Matthieu Gautier
parent
52d757c660
commit
de90c6fefc
|
|
@ -52,6 +52,37 @@ jobs:
|
||||||
echo "${{secrets.ssh_key}}" > $SSH_KEY
|
echo "${{secrets.ssh_key}}" > $SSH_KEY
|
||||||
env:
|
env:
|
||||||
SSH_KEY: ${{ runner.temp }}/id_rsa
|
SSH_KEY: ${{ runner.temp }}/id_rsa
|
||||||
|
- name: Install and configure eSigner CKA and Windows SDK
|
||||||
|
if: github.event_name == 'push'
|
||||||
|
env:
|
||||||
|
ESIGNER_URL: https://github.com/SSLcom/eSignerCKA/releases/download/v1.0.7/SSL.COM-eSigner-CKA_1.0.7.zip
|
||||||
|
run: |
|
||||||
|
Set-StrictMode -Version 'Latest'
|
||||||
|
|
||||||
|
# Download and Unzip eSignerCKA Setup
|
||||||
|
Invoke-WebRequest -OutFile eSigner_CKA_Setup.zip "$env:ESIGNER_URL"
|
||||||
|
Expand-Archive -Force eSigner_CKA_Setup.zip
|
||||||
|
Remove-Item eSigner_CKA_Setup.zip
|
||||||
|
Move-Item -Destination “eSigner_CKA_Installer.exe” -Path “eSigner_CKA_*\*.exe”
|
||||||
|
|
||||||
|
# Install eSignerCKA
|
||||||
|
New-Item -ItemType Directory -Force -Path "C:\esigner"
|
||||||
|
./eSigner_CKA_Installer.exe /CURRENTUSER /VERYSILENT /SUPPRESSMSGBOXES /DIR=”C:\esigner” /TYPE=automatic | Out-Null
|
||||||
|
Remove-Item "eSigner_CKA_Installer.exe"
|
||||||
|
|
||||||
|
# Configure the CKA with SSL.com credentials
|
||||||
|
C:\esigner\eSignerCKATool.exe config -mode product -user "${{ secrets.ESIGNER_USERNAME }}" -pass "${{ secrets.ESIGNER_PASSWORD }}" -totp "${{ secrets.ESIGNER_TOTP_SECRET }}" -key "C:\esigner\master.key" -r
|
||||||
|
C:\esigner\eSignerCKATool.exe unload
|
||||||
|
C:\esigner\eSignerCKATool.exe load
|
||||||
|
|
||||||
|
# Find certificate
|
||||||
|
$CodeSigningCert = Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert | Select-Object -First 1
|
||||||
|
echo Certificate: $CodeSigningCert
|
||||||
|
|
||||||
|
# Extract thumbprint and subject name
|
||||||
|
$Thumbprint = $CodeSigningCert.Thumbprint
|
||||||
|
echo "SIGNTOOL_THUMBPRINT=$Thumbprint" >> $env:GITHUB_ENV
|
||||||
|
|
||||||
- name: Ensure base deps
|
- name: Ensure base deps
|
||||||
run: |
|
run: |
|
||||||
python .github\\scripts\\ensure_base_deps.py
|
python .github\\scripts\\ensure_base_deps.py
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
#!/usr/bin/env python3
|
#!/usr/bin/env python3
|
||||||
|
|
||||||
import sys, subprocess, shutil, argparse
|
import sys, subprocess, shutil, argparse, os
|
||||||
from pathlib import Path
|
from pathlib import Path
|
||||||
|
|
||||||
parser = argparse.ArgumentParser()
|
parser = argparse.ArgumentParser()
|
||||||
|
|
@ -48,9 +48,23 @@ ssl_directory = Path("C:/") / "Program Files" / "OpenSSL"
|
||||||
shutil.copy2(ssl_directory / "libcrypto-1_1-x64.dll", out_dir)
|
shutil.copy2(ssl_directory / "libcrypto-1_1-x64.dll", out_dir)
|
||||||
shutil.copy2(ssl_directory / "libssl-1_1-x64.dll", out_dir)
|
shutil.copy2(ssl_directory / "libssl-1_1-x64.dll", out_dir)
|
||||||
|
|
||||||
# [TODO] Sign binary
|
|
||||||
if args.sign:
|
if args.sign:
|
||||||
pass
|
# We assume here that signtool and certificate are properly configured.
|
||||||
|
# Env var `SIGNTOOL_THUMBPRINT` must contain thumbprint of the certificate to use.
|
||||||
|
command = [
|
||||||
|
"signtool.exe",
|
||||||
|
"sign",
|
||||||
|
"/fd",
|
||||||
|
"sha256",
|
||||||
|
"/tr",
|
||||||
|
"http://ts.ssl.com",
|
||||||
|
"/td",
|
||||||
|
"sha256",
|
||||||
|
"/sha1",
|
||||||
|
os.environ["SIGNTOOL_THUMBPRINT"],
|
||||||
|
str(out_dir / "kiwix-desktop.exe"),
|
||||||
|
]
|
||||||
|
subprocess.run(command, check=True)
|
||||||
|
|
||||||
print(
|
print(
|
||||||
f"""Create archive
|
f"""Create archive
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue