Codesign box

ansible/deploy-tier2.yml

@@ -13,9 +13,10 @@
   ansible.builtin.import_playbook: deploy-testlists.yml
 
 # commented out due to the fact it requires manual config of ~/.ssh/config
-#- name: Setup codesign box
-#  hosts: codesign-box
-#  become: true
-#  remote_user: ubuntu
-#  roles:
-#    - codesign_box
+- name: Setup codesign box
+  hosts: codesign-box
+  become: true
+  remote_user: ubuntu
+  roles:
+    - codesign_box
+  tags: codesign

ansible/inventory

@@ -52,3 +52,4 @@ jumphost.dev.ooni.io
 jumphost.prod.ooni.io
 testlist-ec2.dev.ooni.io
 testlist-ec2.prod.ooni.io
+codesign-box

ansible/roles/codesign_box/defaults/main.yml

@@ -1,4 +1,6 @@
 ---
 cluster_id: cluster-qsvghm4oqok
 hsm_token_name: OONI_2024-04-26_1
-codesign_usernames: [ art, majakomel, mehul ]
+codesign_usernames: [ art, majakomel, mehul, norbel ]
+aws_secret_access_key: "{{ lookup('amazon.aws.aws_ssm', '/oonidevops/secrets/cloudhsm_secret_access_key', profile='oonidevops_user_prod') }}"
+aws_access_key_id: "AKIAW3MEBT7WLINUBPU2"

ansible/roles/codesign_box/tasks/main.yml

@@ -5,21 +5,116 @@
     dest: "/home/ubuntu/.ssh/authorized_keys"
     owner: "ubuntu"
     mode: "0400"
+  tags: codesign
 
 - name: Install cloudhsm-cli
   ansible.builtin.apt:
     deb: https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Jammy/cloudhsm-cli_latest_u22.04_amd64.deb
     update_cache: true
+  tags: codesign
 
 - name: Install cloudhsm-pkcs11
   ansible.builtin.apt:
     deb: https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Jammy/cloudhsm-pkcs11_latest_u22.04_amd64.deb
+  tags: codesign
 
 - name: Install cloudhsm-pkcs11
   ansible.builtin.apt:
     name:
       - libengine-pkcs11-openssl
       - awscli
+  tags: codesign
+
+- name: Check if osslsigncode is already installed
+  ansible.builtin.command: which osslsigncode
+  register: osslsigncode_check
+  failed_when: false
+  changed_when: false
+  tags: codesign
+- name: Build and install osslsigncode from source
+  when: osslsigncode_check.rc != 0
+  tags: codesign
+  vars:
+    ossl_version: 2.13
+  block:
+    - name: Install osslsigncode build dependencies
+      ansible.builtin.apt:
+        name:
+          - cmake
+          - libssl-dev
+          - libcurl4-openssl-dev
+          - zlib1g-dev
+          - python3
+          - git
+        state: present
+        update_cache: true
+      tags: codesign
+
+    - name: Download osslsigncode release tarball
+      ansible.builtin.get_url:
+        url: "https://github.com/mtrojnar/osslsigncode/archive/refs/tags/{{ ossl_version }}.tar.gz"
+        dest: /tmp/osslsigncode.tar.gz
+        mode: "0644"
+      tags: codesign
+
+    - name: Extract osslsigncode tarball
+      ansible.builtin.unarchive:
+        src: /tmp/osslsigncode.tar.gz
+        dest: /tmp/
+        remote_src: true
+      tags: codesign
+
+    - name: Create build directory
+      ansible.builtin.file:
+        path: "/tmp/osslsigncode-{{ ossl_version }}/build"
+        state: directory
+        mode: "0755"
+      tags: codesign
+
+    - name: Configure osslsigncode with CMake
+      ansible.builtin.command:
+        cmd: cmake -S .. -DCMAKE_BUILD_TYPE=Release
+        chdir: "/tmp/osslsigncode-{{ ossl_version }}/build"
+      changed_when: true
+      tags: codesign
+
+    - name: Build osslsigncode
+      ansible.builtin.command:
+        cmd: cmake --build . --parallel
+        chdir: "/tmp/osslsigncode-{{ ossl_version }}/build"
+      changed_when: true
+      tags: codesign
+
+    - name: Install osslsigncode
+      ansible.builtin.command:
+        cmd: cmake --install .
+        chdir: "/tmp/osslsigncode-{{ossl_version}}/build"
+      changed_when: true
+      tags: codesign
+
+    - name: Clean up build directory
+      ansible.builtin.file:
+        path: "/tmp/osslsigncode-{{ossl_version}}"
+        state: absent
+      tags: codesign
+
+- name: Create aws directory
+  ansible.builtin.file:
+    path: "/home/ubuntu/.aws"
+    owner: ubuntu
+    group: adm
+    state: directory
+    mode: "0750"
+  tags: codesign
+
+- name: Write ~/.aws/credentials
+  ansible.builtin.template:
+    src: aws_credentials
+    dest: /home/ubuntu/.aws/credentials
+    owner: ubuntu
+    group: adm
+    mode: "u=rwx,g=r,o="
+  tags: codesign
 
 - name: Write customerCA.crt
   ansible.builtin.template:
@@ -28,6 +123,7 @@
     owner: root
     group: adm
     mode: "u=rwx,g=rx"
+  tags: codesign
 
 - name: Write Cert_bundle.pem
   ansible.builtin.template:
@@ -36,6 +132,7 @@
     owner: root
     group: adm
     mode: "u=rwx,g=rx"
+  tags: codesign
 
 - name: Write delete-hsms.sh command
   ansible.builtin.template:
@@ -44,6 +141,7 @@
     owner: root
     group: adm
     mode: "u=rwx,g=rx"
+  tags: codesign
 
 - name: Write create-hsms.sh command
   ansible.builtin.template:
@@ -52,16 +150,18 @@
     owner: root
     group: adm
     mode: "u=rwx,g=rx"
+  tags: codesign
 
 - name: Ensure .hsmcredentials file exists
   ansible.builtin.copy:
     dest: /home/ubuntu/.hsmcredentials
     content: |
-      HSM_PASSWORD=
+      HSM_CREDENTIALS=
     owner: ubuntu
     group: adm
     mode: "u=rw,g=,o="
     force: false
+  tags: codesign
 
 - name: Write sign-windows-exe.sh command
   ansible.builtin.template:
@@ -70,3 +170,4 @@
     owner: root
     group: adm
     mode: "u=rwx,g=rx"
+  tags: codesign

ansible/roles/codesign_box/templates/Cert_bundle.pem

@@ -1,107 +1,73 @@
 subject=jurisdictionCountryName=IT, businessCategory=Business Entity, CN=Open Observatory of Network Interference (OONI), SERIALNUMBER=96568220584, O=Open Observatory of Network Interference (OONI), L=Rome, C=IT
-issuer=CN=HARICA EV Code Signing RSA SubCA R1, O=Hellenic Academic and Research Institutions CA, L=Athens, C=GR
+issuer=CN=HARICA EV Code Signing RSA, O=Hellenic Academic and Research Institutions CA, C=GR
 -----BEGIN CERTIFICATE-----
-MIIHeDCCBWCgAwIBAgIQeP20SJFLrwNNrScDbdnSeDANBgkqhkiG9w0BAQsFADCBhTELMAkGA1UE
-BhMCR1IxDzANBgNVBAcMBkF0aGVuczE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl
-c2VhcmNoIEluc3RpdHV0aW9ucyBDQTEsMCoGA1UEAwwjSEFSSUNBIEVWIENvZGUgU2lnbmluZyBS
-U0EgU3ViQ0EgUjEwHhcNMjQwNDI5MTEwNjU2WhcNMjYwNDI5MTEwNjU2WjCB1TELMAkGA1UEBhMC
-SVQxDTALBgNVBAcMBFJvbWUxODA2BgNVBAoML09wZW4gT2JzZXJ2YXRvcnkgb2YgTmV0d29yayBJ
-bnRlcmZlcmVuY2UgKE9PTkkpMRQwEgYDVQQFEws5NjU2ODIyMDU4NDE4MDYGA1UEAwwvT3BlbiBP
-YnNlcnZhdG9yeSBvZiBOZXR3b3JrIEludGVyZmVyZW5jZSAoT09OSSkxGDAWBgNVBA8MD0J1c2lu
-ZXNzIEVudGl0eTETMBEGCysGAQQBgjc8AgEDEwJJVDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
-AgoCggIBALs3gSrsYiuFwdffvSPMKI/yGYk6R2cX2nAsFB8fHFElGdsUbHNoBOdBsRUe2yCSHLwA
-kMyuNsGvOxbykiNaCGnNjEg3bI7rE7YyKwSH6aR5B/TTpI9CESnFROxltWEfbBSr+SY/MlF+5bA2
-JWs9SMzl0BXMBoOVbLBczoAN38cX4Wwe7hsXpXwhbub8FIwSLMbMUcrqhLIsJQL7ywz/8cnxZqKD
-Y9MsM+sIstCKrK2w6b8B9AAY0lmPpR+p4ZaBHzU1vsTX8wPoYA/QDz+TwlczuosNdyaWZcgAUZag
-eMhjUOuT7Z92Yzu4PoWIPCOCu6LvYaC+M2mIRCZV476E+KlvSjqElDhYEBkkKueP+1/paiq4ibf3
-MUILTGg+/bhGF+5GVLGEhdimNYGVzzoqPh8ngPo37g+mKjMN8oguejN6/W5Ts/nedvNog4txeaYL
-2M8PG5Jv0pyXf82lOaHpXVQ8qfHqWJr4RvI02kcNHGFrNvOCBao4DdLrehOCwFsxlcb7FG2lzjua
-Zxg5TfBTNHDby8RGPDo6iq9zlEK2ciSN1lI1viGFRmM9ZYo75jj7OgFsSq9TwLj30WXLqxZdm7CN
-f8OPFRc2NWNMTXhjCU9nAYYo8e8ZCnJ5bNVUMHpgx8eW9zrHVdQBKet3irOhDTdcl8DCj2/51S2z
-wt69AB3HAgMBAAGjggGQMIIBjDAJBgNVHRMEAjAAMB8GA1UdIwQYMBaAFJTvT2NZT7wQp8iHqRdp
-AhJiR+F1MHIGCCsGAQUFBwEBBGYwZDA/BggrBgEFBQcwAoYzaHR0cDovL2NydC5oYXJpY2EuZ3Iv
-SGFyaWNhRVZDb2RlU2lnbmluZ1N1YkNBUjEuY2VyMCEGCCsGAQUFBzABhhVodHRwOi8vb2NzcC5o
-YXJpY2EuZ3IwYAYDVR0gBFkwVzAHBgVngQwBAzAIBgYEAI96AQIwQgYMKwYBBAGBzxEBAQMDMDIw
-MAYIKwYBBQUHAgEWJGh0dHBzOi8vcmVwby5oYXJpY2EuZ3IvZG9jdW1lbnRzL0NQUzATBgNVHSUE
-DDAKBggrBgEFBQcDAzBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vY3JsLmhhcmljYS5nci9IYXJp
-Y2FFVkNvZGVTaWduaW5nU3ViQ0FSMS5jcmwwHQYDVR0OBBYEFMA9FXuU36eaZpHrxlphS5vn/I9v
-MA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAgEAlEj7BT3SRaAL0uZWs4VJ3zKxMQKL
-JOMR5fl7DKO5N/ynRDH8ktjLJZyt4wfNXBR71l0hvTeE+ZqnWXn0Pz0tEVR4qdjzf/JuO2G0GXfb
-ATnZrUsTgm8utogtzb3BwDQVRgh5X6/BN8Ip/5C80zAGg2pGdySho2D4kJVeoNu/Gr0xYodFZirV
-fcT6zT82eh+MEM2I19gONJ9soJsM9qNxeV94nA8Rct9ZVtv6/CuEg2zPz+JYjmAttp1cEqUchUsg
-yUuwLzA4Bk7xnO8giTVFs71z8GET9WeQnohYO2PE/+ytA8wyjELctVOBj1MHVcTcQb/pc+CKenTP
-sbeq29RG2WYOsdvAQlhRLJDFB6UoHlqtvQCMfda9HEemI/wHRMD7zKYYc3F1ik6VgGQ8ekEyjuzJ
-V6xnELvWpbpm/GvdeXTUqrQpfA4ZowQaQr3ZdNGmpuxaWXByfAzcN9tVYHlcPnh4lTd5j40Sy2OL
-Az0MxeukIvBTZEQaYxjxqSHglrVs9c9Gc7DJdpNy48zAefRUK2CfpoY1396DmKmpmYFTWkBvSESm
-oQt2IPMnskBgrrNKMvas+W6Grybp9Y0k7c0m4VlW7IkvNR3D3dh+cwdMVxXHmwktIzAE2QdoWlNM
-PiaCEKcXPYdBJ9Q2LrxyH2QaqbppvZ/n36y4SCQ//ZvZOUM=
+MIIHYTCCBUmgAwIBAgIQU5g4Rhqhf5FxM7exqL0LCzANBgkqhkiG9w0BAQsFADBrMQswCQYDVQQG
+EwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9u
+cyBDQTEjMCEGA1UEAwwaSEFSSUNBIEVWIENvZGUgU2lnbmluZyBSU0EwHhcNMjYwMzMwMDYyMTI4
+WhcNMjcwMzMwMDYyMTI4WjCB1TELMAkGA1UEBhMCSVQxDTALBgNVBAcMBFJvbWUxODA2BgNVBAoM
+L09wZW4gT2JzZXJ2YXRvcnkgb2YgTmV0d29yayBJbnRlcmZlcmVuY2UgKE9PTkkpMRQwEgYDVQQF
+Ews5NjU2ODIyMDU4NDE4MDYGA1UEAwwvT3BlbiBPYnNlcnZhdG9yeSBvZiBOZXR3b3JrIEludGVy
+ZmVyZW5jZSAoT09OSSkxGDAWBgNVBA8MD0J1c2luZXNzIEVudGl0eTETMBEGCysGAQQBgjc8AgED
+EwJJVDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALs3gSrsYiuFwdffvSPMKI/yGYk6
+R2cX2nAsFB8fHFElGdsUbHNoBOdBsRUe2yCSHLwAkMyuNsGvOxbykiNaCGnNjEg3bI7rE7YyKwSH
+6aR5B/TTpI9CESnFROxltWEfbBSr+SY/MlF+5bA2JWs9SMzl0BXMBoOVbLBczoAN38cX4Wwe7hsX
+pXwhbub8FIwSLMbMUcrqhLIsJQL7ywz/8cnxZqKDY9MsM+sIstCKrK2w6b8B9AAY0lmPpR+p4ZaB
+HzU1vsTX8wPoYA/QDz+TwlczuosNdyaWZcgAUZageMhjUOuT7Z92Yzu4PoWIPCOCu6LvYaC+M2mI
+RCZV476E+KlvSjqElDhYEBkkKueP+1/paiq4ibf3MUILTGg+/bhGF+5GVLGEhdimNYGVzzoqPh8n
+gPo37g+mKjMN8oguejN6/W5Ts/nedvNog4txeaYL2M8PG5Jv0pyXf82lOaHpXVQ8qfHqWJr4RvI0
+2kcNHGFrNvOCBao4DdLrehOCwFsxlcb7FG2lzjuaZxg5TfBTNHDby8RGPDo6iq9zlEK2ciSN1lI1
+viGFRmM9ZYo75jj7OgFsSq9TwLj30WXLqxZdm7CNf8OPFRc2NWNMTXhjCU9nAYYo8e8ZCnJ5bNVU
+MHpgx8eW9zrHVdQBKet3irOhDTdcl8DCj2/51S2zwt69AB3HAgMBAAGjggGUMIIBkDAJBgNVHRME
+AjAAMB8GA1UdIwQYMBaAFAdZmPK1dYDLNtHERsqzQ+RVARsGMHQGCCsGAQUFBwEBBGgwZjBBBggr
+BgEFBQcwAoY1aHR0cDovL2NydC5oYXJpY2EuZ3IvSEFSSUNBLUVWLUNvZGVTaWduaW5nLVN1Yi1S
+MS5jZXIwIQYIKwYBBQUHMAGGFWh0dHA6Ly9vY3NwLmhhcmljYS5ncjBgBgNVHSAEWTBXMAcGBWeB
+DAEDMAgGBgQAj3oBAjBCBgwrBgEEAYHPEQEBAwMwMjAwBggrBgEFBQcCARYkaHR0cHM6Ly9yZXBv
+LmhhcmljYS5nci9kb2N1bWVudHMvQ1BTMBMGA1UdJQQMMAoGCCsGAQUFBwMDMEYGA1UdHwQ/MD0w
+O6A5oDeGNWh0dHA6Ly9jcmwuaGFyaWNhLmdyL0hBUklDQS1FVi1Db2RlU2lnbmluZy1TdWItUjEu
+Y3JsMB0GA1UdDgQWBBTAPRV7lN+nmmaR68ZaYUub5/yPbzAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZI
+hvcNAQELBQADggIBABlfxAj7woG8DGFpEWen5lzF9C8oVSm6Q+QoKQ/nUdHisxVJ1/V1IpQbSNMC
+PHgywt7jrOv2Gcnx8d9CnClChDrD1dtI7MP62XtK/wEkZmvrvaIzyLiNo5rKqQWlV1IR4KZNszXY
+M/r6/l3uJ+MYpakNV0n9YLogX/NTWA3NJMb6HKQ+Sz7pquIEq7q2nstB9igz1xo6ICwCe7J1SVkX
+pbkLdKA6Mjt5Pvlg6RwkgM2sDfVDSZifxOAyxs7tdlZZIhJ+NV8YKz4nsTJ+jHCoTNdgahwcp8om
+xYSg7MHfWnWXvGdWOFgkuLYNdykurOzU3dM6xu2PYjEPLnVMo3MlWucnxcLIwDNyH3Hxt+R4SBoC
+jIkq9JaU6O16ha5kf0BbTcofZ1FIqLNIUbsltUzOYidRY7gNvd7AbVC3lVqqGDFvL9ivWy45eOQm
+YxSO+vT6gsLrxFa2um78z94f5+6Go49wK0xRURxx6FsLTmQD33Zv0x67wTlHk5rIOF93bvVdo3+x
+XYRHzVMe3ej6qfVeXzY2d8s4sZlEzjCPFAxa0/+e9ZbnFsK8gY3LDyoRUtw5U24exxVxtSRii7j8
+ywEpVV7nmL+6WikaSbEbcgTBqfDLrLkLBEYlCTgkkKFt6mV+AZ+mBMbqdTrgWrYJgCXtgU6YSbs1
+dE0xrQbKvIRWPKQQ
 -----END CERTIFICATE-----
-subject=CN=HARICA EV Code Signing RSA SubCA R1, O=Hellenic Academic and Research Institutions CA, L=Athens, C=GR
-issuer=CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
+subject=CN=HARICA EV Code Signing RSA, O=Hellenic Academic and Research Institutions CA, C=GR
+issuer=CN=HARICA Code Signing RSA Root CA 2021, O=Hellenic Academic and Research Institutions CA, C=GR
 -----BEGIN CERTIFICATE-----
-MIIG9jCCBN6gAwIBAgIQRBc8w77BDn0wQDhwYp8kwDANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UE
-BhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl
-c2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMTN0hlbGxlbmljIEFj
-YWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIwMTUwHhcNMjAwMjI3MTIw
-NTIyWhcNMzUwMjIzMTIwNTIyWjCBhTELMAkGA1UEBhMCR1IxDzANBgNVBAcMBkF0aGVuczE3MDUG
-A1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDQTEsMCoG
-A1UEAwwjSEFSSUNBIEVWIENvZGUgU2lnbmluZyBSU0EgU3ViQ0EgUjEwggIiMA0GCSqGSIb3DQEB
-AQUAA4ICDwAwggIKAoICAQCYS0S4Qp3qUC9OZ6t2FGCQBPTWXTEg081FblEgW/x41zwNJtFtQg3U
-s+eKDgL0fB0lu64q2/A3uT8PzXr5YKgRcXswYztRFGbvd4zVKcOmNn1QXYB20RE7hHMSzFCc0LVz
-CAnJE5+l+s60P+7HqIA/5aX/bKfI76xL2CiuTCZkgpXQFDdBIneIBMRXzpjQ2MM3qJg90yN6lt5S
-ZH2+H+zV3OCLBYsAxsfuK4x1dH4EBD/6gF0DA8J38SU5g3nitEVlGMdl50Fvkuv0la5YUemSi+s/
-fE5QlRV39y3csRG5/L/irbZr39jTHDUK9mSli5KQvlzAvZ+Mw3byNKmlAeYrR+TYc0Tl8tVHWqoY
-4e+shW4FTJlzpRWT550TD1QG8NqL+M4P7ZQD+X7W2bDedLBLDV1Oh1qVLcfPi7uzhqKFRG9Qv48b
-CNXmiPkRlsUB3417sHaupqhNV487vxLKJSeu885SyehgFVv7ajJAxUSeIaguuxJ70ooCrXQDprN3
-a3qNhq/tNBzBByw2OMFj06tazhI66hrBhSnGHqwheT41mU3kz2fgwEyxe+9ZHbTgoSSGdPNp7Sga
-ZBl4HXpIg8ofFFbBFGfmwoj12Nt75wGbY3gGec95VLqVqmF/fNZOqhj0V5kizzbtx4aEmiTG4ozn
-zXfFrIqw27e7TRKTYzkRGwIDAQABo4IBPTCCATkwEgYDVR0TAQH/BAgwBgEB/wIBADAfBgNVHSME
-GDAWgBRxFWfIyMm9dV1y0DgYap3zcSRUCzBvBggrBgEFBQcBAQRjMGEwPAYIKwYBBQUHMAKGMGh0
-dHA6Ly9yZXBvLmhhcmljYS5nci9jZXJ0cy9IYXJpY2FSb290Q0EyMDE1LmNydDAhBggrBgEFBQcw
-AYYVaHR0cDovL29jc3AuaGFyaWNhLmdyMBEGA1UdIAQKMAgwBgYEVR0gADATBgNVHSUEDDAKBggr
-BgEFBQcDAzA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3JsLmhhcmljYS5nci9IYXJpY2FSb290
-Q0EyMDE1LmNybDAdBgNVHQ4EFgQUlO9PY1lPvBCnyIepF2kCEmJH4XUwDgYDVR0PAQH/BAQDAgGG
-MA0GCSqGSIb3DQEBCwUAA4ICAQByG18cPy5oLuAXImw5+BVlID7Y4Y3C3lNVVW15V12YV/OOLrPS
-8N1L+66RyzkBAxC15Fn2xfrwHNRZEIQy/DqAfxO2nUn9BN1cXDgv2aje4LP7dqSOojupvkkWfCvg
-JMuV3/Jpc3TFb8LdWN6+qreMJEU7FU+Xz0Sshm63ujzf8ta43FF9l4cooklUXrIjFrKPKYq38h8n
-STrbPFDeZqjc9WwQ7tGm8Vt38PzQTmzAs6uZ5tZUyWJWYdtWa7AwwOoCRfE3L4i3ZzqYh/OL4z0m
-qsiswn8PHn4yzirFXYs/jBY9pHZfbB81CV3Ad/xMxDMtmqSTVz9fP7o5Mpf+Z3aQlSsG4wFxQANA
-w6EOQjt77ZTnLiGO8kjV2uxRBzXWDUATipNW8W4fMvIe6Pcb7pEU27piFTwxtsyq4KKfoKcnr7DZ
-qZSfDVX2HBzndJu55aYZprU+AkB12aH0QDBjU/jeWu4dylJ8Soqn53bgWT3aAIXGB/mfE6XsjV+h
-kc9GVDVAFYhe6qh6QXiUyZSt3nX9JU/UieAGnIck0YUQnjKlhpwgg1GjWQxc0YscDa9p/PtnPHSL
-1/5DMkpv4sZnqeymAiGiOOofNrxpxtHCvEB4RTp4hGd3B3FxyVkkfVvwQQ6OyB2WvBVn7qht6/9Y
-H64e3atPXIjYx+Lq6jGUQpci2w==
------END CERTIFICATE-----
-subject=CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
-issuer=CN=Hellenic Academic and Research Institutions RootCA 2011, O=Hellenic Academic and Research Institutions Cert. Authority, C=GR
------BEGIN CERTIFICATE-----
-MIIGcTCCBVmgAwIBAgIIGn48dflJd1IwDQYJKoZIhvcNAQELBQAwgZUxCzAJBgNVBAYTAkdSMUQw
-QgYDVQQKEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIENlcnQu
-IEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3Rp
-dHV0aW9ucyBSb290Q0EgMjAxMTAeFw0xNjA3MTkxMDMwNDZaFw0yNDA3MTcxMDMwNDZaMIGmMQsw
-CQYDVQQGEwJHUjEPMA0GA1UEBxMGQXRoZW5zMUQwQgYDVQQKEztIZWxsZW5pYyBBY2FkZW1pYyBh
-bmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIENlcnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVu
-aWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBSb290Q0EgMjAxNTCCAiIwDQYJ
-KoZIhvcNAQEBBQADggIPADCCAgoCggIBAML4qT8bifw8PARdPZA2sJE6eTxmWu9tOQFJGrS3z39N
-I1O3kADjEyoopjHxkQDjKOyuIUHOH9r9fRJbAYMPubBfmeHyEoOATQY+36yv56GIazGv8IvQGDO4
-20VqNPQCgCQoCgIVlV52Kg2ZOhRb9svLU7wTTQGIN5QlG0K8ItiOo5ZeOtky2z7o8BBl7XThL6d8
-ryc0uyl9m7bPCcjl0wr8iGVldArccxxczUCxHNS2hIxMUM9ojqhZrsInToKiNd0U9B//snfVhy+q
-bn0kJ+fGyybm5f5nB2PYRQ3dOlllOVh6kplyPZyEXoghuNX0LPzZcFJPeLi9PCuLlZj1s9FozyAU
-fkxcX+eL5fU1gRk31xEIt2a+00rOg1cAOsOB+BfLkjZd0aPYdRvhiyfqekhB/UUZBq0nmU7BcEfd
-tZ+BUxLlsYxIXTFDF+OMxnpjlkspME6ETmIZXjzOl5ClfwHrneD4i4ndJZg9krZ+79nxUVF9LSbI
-aVlh4KxquCo2EQR6UL0yhL4v3HLV1x0WR+RHZiA/9JbFr44BeqUPemT1DRiH2a6I1fqEwTrAaSgt
-8g1oUarjpXfGpJAOoTeLMSNHwQkI6273eJvXgvyEIJlJGbYSRrH7RVUWqaNlrJwHD+pr3B8uBnLs
-hogS5C3bXwUv5PAD0yYz54DCzUKhFzQLAgMBAAGjggGwMIIBrDAPBgNVHRMBAf8EBTADAQH/MA4G
-A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJvXVdctA4GGqd83EkVAswRgYDVR0fBD8wPTA7
-oDmgN4Y1aHR0cDovL2NybHYxLmhhcmljYS5nci9IYXJpY2FSb290Q0EyMDExL2NybHYxLmRlci5j
-cmwwHwYDVR0jBBgwFoAUppFC/RNhSiOeCKQp5dgTBCPuQSUwbgYIKwYBBQUHAQEEYjBgMCEGCCsG
-AQUFBzABhhVodHRwOi8vb2NzcC5oYXJpY2EuZ3IwOwYIKwYBBQUHMAKGL2h0dHA6Ly93d3cuaGFy
-aWNhLmdyL2NlcnRzL0hhcmljYVJvb3RDQTIwMTEuY3J0MIGQBgNVHSAEgYgwgYUwgYIGBFUdIAAw
-ejAyBggrBgEFBQcCARYmaHR0cDovL3d3dy5oYXJpY2EuZ3IvZG9jdW1lbnRzL0NQUy5waHAwRAYI
-KwYBBQUHAgIwOAw2VGhpcyBjZXJ0aWZpY2F0ZSBpcyBzdWJqZWN0IHRvIEdyZWVrIGxhd3MgYW5k
-IG91ciBDUFMuMA0GCSqGSIb3DQEBCwUAA4IBAQCI1QWSZXa9rZJOYCTxBoag7VU8vZfaaegtz2s+
-24HjERi5837T/Fn4wf8oU+tyDCXpnU3hyxsAPGSim/qeRFW3MhyMXUspGC+vW6gaoY0fQ5zxVH/6
-10dPl91uM3ItnnslMQZnHO79WFc+0qI3FWw6pRtE9qxVkr3Ed38ay2sQhEtnsgxlv83JPtPXVTBS
-L7YtbvlQPf9eu85xaBtBCM2hc8SoH34vEpnaX70o1WvVsMRLyH2SEhQO1POBKf9+WMddJKi8/eVz
-EBRMXOR/XzsofGT7hpZuK3nSJR6FOeEU+AaOUveNZEJY2kTA2vqjqUvPLeO9R45736xh/jWnHi51
+MIIG2TCCBMGgAwIBAgIQYZteMfORbXWXH5ZcjAG4cDANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQG
+EwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9u
+cyBDQTEtMCsGA1UEAwwkSEFSSUNBIENvZGUgU2lnbmluZyBSU0EgUm9vdCBDQSAyMDIxMB4XDTIx
+MDMxOTA5MzA1NFoXDTM2MDMxNTA5MzA1M1owazELMAkGA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxl
+bmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ0ExIzAhBgNVBAMMGkhBUklD
+QSBFViBDb2RlIFNpZ25pbmcgUlNBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAmMS1
+EVUU+/udbIUugAyLqgmZn/miG4k7ZRXpQ8qVU4Ja2Fyu8Ha7SrL8jW3sTvIK5K7oTOQ6KbMp6LkQ
+szPD29QG5qjBnpO2akvVsJ1JtYDzhSYYkuEqYn9Mtke2ZFEfiZhRToY7ltJAO3K6tAynTrq73d1C
+izJcVR+izD97tI1aDQvDLa2Xl9tFgKyySsV4e4aLG0/wx9znn4J2flWTIwQnn06nfkmNRXZDfCqQ
+l9ogPwnM1KsbTAhNTFVbZ0LuL6Gymc+2OonhWyi9unJH12syskfK6W+JrjzZypAEu63iGYcnSmS9
+GiTqyfyyoTPJMTTZPnLQCb7wvdVVMJuUAqeZb/GWBdiP+GxKBvYYuhTuK5tcbBi/VT1boApASj+t
+uWEw5nFDFkNdN+DmFTG53tZ+8l0R8vXiXc/C82yugP4M4aFsLVxPTTZlVksSSti/MT3G5iulOcKP
+X87va3X5xv21pEt9oCXhf5m8c6507YKRhSOJuiRcsM777LET0/HH+bjgnA9JznvKF2vFYcxlCzH/
+ZLT1UetIyNvhjJYI9vJBCtiXvJ4I5OzxWzHDG+4gL3x/e0TXI9nl+aR8FWknHV9+hObvK5WaqFcV
+PztHTxcdOjLRb0LC0pjaSBbTeRNJ7iUOVDdZ8VOQ5LW8tEDchbY7KRmgrV7mxnhJK/53N50CAwEA
+AaOCAW0wggFpMBIGA1UdEwEB/wQIMAYBAf8CAQAwHwYDVR0jBBgwFoAUtGQWSOj8WkszKYnrmUC5
+ILT2YRowXAYIKwYBBQUHAQEEUDBOMEwGCCsGAQUFBzAChkBodHRwOi8vcmVwby5oYXJpY2EuZ3Iv
+Y2VydHMvSEFSSUNBLUNvZGVTaWduaW5nLVJvb3QtMjAyMS1SU0EuY2VyMEQGA1UdIAQ9MDswOQYE
+VR0gADAxMC8GCCsGAQUFBwIBFiNodHRwOi8vcmVwby5oYXJpY2EuZ3IvZG9jdW1lbnRzL0NQUzAT
+BgNVHSUEDDAKBggrBgEFBQcDAzBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vY3JsLmhhcmljYS5n
+ci9IQVJJQ0EtQ29kZVNpZ25pbmctUm9vdC0yMDIxLVJTQS5jcmwwHQYDVR0OBBYEFAdZmPK1dYDL
+NtHERsqzQ+RVARsGMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAWZWbfyhrPQfb
+2ljh17rJnf4ZeKa7thpS7FNnkg812gmXhklYvfb4OvGi0z7EAQBx/UsXCtQv9MJbZFI5iEvVKQaN
+FPZoEae5cO4KFWyS062vlXupYjxpOCAwkTyyZLfeb5NUGM/MbD5Lw/7E0uExU3XogLv1o8F2Jb4L
+AYAlpG97Ab0MFDJTpAFbAF00DzVEp9J1B5KtDlfNms8bYb9EAoc/sGUNZVyz1FGL0Fu/giMcyTdg
+tVcvupxFoHodI77+XtNC6tGBB/nssunYmiFu+2fowitz2KTk+oIyLFz9I3uXnAFq3YKTZQfJzkHT
+IpH89C6CKhMmuuUK6JwomtHjQpOK6Aq4uObkRiJ/sLLZkEAqpRM+leIKf3QskaVo7aZmVRcLV6/i
+7wcT5LjmCPtjKzGtmWtT4uLM/7dQxaIaBTBDqmjABkSJLb0Oczk/KYoiLn5j+5SBAVEy9BtJQkOP
+k6t4nR3klfoSDuoSn/LvsRbfCQiqPqca+oypxNJS6K2/vZ+7wXSWM6Hk2Ao9Rq5Udt/VcMz7gJxn
+i//sh9rqlqZyXEBxZLtKAxDVObbogdvvXIS/k0oc78C5rGWypuVw8IdpHW+4ZWIkdVqNQ5Y453z/
+dDEqWP8A2uloPZsbpp+LibhhHdbOssTG6K5uEWLMMKDVXeEyyBUQLkljiFWZsuQ=
 -----END CERTIFICATE-----

ansible/roles/codesign_box/templates/aws_credentials

@@ -0,0 +1,3 @@
+[default]
+aws_access_key_id = {{ aws_access_key_id }}
+aws_secret_access_key = {{ aws_secret_access_key }}