Skip to content

Commit

Permalink
Some rough improvements to codesign logic
Browse files Browse the repository at this point in the history
  • Loading branch information
PastaJ36 authored and simon-wh committed Oct 21, 2024
1 parent 808b9a6 commit 9c9c0b0
Show file tree
Hide file tree
Showing 5 changed files with 52 additions and 10 deletions.
2 changes: 2 additions & 0 deletions ci/before_deploy.sh
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,8 @@ main() {
# rustup default nightly
cargo make build-target-release

# Codesign dlls before packaging up
./ci/codesign_dll.sh

mkdir $stage/plugins
mkdir $stage/plugins/lib
Expand Down
25 changes: 20 additions & 5 deletions ci/codesign.ps1
Original file line number Diff line number Diff line change
@@ -1,8 +1,23 @@
# Thanks https://github.com/electron-userland/electron-builder/issues/3629#issuecomment-473238513
Set-PSDebug -Trace 1
# Set-PSDebug -Trace 1
$ErrorActionPreference = "Stop"
# dir cert:/LocalMachine

dir cert:/LocalMachine
# $WINDOWS_SDK_VER = '10.0.17763.0'
$WINDOWS_SDK_VER = '10.0.22000.0'

$Password = ConvertTo-SecureString -String $Env:WIN_CSC_KEY_PASSWORD -AsPlainText -Force
Import-PfxCertificate -FilePath cert.pfx -CertStoreLocation Cert:\LocalMachine\My -Password $Password
Start-Process -NoNewWindow -Wait 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.17763.0/x86/signtool.exe' -ArgumentList "sign -v -sm -s My -n `"$Env:WIN_CSC_SUBJECTNAME`" -d `"$Env:WIN_CSC_DESC`" `"$Env:WIN_INSTALLER_PATH`""
# Remember what the Path was before so we can clean it up after exiting
$PREV_PATH = $env:PATH

$env:PATH += ";C:/Program Files (x86)/Windows Kits/10/bin/$WINDOWS_SDK_VER/x64/"

# $Password = ConvertTo-SecureString -String $Env:WIN_CSC_KEY_PASSWORD -AsPlainText -Force
# Import-PfxCertificate -FilePath cert.pfx -CertStoreLocation Cert:\LocalMachine\My -Password $Password

# Passing in $args allows the caller to specify multiple files to be signed at once
signtool.exe sign /tr $env:TimestampServer /td sha256 /fd sha256 /n $Env:WIN_CSC_SUBJECTNAME $args
signtool.exe verify /pa $args
# Start-Process -NoNewWindow -Wait 'signtool.exe' -ArgumentList "sign /tr `"$env:TimestampServer`" /td sha256 /fd sha256 /n `"$Env:WIN_CSC_SUBJECTNAME`" `"$File`""
# Start-Process -NoNewWindow -Wait 'signtool.exe' -ArgumentList "verify /pa `"$File`""

$env:PATH = $PREV_PATH
5 changes: 2 additions & 3 deletions ci/codesign.sh
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,10 @@ if [ $RUNNER_OS = Windows ]; then

# choco install -y windows-sdk-10.0

curl -v -L "$WIN_CSC_LINK" --output cert.pfx
# curl -v -L "$WIN_CSC_LINK" --output cert.pfx

powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope LocalMachine
powershell Get-ExecutionPolicy -List

powershell $GITHUB_WORKSPACE/ci/codesign.ps1
'C:/Program Files (x86)/Windows Kits/10/bin/10.0.17763.0/x86/signtool.exe' verify -pa "$WIN_INSTALLER_PATH"
powershell $GITHUB_WORKSPACE/ci/codesign.ps1 $WIN_INSTALLER_PATH
fi
23 changes: 23 additions & 0 deletions ci/codesign_dll.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Thanks https://github.com/electron-userland/electron-builder/issues/3629#issuecomment-473238513
if [ $RUNNER_OS = Windows ]; then
set -e


# curl -v -L "$WIN_CSC_LINK" --output cert.pfx

# powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope LocalMachine
# powershell Get-ExecutionPolicy -List

ROOT_DIR=${GITHUB_WORKSPACE:-.}
ARTIFACT_FOLDER=$ROOT_DIR/target/release-artifacts

powershell $ROOT_DIR/ci/codesign.ps1 $ARTIFACT_FOLDER/wooting_analog_sdk.dll $ARTIFACT_FOLDER/wooting_analog_plugin.dll $ARTIFACT_FOLDER/wooting_analog_wrapper.dll $ARTIFACT_FOLDER/wooting-analog-sdk-updater.exe $ARTIFACT_FOLDER/wooting_analog_test_plugin.dll $ARTIFACT_FOLDER/wooting-analog-virtual-control.exe

# powershell $ROOT_DIR/ci/codesign.ps1 $ARTIFACT_FOLDER/wooting_analog_sdk.dll
# powershell $ROOT_DIR/ci/codesign.ps1 $ARTIFACT_FOLDER/wooting_analog_plugin.dll
# powershell $ROOT_DIR/ci/codesign.ps1 $ARTIFACT_FOLDER/wooting_analog_wrapper.dll
# powershell $ROOT_DIR/ci/codesign.ps1 $ARTIFACT_FOLDER/wooting-analog-sdk-updater.exe

# powershell $ROOT_DIR/ci/codesign.ps1 $ARTIFACT_FOLDER/wooting_analog_test_plugin.dll
# powershell $ROOT_DIR/ci/codesign.ps1 $ARTIFACT_FOLDER/wooting-analog-virtual-control.exe
fi
7 changes: 5 additions & 2 deletions wooting-analog-sdk/Makefile.toml
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,14 @@ command = "cargo"
args = ["wix" , "-p", "wooting-analog-sdk", "--nocapture", "--output", "${WIN_INSTALLER_PATH}"]

[tasks.sign-win-installer]
condition = {env_true = ["CARGO_MAKE_CI"]}
env = {CODESIGN_SCRIPT_PATH="${CARGO_MAKE_WORKSPACE_WORKING_DIRECTORY}/ci/codesign.ps1"}
# condition = {env_true = ["CARGO_MAKE_CI"]}
dependencies = ["win-installer"]
script_runner = "bash"
# bash ../ci/codesign.sh
script = [
'''
bash ../ci/codesign.sh
powershell $CODESIGN_SCRIPT_PATH $WIN_INSTALLER_PATH
'''
]

Expand Down

0 comments on commit 9c9c0b0

Please sign in to comment.