCA_Root.cer b/certs/GeoTrustGlobalCA_Root.cer deleted file mode 100644 index 4ae42e81..00000000 Binary files a/certs/GeoTrustGlobalCA_Root.cer and /dev/null differ diff --git a/certs/GeoTrustPrimaryCertificationAuthority-G3.cer b/certs/GeoTrustPrimaryCertificationAuthority-G3.cer deleted file mode 100644 index 94c5cdad..00000000 Binary files a/certs/GeoTrustPrimaryCertificationAuthority-G3.cer and /dev/null differ diff --git a/certs/GoDaddyRootCertificateAuthority-G2.cer b/certs/GoDaddyRootCertificateAuthority-G2.cer deleted file mode 100644 index 3cdad666..00000000 Binary files a/certs/GoDaddyRootCertificateAuthority-G2.cer and /dev/null differ diff --git a/certs/VeriSignClass3PublicPrimaryCertificationAuthority-G5.cer b/certs/VeriSignClass3PublicPrimaryCertificationAuthority-G5.cer deleted file mode 100644 index 9818d19d..00000000 Binary files a/certs/VeriSignClass3PublicPrimaryCertificationAuthority-G5.cer and /dev/null differ diff --git a/docs/usage.md b/docs/usage.md index 2da6cb42..26d8f98d 100644 --- a/docs/usage.md +++ b/docs/usage.md @@ -83,6 +83,9 @@ previous certificates are going to be erased. To overcome this it's required to ./arduino-fwuploader certificates flash --url arduino.cc:443,google.com:443 --file ~/Downloads/my_self_signed_.der -b arduino:mbed_nano:nanorp2040connect -a /dev/ttyACM0 ``` +You can find the certificates that are preflashed on the NINA module +[here](https://github.com/arduino/nina-fw/blob/master/data/roots.pem). + ### Command line options The full list of command line options can be obtained with the `-h` option: `./arduino-fwuploader -h`