From ba777260cfbd86698b41cc54822bc018c89af240 Mon Sep 17 00:00:00 2001 From: Matthieu Gautier Date: Thu, 29 Aug 2024 14:30:09 +0200 Subject: [PATCH] [TOREVERT] Temporarly setup signature in CI to be sure signature code is working --- .github/scripts/build_definition.py | 2 +- .github/workflows/ci.yml | 31 ++++++++++++++++++++++++ scripts/package_kiwix-desktop_windows.py | 2 +- 3 files changed, 33 insertions(+), 2 deletions(-) diff --git a/.github/scripts/build_definition.py b/.github/scripts/build_definition.py index a87f2ac..2a3bfcd 100644 --- a/.github/scripts/build_definition.py +++ b/.github/scripts/build_definition.py @@ -24,7 +24,7 @@ BUILD_DEF = """ # On Windows, we build only libzim for now. And only native_mixed as xapian doesn't compile as dll | windows | native_static | Bd | d | d | d | | win-x86_64 | win-x86_64-static | | windows | native_dyn | Bd | | | | | win-x86_64 | win-x86_64-dyn | - | windows | native_mixed | BPd | d | | | BPd | win-x86_64 | win-x86_64-mixed | + | windows | native_mixed | | | | | BP | win-x86_64 | win-x86_64-mixed | ---------------------------------------------------------------------------------------------------------------------------------------------- # Osx builds, build binaries on native_dyn and native_static. On anyother things, build only the libraries | macos | native_dyn | d | d | dB | B | | | macos-x86_64-dyn | diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fe4c020..47935bd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -50,6 +50,37 @@ jobs: echo "${{secrets.ssh_key}}" > $SSH_KEY env: SSH_KEY: ${{ runner.temp }}/id_rsa + - name: Install and configure eSigner CKA and Windows SDK + if: github.event_name == 'push' + env: + ESIGNER_URL: https://github.com/SSLcom/eSignerCKA/releases/download/v1.0.7/SSL.COM-eSigner-CKA_1.0.7.zip + run: | + Set-StrictMode -Version 'Latest' + + # Download and Unzip eSignerCKA Setup + Invoke-WebRequest -OutFile eSigner_CKA_Setup.zip "$env:ESIGNER_URL" + Expand-Archive -Force eSigner_CKA_Setup.zip + Remove-Item eSigner_CKA_Setup.zip + Move-Item -Destination “eSigner_CKA_Installer.exe” -Path “eSigner_CKA_*\*.exe” + + # Install eSignerCKA + New-Item -ItemType Directory -Force -Path "C:\esigner" + ./eSigner_CKA_Installer.exe /CURRENTUSER /VERYSILENT /SUPPRESSMSGBOXES /DIR=”C:\esigner” /TYPE=automatic | Out-Null + Remove-Item "eSigner_CKA_Installer.exe" + + # Configure the CKA with SSL.com credentials + C:\esigner\eSignerCKATool.exe config -mode product -user "${{ secrets.ESIGNER_USERNAME }}" -pass "${{ secrets.ESIGNER_PASSWORD }}" -totp "${{ secrets.ESIGNER_TOTP_SECRET }}" -key "C:\esigner\master.key" -r + C:\esigner\eSignerCKATool.exe unload + C:\esigner\eSignerCKATool.exe load + + # Find certificate + $CodeSigningCert = Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert | Select-Object -First 1 + echo Certificate: $CodeSigningCert + + # Extract thumbprint and subject name + $Thumbprint = $CodeSigningCert.Thumbprint + echo "SIGNTOOL_THUMBPRINT=$Thumbprint" >> $env:GITHUB_ENV + - name: Ensure base deps run: | python .github\\scripts\\ensure_base_deps.py diff --git a/scripts/package_kiwix-desktop_windows.py b/scripts/package_kiwix-desktop_windows.py index 7b17c93..bb85f53 100644 --- a/scripts/package_kiwix-desktop_windows.py +++ b/scripts/package_kiwix-desktop_windows.py @@ -48,7 +48,7 @@ ssl_directory = Path("C:/") / "Program Files" / "OpenSSL" shutil.copy2(ssl_directory / "libcrypto-1_1-x64.dll", out_dir) shutil.copy2(ssl_directory / "libssl-1_1-x64.dll", out_dir) -if args.sign: +if True: # We assume here that signtool and certificate are properly configured. # Env var `SIGNTOOL_THUMBPRINT` must contain thumbprint of the certificate to use. command = [