-
-
Notifications
You must be signed in to change notification settings - Fork 47
Update windows certificate for AppVeyor
Kiwix-build is responsible to build kiwix-desktop for Windows using the Appveyor CI.
kiwix-desktop is signed and the certificate used is limited in time, it have to be renewed every year. This wiki page explains how to encrypt and upload the certificate for the CI. How the certificate is renewed is not explained here.
What do you need :
- The pfx certificate (called
kiwix.pfx) and the password to use it (come from how you have renewed the certificate). The password will be called<certificate_pwd> - openssl (from your distribution package manager)
- The password use to encode/decode the pfx certificate (ask the team). It will called
<secret_pwd>.
Run openssl enc -pbkdf2 -aes-256-cbc -md sha256 -pass pass:<secret_pwd> -in kiwix.pfx -out kiwix.pfx.enc
Move kiwix.pfx.enc in the appveyor directory of this repository (in place of existing one)
Go on appveyor project settings, environment section.
Update win_certificate_password with <certificate_pwd>.
Update win_certificate_secret with <secret_pwd>.
Be sure to keep the environment variables secret !
Create a commit for this certificate change (kiwix.pfx.enc) and create a PR for this.
Attention ! Be carefull to NOT (and never) add kiwix.pfx to git !!
If you do so, the best thing to do is to revoke the certificate and regenerate a new one.
Wait for the (AppVeyor) CI to pass and your good to merge.
Done !