diff --git a/ci/before_deploy.sh b/ci/before_deploy.sh index 15ad0eb..e56d198 100755 --- a/ci/before_deploy.sh +++ b/ci/before_deploy.sh @@ -42,6 +42,8 @@ main() { # rustup default nightly cargo make build-target-release + # Codesign dlls before packaging up + ./ci/codesign_dll.sh mkdir $stage/plugins mkdir $stage/plugins/lib diff --git a/ci/codesign.ps1 b/ci/codesign.ps1 index 9626091..dfe787b 100644 --- a/ci/codesign.ps1 +++ b/ci/codesign.ps1 @@ -1,8 +1,23 @@ # Thanks https://github.com/electron-userland/electron-builder/issues/3629#issuecomment-473238513 -Set-PSDebug -Trace 1 +# Set-PSDebug -Trace 1 +$ErrorActionPreference = "Stop" +# dir cert:/LocalMachine -dir cert:/LocalMachine +# $WINDOWS_SDK_VER = '10.0.17763.0' +$WINDOWS_SDK_VER = '10.0.22000.0' -$Password = ConvertTo-SecureString -String $Env:WIN_CSC_KEY_PASSWORD -AsPlainText -Force -Import-PfxCertificate -FilePath cert.pfx -CertStoreLocation Cert:\LocalMachine\My -Password $Password -Start-Process -NoNewWindow -Wait 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.17763.0/x86/signtool.exe' -ArgumentList "sign -v -sm -s My -n `"$Env:WIN_CSC_SUBJECTNAME`" -d `"$Env:WIN_CSC_DESC`" `"$Env:WIN_INSTALLER_PATH`"" \ No newline at end of file +# Remember what the Path was before so we can clean it up after exiting +$PREV_PATH = $env:PATH + +$env:PATH += ";C:/Program Files (x86)/Windows Kits/10/bin/$WINDOWS_SDK_VER/x64/" + +# $Password = ConvertTo-SecureString -String $Env:WIN_CSC_KEY_PASSWORD -AsPlainText -Force +# Import-PfxCertificate -FilePath cert.pfx -CertStoreLocation Cert:\LocalMachine\My -Password $Password + +# Passing in $args allows the caller to specify multiple files to be signed at once +signtool.exe sign /tr $env:TimestampServer /td sha256 /fd sha256 /n $Env:WIN_CSC_SUBJECTNAME $args +signtool.exe verify /pa $args +# Start-Process -NoNewWindow -Wait 'signtool.exe' -ArgumentList "sign /tr `"$env:TimestampServer`" /td sha256 /fd sha256 /n `"$Env:WIN_CSC_SUBJECTNAME`" `"$File`"" +# Start-Process -NoNewWindow -Wait 'signtool.exe' -ArgumentList "verify /pa `"$File`"" + +$env:PATH = $PREV_PATH \ No newline at end of file diff --git a/ci/codesign.sh b/ci/codesign.sh index d24d499..2498798 100644 --- a/ci/codesign.sh +++ b/ci/codesign.sh @@ -8,11 +8,10 @@ if [ $RUNNER_OS = Windows ]; then # choco install -y windows-sdk-10.0 - curl -v -L "$WIN_CSC_LINK" --output cert.pfx + # curl -v -L "$WIN_CSC_LINK" --output cert.pfx powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope LocalMachine powershell Get-ExecutionPolicy -List - powershell $GITHUB_WORKSPACE/ci/codesign.ps1 - 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.17763.0/x86/signtool.exe' verify -pa "$WIN_INSTALLER_PATH" + powershell $GITHUB_WORKSPACE/ci/codesign.ps1 $WIN_INSTALLER_PATH fi \ No newline at end of file diff --git a/ci/codesign_dll.sh b/ci/codesign_dll.sh new file mode 100644 index 0000000..90e9748 --- /dev/null +++ b/ci/codesign_dll.sh @@ -0,0 +1,23 @@ +# Thanks https://github.com/electron-userland/electron-builder/issues/3629#issuecomment-473238513 +if [ $RUNNER_OS = Windows ]; then + set -e + + + # curl -v -L "$WIN_CSC_LINK" --output cert.pfx + + # powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope LocalMachine + # powershell Get-ExecutionPolicy -List + + ROOT_DIR=${GITHUB_WORKSPACE:-.} + ARTIFACT_FOLDER=$ROOT_DIR/target/release-artifacts + + powershell $ROOT_DIR/ci/codesign.ps1 $ARTIFACT_FOLDER/wooting_analog_sdk.dll $ARTIFACT_FOLDER/wooting_analog_plugin.dll $ARTIFACT_FOLDER/wooting_analog_wrapper.dll $ARTIFACT_FOLDER/wooting-analog-sdk-updater.exe $ARTIFACT_FOLDER/wooting_analog_test_plugin.dll $ARTIFACT_FOLDER/wooting-analog-virtual-control.exe + + # powershell $ROOT_DIR/ci/codesign.ps1 $ARTIFACT_FOLDER/wooting_analog_sdk.dll + # powershell $ROOT_DIR/ci/codesign.ps1 $ARTIFACT_FOLDER/wooting_analog_plugin.dll + # powershell $ROOT_DIR/ci/codesign.ps1 $ARTIFACT_FOLDER/wooting_analog_wrapper.dll + # powershell $ROOT_DIR/ci/codesign.ps1 $ARTIFACT_FOLDER/wooting-analog-sdk-updater.exe + + # powershell $ROOT_DIR/ci/codesign.ps1 $ARTIFACT_FOLDER/wooting_analog_test_plugin.dll + # powershell $ROOT_DIR/ci/codesign.ps1 $ARTIFACT_FOLDER/wooting-analog-virtual-control.exe +fi \ No newline at end of file diff --git a/wooting-analog-sdk/Makefile.toml b/wooting-analog-sdk/Makefile.toml index dec2a12..efa39e5 100644 --- a/wooting-analog-sdk/Makefile.toml +++ b/wooting-analog-sdk/Makefile.toml @@ -4,11 +4,14 @@ command = "cargo" args = ["wix" , "-p", "wooting-analog-sdk", "--nocapture", "--output", "${WIN_INSTALLER_PATH}"] [tasks.sign-win-installer] -condition = {env_true = ["CARGO_MAKE_CI"]} +env = {CODESIGN_SCRIPT_PATH="${CARGO_MAKE_WORKSPACE_WORKING_DIRECTORY}/ci/codesign.ps1"} +# condition = {env_true = ["CARGO_MAKE_CI"]} dependencies = ["win-installer"] +script_runner = "bash" +# bash ../ci/codesign.sh script = [ ''' -bash ../ci/codesign.sh +powershell $CODESIGN_SCRIPT_PATH $WIN_INSTALLER_PATH ''' ]