Skip to content

Commit

Permalink
Added one-time signing keys to windows build (#8097)
Browse files Browse the repository at this point in the history
  • Loading branch information
qstokkink authored Aug 20, 2024
2 parents 2b2794a + d230296 commit e46f649
Show file tree
Hide file tree
Showing 3 changed files with 33 additions and 8 deletions.
3 changes: 2 additions & 1 deletion .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,8 @@ jobs:
run: |
git fetch --tags
git for-each-ref --count=1 --sort=-creatordate --format '%(refname)' refs/tags > raw_tag.txt
echo "GITHUB_TAG=$(git name-rev --tags --name-only $(cat raw_tag.txt))" >> $GITHUB_ENV
GITHUB_TAG=$(git name-rev --tags --name-only $(cat raw_tag.txt))
echo "GITHUB_TAG=${GITHUB_TAG#v}" >> $GITHUB_ENV
- name: Build Executables (Ubuntu)
if: matrix.os == 'ubuntu-latest'
run: |
Expand Down
23 changes: 23 additions & 0 deletions build/win/keygen_config.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
[ req ]
prompt = no
default_bits = 4096
distinguished_name = req_distinguished_name

string_mask = utf8only
default_md = sha256
x509_extensions = v3_ca

[ req_distinguished_name ]
countryName = NL
stateOrProvinceName = ZH
localityName = nl_NL
organizationName = Delft University of Technology
organizationalUnitName = Tribler
commonName = Tribler
emailAddress = [email protected]

[ v3_ca ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = critical, CA:true
keyUsage = critical, digitalSignature
15 changes: 8 additions & 7 deletions build/win/makedist_win.bat
Original file line number Diff line number Diff line change
Expand Up @@ -43,23 +43,24 @@ REM Sandip, 2024-03-26: Some openssl dlls are missing so need to be copied manua
copy C:\Program Files\OpenSSL\bin\*.dll dist\tribler\lib


@echo Running NSIS
cd dist\tribler

REM Arno: Sign Tribler.exe so MS "Block / Unblock" dialog has publisher info.
REM --- Doing this in ugly way for now
if not defined SKIP_SIGNING_TRIBLER_BINARIES (
REM Get password for code signing
set /p PASSWORD="Enter the PFX password:"
signtool.exe sign /f C:\build\certs\certificate.pfx /p "%PASSWORD%" /d "Tribler" /t "http://timestamp.digicert.com" tribler.exe
openssl req -nodes -new -x509 -config build\win\keygen_config.txt -keyout key.pem -out pub_key.pem
openssl pkcs12 -export -in pub_key.pem -inkey key.pem -out ot_cert.pfx -passout pass:
"C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64\signtool.exe" sign /f ot_cert.pfx /d "Tribler" /t "http://timestamp.digicert.com" dist\tribler\tribler.exe
)

@echo Running NSIS
cd dist\tribler

:makeinstaller
%NSIS% /DVERSION=%GITHUB_TAG% tribler.nsi || exit /b
move Tribler_*.exe ..
cd ..
REM Arno: Sign installer
if not defined SKIP_SIGNING_TRIBLER_BINARIES (
signtool.exe sign /f c:\build\certs\certificate.pfx /p "%PASSWORD%" /d "Tribler" /t "http://timestamp.digicert.com" Tribler_*.exe
"C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64\signtool.exe" sign /f ..\ot_cert.pfx /d "Tribler" /t "http://timestamp.digicert.com" Tribler_*.exe
)

endlocal
Expand Down

0 comments on commit e46f649

Please sign in to comment.