{"id":13837363,"url":"https://github.com/sassoftware/relic","last_synced_at":"2025-05-15T01:06:09.523Z","repository":{"id":22605950,"uuid":"95042903","full_name":"sassoftware/relic","owner":"sassoftware","description":"Relic is a service and a tool for adding digital signatures to operating system packages for Linux and Windows","archived":false,"fork":false,"pushed_at":"2025-03-18T15:12:29.000Z","size":5408,"stargazers_count":169,"open_issues_count":13,"forks_count":45,"subscribers_count":16,"default_branch":"master","last_synced_at":"2025-04-27T09:48:59.211Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sassoftware.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2017-06-21T20:24:56.000Z","updated_at":"2025-04-25T10:15:51.000Z","dependencies_parsed_at":"2024-01-13T17:10:56.661Z","dependency_job_id":"0ee8cfe9-b9b8-42c4-9c58-8adb4fdda44e","html_url":"https://github.com/sassoftware/relic","commit_stats":{"total_commits":359,"total_committers":13,"mean_commits":"27.615384615384617","dds":"0.24233983286908078","last_synced_commit":"e00f5e21505ed825524bf4bce700f3bfb920cabf"},"previous_names":[],"tags_count":59,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sassoftware%2Frelic","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sassoftware%2Frelic/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sassoftware%2Frelic/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sassoftware%2Frelic/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sassoftware","download_url":"https://codeload.github.com/sassoftware/relic/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254254040,"owners_count":22039792,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T15:01:07.301Z","updated_at":"2025-05-15T01:06:09.497Z","avatar_url":"https://github.com/sassoftware.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"relic is a multi-tool and server for package signing and working with hardware security modules (HSMs).\n\n# Package types\n* RPM - RedHat packages\n* DEB - Debian packages\n* JAR - Java archives\n* EXE (PE/COFF) - Windows executable\n* MSI - Windows installer\n* appx, appxbundle - Windows universal application\n* CAB - Windows cabinet file\n* CAT - Windows security catalog\n* XAP - Silverlight and legacy Windows Phone applications\n* PS1, PS1XML, MOF, etc. - Microsoft Powershell scripts and modules\n* manifest, application - Microsoft ClickOnce manifest\n* VSIX - Visual Studio extension\n* Mach-O - macOS/iOS signed executables\n* DMG, PKG - macOS disk images / installer packages\n* APK - Android package\n* PGP - inline, detached or cleartext signature of data\n\n# Token types\nrelic can work with several types of token:\n\n* pkcs11 - Industry standard PKCS#11 HSM interface using shared object files\n* Cloud services - AWS, Azure and Google Cloud managed keys\n* scdaemon - The GnuPG scdaemon service can enable access to OpenPGP cards (such as Yubikey NEO)\n* file - Private keys stored in a password-protected file\n\n# Features\nRelic is primarily meant to operate as a signing server, allowing clients to authenticate with a TLS certificate and sign packages remotely. It can also be used as a standalone signing tool.\n\nOther features include:\n\n* Generating and importing keys in the token\n* Importing certificate chains from a PKCS#12 file\n* Creating X509 certificate signing requests (CSR) and self-signed certificates\n* Limited X509 CA support -- signing CSRs and cross-signing certificates\n* Creating simple PGP public keys\n* RSA and ECDSA supported for all non-PGP signature types (due to a limitation in the underlying PGP implementation, ECDSA is not currently possible for PGP signature types)\n* Verify signatures, certificate chains and timestamps on all supported package types\n* Save token PINs in the system keyring\n\n# Platforms\nLinux, Windows and MacOS are supported. Other platforms probably work as well.\n\nrelic is tested using libsofthsm2. Every vendor PKCS#11 implementation has quirks, so if relic doesn't work with your hardware please submit a pull request.\n\n# Installation\nPre-built client binaries are available from the Github releases page. Alternately, relic can be built from source:\n\n```go install github.com/sassoftware/relic/v8@latest```\n\nThe following build tags are also available:\n\n* clientonly - build a lightweight binary without standalone signing features\n\nSee [doc/relic.yml](./doc/relic.yml) for an example configuration.\n\n# Additional documentation\n\n* [Signing Android packages](./doc/android.md)\n* [Signing MacOS binaries](./doc/macos.md)\n* [Using Azure Key Vault](./doc/azure.md)\n* [Using a PGP card, YubiKey etc.](./doc/pgpcard.md)\n\n# Related projects\n* SoftHSMv2 - file-based PKCS#11 implementation for testing https://github.com/opendnssec/SoftHSMv2\n* uts-server - timestamping server for testing https://github.com/kakwa/uts-server\n* osslsigncode - Signs EXEs, MSIs, and CABs using openssl https://sourceforge.net/projects/osslsigncode/\n* fb-util-for-appx - Builds signed APPX archives https://github.com/facebook/fb-util-for-appx\n* OpenVsixSignTool - Sign VSIX extensions using an Azure key vault https://github.com/vcsjones/OpenVsixSignTool\n\n# Reference specifications\n* PE/COFF specification - https://www.microsoft.com/en-us/download/details.aspx?id=19509\n* Authenticode PE specification - http://download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/Authenticode_PE.docx\n* Microsoft ClickOnce manifest structure - https://msdn.microsoft.com/en-us/library/dd947276(v=office.12).aspx\n* Microsoft Compound File format (for MSI) - https://msdn.microsoft.com/en-us/library/dd942138.aspx\n* Alternate reference for compound document format from OpenOffice - https://www.openoffice.org/sc/compdocfileformat.pdf\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsassoftware%2Frelic","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsassoftware%2Frelic","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsassoftware%2Frelic/lists"}