Fix pipelines

.github/workflows/build-binaries.yml

@@ -7,7 +7,7 @@ jobs:
   build-macos:
     strategy:
       matrix:
-        go-version: ["1.23"]
+        go-version: ["1.26"]
         os: [macos-latest]
     runs-on: ${{ matrix.os }}
     env:
@@ -41,7 +41,7 @@ jobs:
         with:
           # Note: this artifact is shared across jobs:
           # https://github.com/actions/upload-artifact#uploading-to-the-same-artifact
-          name: build
+          name: build_macos
           path: build/
       - name: Upload macOS files to the release
         # Pinned hash from https://github.com/softprops/action-gh-release/releases/tag/v2.0.8
@@ -53,7 +53,7 @@ jobs:
   build-windows:
     strategy:
       matrix:
-        go-version: ["1.23"]
+        go-version: ["1.26"]
         os: [windows-latest]
     runs-on: ${{ matrix.os }}
     env:
@@ -95,12 +95,15 @@ jobs:
         uses: egor-tensin/setup-mingw@84c781b557efd538dec66bde06988d81cd3138cf
         with:
           platform: x86
+          version: 12.2.0
       - name: Build 386
         shell: bash
         run: |
           GOARCH=386 go build -o "build/386/smimesign.exe" -ldflags "-X main.versionString=${{ env.GIT_VERSION }}" .
       - name: Sign amd64 and 386
-        if: startsWith(github.ref, 'refs/tags/v')
+        env:
+          PFX_PASSWORD: ${{ secrets.PFX_PASSWORD }}
+        if: startsWith(github.ref, 'refs/tags/v') && env.PFX_PASSWORD != ''
         run: |
           .\windows-installer\signtool.exe sign /tr http://timestamp.digicert.com /td sha256 /fd sha256 /p ${{ secrets.PFX_PASSWORD }} /f windows-installer\codesign.pfx build/amd64/smimesign.exe
           .\windows-installer\signtool.exe sign /tr http://timestamp.digicert.com /td sha256 /fd sha256 /p ${{ secrets.PFX_PASSWORD }} /f windows-installer\codesign.pfx build/386/smimesign.exe
@@ -109,7 +112,9 @@ jobs:
         run: |
           GIT_VERSION=${{ env.GIT_VERSION }} BARE_GIT_VERSION=${{ env.BARE_GIT_VERSION }} iscc windows-installer/inno-setup-smimesign-installer.iss
       - name: Sign installer
-        if: startsWith(github.ref, 'refs/tags/v')
+        env:
+          PFX_PASSWORD: ${{ secrets.PFX_PASSWORD }}
+        if: startsWith(github.ref, 'refs/tags/v') && env.PFX_PASSWORD != ''
         run: |
           .\windows-installer\signtool.exe sign /tr http://timestamp.digicert.com /td sha256 /fd sha256 /p ${{ secrets.PFX_PASSWORD }} /f windows-installer\codesign.pfx build\installer\smimesign-windows-*.exe
       - name: Create zips for release upload
@@ -126,7 +131,7 @@ jobs:
         with:
           # Note: this artifact is shared across jobs:
           # https://github.com/actions/upload-artifact#uploading-to-the-same-artifact
-          name: build
+          name: build_windows
           path: build/
       - name: Upload Windows files to the release
         # Pinned hash from https://github.com/softprops/action-gh-release/releases/tag/v2.0.8

.github/workflows/test-go.yml

@@ -6,7 +6,7 @@ jobs:
   test:
     strategy:
       matrix:
-        go-version: ["1.22", "1.x"]
+        go-version: ["1.26", "1.x"]
         os: [macos-latest, windows-latest]
     runs-on: ${{ matrix.os }}
     env:

fakeca/identity.go

@@ -9,6 +9,7 @@ import (
 	"encoding/pem"
 	"errors"
 	"fmt"
+	"os"
 	"os/exec"
 )
 
@@ -136,6 +137,30 @@ func toPKCS8(priv interface{}) []byte {
 	out := new(bytes.Buffer)
 	cmd.Stdout = out
 
+	if err := cmd.Run(); err == nil {
+		return out.Bytes()
+	}
+	// Fallback for newer openssl version: write to temp file and use it as input file
+	return toPKCS8TempFile(priv)
+}
+
+func toPKCS8TempFile(priv interface{}) []byte {
+	file, err := os.CreateTemp("", "tmpfile-*")
+	if err != nil {
+		panic(err)
+	}
+	defer os.Remove(file.Name())
+
+	if _, err = file.Write(toDER(priv)); err != nil {
+		panic(err)
+	}
+	file.Close()
+
+	cmd := exec.Command("openssl", "pkcs8", "-topk8", "-nocrypt", "-inform", "DER", "-in", file.Name())
+
+	out := new(bytes.Buffer)
+	cmd.Stdout = out
+
 	if err := cmd.Run(); err != nil {
 		panic(err)
 	}

go.mod

@@ -1,15 +1,13 @@
 module github.com/github/smimesign
 
-go 1.24.0
-
-toolchain go1.24.2
+go 1.26.2
 
 require (
-	github.com/certifi/gocertifi v0.0.0-20180118203423-deb3ae2ef261
-	github.com/pborman/getopt v0.0.0-20180811024354-2b5b3bfb099b
-	github.com/pkg/errors v0.8.1
+	github.com/certifi/gocertifi v0.0.0-20210507211836-431795d63e8d
+	github.com/pborman/getopt/v2 v2.1.0
+	github.com/pkg/errors v0.9.1
 	github.com/stretchr/testify v1.3.0
-	golang.org/x/crypto v0.45.0
+	golang.org/x/crypto v0.49.0
 	golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da
 )
 

go.sum

@@ -1,18 +1,18 @@
-github.com/certifi/gocertifi v0.0.0-20180118203423-deb3ae2ef261 h1:6/yVvBsKeAw05IUj4AzvrxaCnDjN4nUqKjW9+w5wixg=
-github.com/certifi/gocertifi v0.0.0-20180118203423-deb3ae2ef261/go.mod h1:GJKEexRPVJrBSOjoqN5VNOIKJ5Q3RViH6eu3puDRwx4=
+github.com/certifi/gocertifi v0.0.0-20210507211836-431795d63e8d h1:S2NE3iHSwP0XV47EEXL8mWmRdEfGscSJ+7EgePNgt0s=
+github.com/certifi/gocertifi v0.0.0-20210507211836-431795d63e8d/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/pborman/getopt v0.0.0-20180811024354-2b5b3bfb099b h1:K1wa7ads2Bu1PavI6LfBRMYSy6Zi+Rky0OhWBfrmkmY=
-github.com/pborman/getopt v0.0.0-20180811024354-2b5b3bfb099b/go.mod h1:85jBQOZwpVEaDAr341tbn15RS4fCAsIst0qp7i8ex1o=
-github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pborman/getopt/v2 v2.1.0 h1:eNfR+r+dWLdWmV8g5OlpyrTYHkhVNxHBdN2cCrJmOEA=
+github.com/pborman/getopt/v2 v2.1.0/go.mod h1:4NtW75ny4eBw9fO1bhtNdYTlZKYX5/tBLtsOpwKIKd0=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q=
-golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4=
+golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4=
+golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA=
 golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da h1:noIWHXmPHxILtqtCOPIhSt0ABwskkZKjD3bXGnZGpNY=
 golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90=

ietf-cms/main_test.go

@@ -8,7 +8,6 @@ import (
 	"crypto/x509"
 	"encoding/asn1"
 	"io"
-	"io/ioutil"
 	"math/big"
 	"net/http"
 	"time"
@@ -161,6 +160,6 @@ func (thc *testHTTPClient) Do(httpReq *http.Request) (*http.Response, error) {
 	return &http.Response{
 		StatusCode: 200,
 		Header:     http.Header{"Content-Type": {"application/timestamp-reply"}},
-		Body:       ioutil.NopCloser(bytes.NewReader(respDER)),
+		Body:       io.NopCloser(bytes.NewReader(respDER)),
 	}, nil
 }

ietf-cms/sign_test.go

@@ -3,7 +3,6 @@ package cms
 import (
 	"crypto/x509"
 	"encoding/pem"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"testing"
@@ -54,8 +53,11 @@ func TestSign(t *testing.T) {
 
 	// check that we're including signing time attribute
 	st, err := sd2.psd.SignerInfos[0].GetSigningTimeAttribute()
+	if err != nil {
+		t.Fatal(err)
+	}
 	if st.After(time.Now().Add(time.Second)) || st.Before(time.Now().Add(-time.Second)) {
-		t.Fatal("expected SigningTime to be now. Difference was", st.Sub(time.Now()))
+		t.Fatal("expected SigningTime to be now. Difference was", time.Until(st))
 	}
 }
 
@@ -98,8 +100,11 @@ func TestSignDetached(t *testing.T) {
 
 	// check that we're including signing time attribute
 	st, err := sd2.psd.SignerInfos[0].GetSigningTimeAttribute()
+	if err != nil {
+		t.Fatal(err)
+	}
 	if st.After(time.Now().Add(time.Second)) || st.Before(time.Now().Add(-time.Second)) {
-		t.Fatal("expected SigningTime to be now. Difference was", st.Sub(time.Now()))
+		t.Fatal("expected SigningTime to be now. Difference was", time.Until(st))
 	}
 }
 
@@ -117,7 +122,7 @@ func TestSignDetachedWithOpenSSL(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	signatureFile, err := ioutil.TempFile("", "TestSignatureOpenSSL_signatureFile_*")
+	signatureFile, err := os.CreateTemp("", "TestSignatureOpenSSL_signatureFile_*")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -130,7 +135,7 @@ func TestSignDetachedWithOpenSSL(t *testing.T) {
 	signatureFile.Close()
 
 	// write content to a temp file
-	contentFile, err := ioutil.TempFile("", "TestSignatureOpenSSL_contentFile_*")
+	contentFile, err := os.CreateTemp("", "TestSignatureOpenSSL_contentFile_*")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -143,7 +148,7 @@ func TestSignDetachedWithOpenSSL(t *testing.T) {
 	contentFile.Close()
 
 	// write CA cert to a temp file
-	certsFile, err := ioutil.TempFile("", "TestSignatureOpenSSL_certsFile_*")
+	certsFile, err := os.CreateTemp("", "TestSignatureOpenSSL_certsFile_*")
 	if err != nil {
 		t.Fatal(err)
 	}

ietf-cms/verify_test.go

@@ -254,7 +254,7 @@ F1Al5pA+giJh15T7Uu+p5O0J
 	}
 	pkcs7Cert, err := x509.ParseCertificate(pkcs7CertPEM.Bytes)
 	if err != nil {
-		t.Fatalf("failed to parse certificate: " + err.Error())
+		t.Fatalf("failed to parse certificate: %s",err.Error())
 	}
 
 	pkcs7Certs := []*x509.Certificate{pkcs7Cert}

windows-installer/inno-setup-smimesign-installer.iss

@@ -28,7 +28,7 @@ AppPublisher={#MyAppPublisher}
 AppPublisherURL={#MyAppURL}
 AppSupportURL={#MyAppURL}
 AppUpdatesURL={#MyAppURL}
-AppVerName={#MyBareGitVersion}
+AppVerName={#MyAppName} {#MyBareGitVersion}
 ArchitecturesInstallIn64BitMode=x64
 ChangesEnvironment=yes
 Compression=lzma