[TOREVERT] Temporarly setup signature in CI to be sure signature code is working

2024-08-29 14:30:09 +02:00 · 2024-08-29 14:30:09 +02:00 · ba777260cf
parent de90c6fefc
commit ba777260cf
3 changed files with 33 additions and 2 deletions
--- a/.github/scripts/build_definition.py
+++ b/.github/scripts/build_definition.py
@ -24,7 +24,7 @@ BUILD_DEF = """
 # On Windows, we build only libzim for now. And only native_mixed as xapian doesn't compile as dll
    | windows   | native_static      | Bd     | d        | d         | d           |               | win-x86_64              | win-x86_64-static      |
    | windows   | native_dyn         | Bd     |          |           |             |               | win-x86_64              | win-x86_64-dyn         |
-    | windows   | native_mixed       | BPd    | d        |           |             | BPd           | win-x86_64              | win-x86_64-mixed       |
+    | windows   | native_mixed       |        |          |           |             | BP            | win-x86_64              | win-x86_64-mixed       |
    ----------------------------------------------------------------------------------------------------------------------------------------------
 # Osx builds, build binaries on native_dyn and native_static. On anyother things, build only the libraries
    | macos     | native_dyn         | d      | d        | dB        | B           |               |                         | macos-x86_64-dyn       |
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -50,6 +50,37 @@ jobs:
        echo "${{secrets.ssh_key}}" > $SSH_KEY
      env:
        SSH_KEY: ${{ runner.temp }}/id_rsa
+    - name: Install and configure eSigner CKA and Windows SDK
+      if: github.event_name == 'push'
+      env:
+        ESIGNER_URL: https://github.com/SSLcom/eSignerCKA/releases/download/v1.0.7/SSL.COM-eSigner-CKA_1.0.7.zip
+      run: |
+          Set-StrictMode -Version 'Latest'
+
+          # Download and Unzip eSignerCKA Setup
+          Invoke-WebRequest -OutFile eSigner_CKA_Setup.zip "$env:ESIGNER_URL"
+          Expand-Archive -Force eSigner_CKA_Setup.zip
+          Remove-Item eSigner_CKA_Setup.zip
+          Move-Item -Destination “eSigner_CKA_Installer.exe” -Path “eSigner_CKA_*\*.exe”
+
+          # Install eSignerCKA
+          New-Item -ItemType Directory -Force -Path "C:\esigner"
+          ./eSigner_CKA_Installer.exe /CURRENTUSER /VERYSILENT /SUPPRESSMSGBOXES /DIR=”C:\esigner” /TYPE=automatic | Out-Null
+          Remove-Item "eSigner_CKA_Installer.exe"
+
+          # Configure the CKA with SSL.com credentials
+          C:\esigner\eSignerCKATool.exe config -mode product -user "${{ secrets.ESIGNER_USERNAME }}" -pass "${{ secrets.ESIGNER_PASSWORD }}" -totp "${{ secrets.ESIGNER_TOTP_SECRET }}" -key "C:\esigner\master.key" -r
+          C:\esigner\eSignerCKATool.exe unload
+          C:\esigner\eSignerCKATool.exe load
+
+          # Find certificate
+          $CodeSigningCert = Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert | Select-Object -First 1
+          echo Certificate: $CodeSigningCert
+
+          # Extract thumbprint and subject name
+          $Thumbprint = $CodeSigningCert.Thumbprint
+          echo "SIGNTOOL_THUMBPRINT=$Thumbprint" >> $env:GITHUB_ENV
+
    - name: Ensure base deps
      run: |
        python .github\\scripts\\ensure_base_deps.py
--- a/scripts/package_kiwix-desktop_windows.py
+++ b/scripts/package_kiwix-desktop_windows.py
@ -48,7 +48,7 @@ ssl_directory = Path("C:/") / "Program Files" / "OpenSSL"
 shutil.copy2(ssl_directory / "libcrypto-1_1-x64.dll", out_dir)
 shutil.copy2(ssl_directory / "libssl-1_1-x64.dll", out_dir)

-if args.sign:
+if True:
    # We assume here that signtool and certificate are properly configured.
    # Env var `SIGNTOOL_THUMBPRINT` must contain thumbprint of the certificate to use.
    command = [