mirror of
https://github.com/goatcorp/Dalamud.git
synced 2025-12-12 10:17:22 +01:00
chore: codesigning for releases
This commit is contained in:
goat
parent
98bdec1e34
commit
875ca915b6
2 changed files with 76 additions and 0 deletions
5
.github/workflows/main.yml
vendored
5
.github/workflows/main.yml
vendored
|
|
@ -29,6 +29,11 @@ jobs:
|
||||||
run: .\build.ps1 compile
|
run: .\build.ps1 compile
|
||||||
- name: Test Dalamud
|
- name: Test Dalamud
|
||||||
run: .\build.ps1 test
|
run: .\build.ps1 test
|
||||||
|
- name: Sign Dalamud
|
||||||
|
env:
|
||||||
|
CODESIGN_CERT_PFX: ${{ secrets.CODESIGN_CERT_PFX }}
|
||||||
|
CODESIGN_CERT_PASSWORD: ${{ secrets.CODESIGN_CERT_PASSWORD }}
|
||||||
|
run: .\sign.ps1 .\bin\Release
|
||||||
- name: Create hashlist
|
- name: Create hashlist
|
||||||
run: .\CreateHashList.ps1 .\bin\Release
|
run: .\CreateHashList.ps1 .\bin\Release
|
||||||
- name: Upload artifact
|
- name: Upload artifact
|
||||||
|
|
|
||||||
71
sign.ps1
Normal file
71
sign.ps1
Normal file
|
|
@ -0,0 +1,71 @@
|
||||||
|
# Get the certificate and password from environment variables
|
||||||
|
$certificateBase64 = $env:CODESIGN_CERT_PFX
|
||||||
|
$certificatePassword = $env:CODESIGN_CERT_PASSWORD
|
||||||
|
|
||||||
|
# Write the certificate to a file
|
||||||
|
$certificatePath = Join-Path -Path $env:TEMP -ChildPath 'certificate.pfx'
|
||||||
|
$certificateBytes = [Convert]::FromBase64String($certificateBase64)
|
||||||
|
[System.IO.File]::WriteAllBytes($certificatePath, $certificateBytes)
|
||||||
|
|
||||||
|
# Define the function to find the path to signtool.exe
|
||||||
|
function Get-SignToolPath {
|
||||||
|
# Array of common installation directories for Windows SDK
|
||||||
|
$sdkInstallationDirs = @(
|
||||||
|
"$env:ProgramFiles (x86)\Windows Kits\10\bin\x64",
|
||||||
|
"$env:ProgramFiles\Windows Kits\10\bin\x64",
|
||||||
|
"$env:ProgramFiles (x86)\Windows Kits\10\App Certification Kit"
|
||||||
|
)
|
||||||
|
|
||||||
|
foreach ($dir in $sdkInstallationDirs) {
|
||||||
|
$path = Join-Path -Path $dir -ChildPath 'signtool.exe'
|
||||||
|
#Write-Host $path
|
||||||
|
if (Test-Path -Path $path) {
|
||||||
|
return $path
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
throw "Could not find signtool.exe. Make sure the Windows SDK is installed."
|
||||||
|
}
|
||||||
|
|
||||||
|
# Find the path to signtool.exe
|
||||||
|
$signtoolPath = Get-SignToolPath
|
||||||
|
|
||||||
|
# Define the function to code-sign a file
|
||||||
|
function Sign-File {
|
||||||
|
param (
|
||||||
|
[Parameter(Mandatory=$true)]
|
||||||
|
[String]$FilePath
|
||||||
|
)
|
||||||
|
|
||||||
|
# Check if the file is already code-signed
|
||||||
|
$signature = Get-AuthenticodeSignature -FilePath $FilePath -ErrorAction SilentlyContinue
|
||||||
|
if ($signature.status -ne "NotSigned") {
|
||||||
|
Write-Host "File '$FilePath' is already code-signed. Skipping."
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
# Code-sign the file using signtool
|
||||||
|
Write-Host "Code-signing file '$FilePath'..."
|
||||||
|
& $signtoolPath sign /tr http://timestamp.digicert.com /td sha256 /v /fd sha256 /f $certificatePath /p $certificatePassword $FilePath
|
||||||
|
}
|
||||||
|
|
||||||
|
# Define the function to recursively code-sign files in a directory
|
||||||
|
function Sign-FilesRecursively {
|
||||||
|
param (
|
||||||
|
[Parameter(Mandatory=$true)]
|
||||||
|
[String]$DirectoryPath
|
||||||
|
)
|
||||||
|
|
||||||
|
Write-Host $DirectoryPath
|
||||||
|
|
||||||
|
# Get all exe and dll files recursively
|
||||||
|
dir $DirectoryPath -recurse | where {$_.extension -in ".exe",".dll"} | ForEach-Object {
|
||||||
|
Sign-File -FilePath $_.FullName
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Usage: Provide the directory path as an argument to sign files recursively
|
||||||
|
Sign-FilesRecursively -DirectoryPath $args[0]
|
||||||
|
|
||||||
|
# Remove the temporary certificate file
|
||||||
|
Remove-Item -Path $certificatePath
|
||||||
Loading…
Add table
Add a link
Reference in a new issue