[spaceship] create_certificate_signing_request: update from SHA-1 to …

…SHA-256 (#21644) Update the two places where Fastlane creates CSRs to use SHA-256 (sha256WithRSAEncryption). This signature algorithm is accepted by Apple and CSRs created using Keychain Access at least since Ventura use SHA-256. SHA-1 is increasingly deprecated by OS vendors which is how I noticed fastlane was still using SHA-1 when attempting to use `fastlane pem` under RedHat 9, which disables SHA-1 by default[^1]. [^1]: https://wiki.almalinux.org/release-notes/9.0.html#changelog
fastlane · Feb 10, 2024 · c18d01c · c18d01c
1 parent 9899046
commit c18d01c
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/spaceship/lib/spaceship/connect_api/models/certificate.rb b/spaceship/lib/spaceship/connect_api/models/certificate.rb
@@ -55,7 +55,7 @@ def valid?
         Time.parse(expiration_date) > Time.now
       end
 
-      # Create a new code signing request that can be used to
+      # Create a new cert signing request that can be used to
       # generate a new certificate
       # @example
       #  Create a new certificate signing request
@@ -71,7 +71,7 @@ def self.create_certificate_signing_request
                                                 ['CN', 'PEM', OpenSSL::ASN1::UTF8STRING]
                                               ])
         csr.public_key = key.public_key
-        csr.sign(key, OpenSSL::Digest::SHA1.new)
+        csr.sign(key, OpenSSL::Digest::SHA256.new)
         return [csr, key]
       end
 

diff --git a/spaceship/lib/spaceship/portal/certificate.rb b/spaceship/lib/spaceship/portal/certificate.rb
@@ -205,7 +205,7 @@ class MacProductionPush < PushCertificate; end
 
       # Class methods
       class << self
-        # Create a new code signing request that can be used to
+        # Create a new cert signing request that can be used to
         # generate a new certificate
         # @example
         #  Create a new certificate signing request
@@ -221,7 +221,7 @@ def create_certificate_signing_request
                                                   ['CN', 'PEM', OpenSSL::ASN1::UTF8STRING]
                                                 ])
           csr.public_key = key.public_key
-          csr.sign(key, OpenSSL::Digest::SHA1.new)
+          csr.sign(key, OpenSSL::Digest::SHA256.new)
           return [csr, key]
         end