From d5cb994ae8268f87dcb32a47865c5b4a82c77768 Mon Sep 17 00:00:00 2001 From: Simon Rho Date: Sun, 8 Sep 2024 02:24:55 -0400 Subject: [PATCH] Add Windows package signing functionality --- .github/workflows/build.yml | 30 +++++++++++++++++++++--------- jccm/forge.config.js | 5 ++++- jccm/jccm.desktop | 4 ++-- jccm/scripts/postinst.sh | 18 ++++++++++++++++++ readme.md | 11 +++++++++++ 5 files changed, 56 insertions(+), 12 deletions(-) create mode 100755 jccm/scripts/postinst.sh diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 588a0d9..235a593 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -146,13 +146,26 @@ jobs: run: npm run make -- --platform=win32 --arch=x64 working-directory: ./jccm + - name: Sign Artifact with CodeSignTool + uses: sslcom/esigner-codesign@develop + continue-on-error: true + with: + command: sign + username: ${{secrets.ES_USERNAME}} + password: ${{secrets.ES_PASSWORD}} + credential_id: ${{secrets.ES_CREDENTIAL_ID}} + totp_secret: ${{secrets.ES_TOTP_SECRET}} + file_path: jccm/out/make/squirrel.windows/x64/jccm-windows-x64-setup.exe + malware_block: false + # Overrides the input file after signing, if this parameter is set and no -output_dir_path parameter + override: true + - name: Upload windows artifacts uses: actions/upload-artifact@v2 with: name: windows-installers path: | ./jccm/out/make/squirrel.windows/x64/*.exe - ./jccm/out/make/squirrel.windows/x64/*.msi build-deb: runs-on: ubuntu-latest @@ -181,10 +194,8 @@ jobs: working-directory: ./jccm run: | npm run make-deb - ls -al out - ls -al out/make mv out/make/deb/x64/*.deb out/make/deb/x64/jccm-linux-x64.deb - ls -al out/make + ls -alR out/make - name: Archive .deb artifact uses: actions/upload-artifact@v3 @@ -218,11 +229,11 @@ jobs: - name: Package Electron app (.rpm) working-directory: ./jccm run: | - npm run make-rpm - ls -al out - ls -al out/make - mv out/make/rpm/x64/*.rpm out/make/rpm/x64/jccm-linux-x64.rpm - ls -al out/make + npm run make-deb + sudo alien -v -r --scripts out/make/deb/x64/*.deb + mkdir -p out/make/rpm/x64 + mv *.rpm out/make/rpm/x64/jccm-linux-x64.rpm + ls -alR out/make - name: Archive .rpm artifact uses: actions/upload-artifact@v3 @@ -232,6 +243,7 @@ jobs: release: needs: [build-macos, build-windows, build-deb, build-rpm] + runs-on: ubuntu-latest steps: - name: Check out repository diff --git a/jccm/forge.config.js b/jccm/forge.config.js index 8ba88d7..70d8beb 100644 --- a/jccm/forge.config.js +++ b/jccm/forge.config.js @@ -51,7 +51,7 @@ module.exports = { name: 'jccm-windows-x64-setup', arch: 'x64', setupExe: 'jccm-windows-x64-setup.exe', // Name for the setup executable - setupMsi: 'jccm-windows-x64-setup.msi', // Name for the MSI installer + noMsi: true, }, }, { @@ -63,6 +63,9 @@ module.exports = { arch: 'x64', bin: '', // Important note: Use an empty bin name due to a mismatch issue where the Electron app binary path could not be found. desktopTemplate: path.join(__dirname, 'jccm.desktop'), // Specify the custom desktop file + scripts: { + postinst: 'scripts/postinst.sh', + }, }, }, { diff --git a/jccm/jccm.desktop b/jccm/jccm.desktop index b9aa669..55d714a 100644 --- a/jccm/jccm.desktop +++ b/jccm/jccm.desktop @@ -1,8 +1,8 @@ [Desktop Entry] -Name=jccm +Name=Juniper Cloud Connection Manager Comment=Juniper Cloud Connection Manager GenericName=Juniper Cloud Connection Manager -Exec="/usr/bin/jccm/Juniper Cloud Connection Manager" --no-sandbox %U +Exec="/usr/lib/jccm/Juniper Cloud Connection Manager" --no-sandbox %U Icon=jccm Type=Application StartupNotify=true diff --git a/jccm/scripts/postinst.sh b/jccm/scripts/postinst.sh new file mode 100755 index 0000000..8e1383f --- /dev/null +++ b/jccm/scripts/postinst.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +# Target path for the executable +TARGET="/usr/bin/jccm" + +# Check if the target is a symbolic link and remove it if it is +if [ -L "$TARGET" ]; then + rm -f "$TARGET" +fi + +# Create a new executable file with the required command +cat << 'EOF' > "$TARGET" +#!/bin/bash +"/usr/lib/jccm/Juniper Cloud Connection Manager" --no-sandbox > /dev/null 2>&1 +EOF + +# Ensure the script is executable +chmod +x "$TARGET" diff --git a/readme.md b/readme.md index da265b0..23981a1 100644 --- a/readme.md +++ b/readme.md @@ -124,6 +124,17 @@ yum -y install ~/Downloads/jccm-linux-x64.rpm ```bash xattr -cr /Applications/Juniper\ Cloud\ Connection\ Manager.app + +#### Microsoft Defender SmartScreen + +- The jccm app is signed with a developer certificate, yet initially, Microsoft Defender SmartScreen might still display a warning because the app is unrecognized. Over time, as more users install the application, SmartScreen will recognize it as trustworthy. + +- **To proceed with installation** when faced with the SmartScreen alert: + 1. **Click on 'More info'**: This reveals more details about the application. + 2. **Verify the Publisher**: Check that the publisher's name matches what you expect. + 3. **Select 'Run anyway'**: This will bypass the SmartScreen alert and allow you to proceed with the installation. + + ## Inventory Excel File Format To ensure proper inventory management, the Excel file must include the following mandatory fields in the headers: