smallsolar
/
kiwix-build
mirror of https://github.com/kiwix/kiwix-build.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Sign all binaries (exe) on Windows when we do a release

This commit is contained in:
Matthieu Gautier 2024-09-02 17:37:30 +02:00 committed by renaud gaudin
parent 49b15d12b7
commit 263ce4c87d
No known key found for this signature in database
GPG Key ID: 447475A4CFBA2E24
1 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
.github/scripts/common.py vendored
View File

@ -456,6 +456,25 @@ def get_postfix(project):
return postfix return postfix
def sign_binary(path):
# We assume here that signtool and certificate are properly configured.
# Env var `SIGNTOOL_THUMBPRINT` must contain thumbprint of the certificate to use.
command = [
os.getenv("SIGNTOOL_PATH", "signtool.exe"),
"sign",
"/fd",
"sha256",
"/tr",
"http://ts.ssl.com",
"/td",
"sha256",
"/sha1",
os.environ["SIGNTOOL_THUMBPRINT"],
str(path),
]
subprocess.run(command, check=True)
def make_archive(project, make_release): def make_archive(project, make_release):
platform_name = get_platform_name() platform_name = get_platform_name()
if not platform_name: if not platform_name:
@ -477,6 +496,12 @@ def make_archive(project, make_release):
files_to_archive = [] files_to_archive = []
for export_file in export_files: for export_file in export_files:
files_to_archive.extend(base_dir.glob(export_file)) files_to_archive.extend(base_dir.glob(export_file))
if make_release and platform.system() == "Windows":
for file in files_to_archive:
if str(file).endswith(".exe"):
sign_binary(file)
if platform_name == "win-i686" or platform.system() == "Windows": if platform_name == "win-i686" or platform.system() == "Windows":
open_archive = lambda a: zipfile.ZipFile( open_archive = lambda a: zipfile.ZipFile(
str(a), "w", compression=zipfile.ZIP_DEFLATED str(a), "w", compression=zipfile.ZIP_DEFLATED