ronnibaslund/dezky
1
0
Fork 0
Code Issues 37 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

feat(portal): sign Apple profiles — Verified instead of 'unsigned' warning
ci / changes (push) Successful in 4s
Details
ci / tc_booking (push) Has been skipped
Details
ci / tc_operator (push) Has been skipped
Details
ci / tc_website (push) Has been skipped
Details
ci / tc_platform_api (push) Has been skipped
Details
ci / test_platform_api (push) Has been skipped
Details
ci / build_booking (push) Has been skipped
Details
ci / build_operator (push) Has been skipped
Details
ci / build_platform_api (push) Has been skipped
Details
ci / tc_portal (push) Successful in 26s
Details
ci / build_portal (push) Successful in 49s
Details
ci / deploy (push) Successful in 42s
Details

Browse Source 
Unsigned .mobileconfig installs trip macOS warnings ('unknown developer')
and an extra System Settings hunt. The route now wraps the profile in
PKCS#7 SignedData (node-forge, SHA-256, full chain embedded) using the
portal's own cert-manager LE certificate mounted read-only into the pod
(PROFILE_SIGN_CERT/KEY). Publicly-trusted chain → Apple shows Verified.
Dev (no env) and any signing failure fall back to unsigned — the
download must never break over the badge. Signature round-trip verified
with openssl smime.
This commit is contained in:
Ronni Baslund
2026-06-11 08:28:14 +02:00
parent 77898c5027
commit 6667d18db0
4 changed files with 74 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/portal/package.json
+2
View File
@@ -12,6 +12,7 @@
},
"dependencies": {
"ioredis": "^5.11.1",
"node-forge": "^1.4.0",
"nuxt": "^4.4.6",
"nuxt-oidc-auth": "1.0.0-beta.11",
"undici": "^7.2.1",
@@ -20,6 +21,7 @@
},
"devDependencies": {
"@types/node": "^20.0.0",
"@types/node-forge": "^1.3.14",
"typescript": "^5.6.0",
"vue-tsc": "^3.2.6"
},