smallsolar
/
kiwix-build
mirror of https://github.com/kiwix/kiwix-build.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #740 from kiwix/kiwix-desktop_signing

This commit is contained in:
Matthieu Gautier 2024-08-29 19:47:57 +02:00 committed by GitHub
parent 21176bcf82 8b9d9f87e5
commit 5f65164e1a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 50 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/scripts/build_definition.py vendored
View File

@ -24,7 +24,7 @@ BUILD_DEF = """
# On Windows, we build only libzim for now. And only native_mixed as xapian doesn't compile as dll
| windows | native_static | Bd | d | d | d | | win-x86_64 | win-x86_64-static |
| windows | native_dyn | Bd | | | | | win-x86_64 | win-x86_64-dyn |
| windows | native_mixed | BPd | d | | | Bd | win-x86_64 | win-x86_64-mixed |
| windows | native_mixed | BPd | d | | | BPd | win-x86_64 | win-x86_64-mixed |
----------------------------------------------------------------------------------------------------------------------------------------------
# Osx builds, build binaries on native_dyn and native_static. On anyother things, build only the libraries
| macos | native_dyn | d | d | dB | B | | | macos-x86_64-dyn |

32
.github/workflows/releaseNigthly.yml vendored
View File

@ -52,6 +52,37 @@ jobs:
echo "${{secrets.ssh_key}}" > $SSH_KEY
env:
SSH_KEY: ${{ runner.temp }}/id_rsa
- name: Install and configure eSigner CKA and Windows SDK
if: github.event_name == 'push'
env:
ESIGNER_URL: https://github.com/SSLcom/eSignerCKA/releases/download/v1.0.7/SSL.COM-eSigner-CKA_1.0.7.zip
run: |
Set-StrictMode -Version 'Latest'
# Download and Unzip eSignerCKA Setup
Invoke-WebRequest -OutFile eSigner_CKA_Setup.zip "$env:ESIGNER_URL"
Expand-Archive -Force eSigner_CKA_Setup.zip
Remove-Item eSigner_CKA_Setup.zip
Move-Item -Destination “eSigner_CKA_Installer.exe” -Path “eSigner_CKA_*\*.exe”
# Install eSignerCKA
New-Item -ItemType Directory -Force -Path "C:\esigner"
./eSigner_CKA_Installer.exe /CURRENTUSER /VERYSILENT /SUPPRESSMSGBOXES /DIR=”C:\esigner” /TYPE=automatic | Out-Null
Remove-Item "eSigner_CKA_Installer.exe"
# Configure the CKA with SSL.com credentials
C:\esigner\eSignerCKATool.exe config -mode product -user "${{ secrets.ESIGNER_USERNAME }}" -pass "${{ secrets.ESIGNER_PASSWORD }}" -totp "${{ secrets.ESIGNER_TOTP_SECRET }}" -key "C:\esigner\master.key" -r
C:\esigner\eSignerCKATool.exe unload
C:\esigner\eSignerCKATool.exe load
# Find certificate
$CodeSigningCert = Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert | Select-Object -First 1
echo Certificate: $CodeSigningCert
# Extract thumbprint and subject name
$Thumbprint = $CodeSigningCert.Thumbprint
echo "SIGNTOOL_THUMBPRINT=$Thumbprint" >> $env:GITHUB_ENV
- name: Ensure base deps
run: |
python .github\\scripts\\ensure_base_deps.py
@ -61,6 +92,7 @@ jobs:
run: |
python .github\\scripts\\build_release_nightly.py
env:
SIGNTOOL_PATH: "C:/Program Files (x86)/Windows Kits/10/bin/10.0.22621.0/x86/signtool.exe"
SSH_KEY: ${{ runner.temp }}/id_rsa
- name: Upload failure logs
if: failure()

20
scripts/package_kiwix-desktop_windows.py
View File

@ -1,6 +1,6 @@
#!/usr/bin/env python3
import sys, subprocess, shutil, argparse
import sys, subprocess, shutil, argparse, os
from pathlib import Path
parser = argparse.ArgumentParser()
@ -48,9 +48,23 @@ ssl_directory = Path("C:/") / "Program Files" / "OpenSSL"
shutil.copy2(ssl_directory / "libcrypto-1_1-x64.dll", out_dir)
shutil.copy2(ssl_directory / "libssl-1_1-x64.dll", out_dir)
# [TODO] Sign binary
if args.sign:
pass
# We assume here that signtool and certificate are properly configured.
# Env var `SIGNTOOL_THUMBPRINT` must contain thumbprint of the certificate to use.
command = [
os.getenv("SIGNTOOL_PATH", "signtool.exe"),
"sign",
"/fd",
"sha256",
"/tr",
"http://ts.ssl.com",
"/td",
"sha256",
"/sha1",
os.environ["SIGNTOOL_THUMBPRINT"],
str(out_dir / "kiwix-desktop.exe"),
]
subprocess.run(command, check=True)
print(
f"""Create archive