Skip to content

Commit

Permalink
Added EV windows codesign to release workflow
Browse files Browse the repository at this point in the history
  • Loading branch information
shannah committed Feb 25, 2024
1 parent d851a88 commit 338ae7a
Show file tree
Hide file tree
Showing 3 changed files with 64 additions and 16 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/maven.yml
Original file line number Diff line number Diff line change
Expand Up @@ -57,4 +57,6 @@ jobs:
JDEPLOY_MAC_DEVELOPER_ID: ${{ secrets.APPLE_ID }}
AUTHENTICODE_SPC: ${{ secrets.AUTHENTICODE_SPC }}
AUTHENTICODE_KEY: ${{ secrets.AUTHENTICODE_KEY }}
EV_CODESIGN_SUBMITTER_PRIVATE_KEY: ${{ secrets.EV_CODESIGN_SUBMITTER_PRIVATE_KEY }}
EV_CODESIGN_PROCESSOR_PUBLIC_KEY: ${{ secrets.EV_CODESIGN_PROCESSOR_PUBLIC_KEY }}
run: bash release.sh
42 changes: 26 additions & 16 deletions release.sh
Original file line number Diff line number Diff line change
Expand Up @@ -65,22 +65,32 @@ done

# jdeploy/bundles/windows/jdeploy-installer.exe

echo "------------------- About to Sign Windows Installer --------------------------"
echo "$AUTHENTICODE_SPC" | base64 --decode > authenticode.spc
echo "$AUTHENTICODE_KEY" | base64 --decode > authenticode.key

osslsigncode \
-spc authenticode.spc \
-key authenticode.key \
-t http://timestamp.digicert.com \
-in jdeploy/bundles/windows/jdeploy-installer.exe \
-out jdeploy/bundles/windows/jdeploy-installer-signed.exe \
-n "jDeploy Application Installer" \
-i https://www.jdeploy.com

mv jdeploy/bundles/windows/jdeploy-installer-signed.exe jdeploy/bundles/windows/jdeploy-installer.exe
rm authenticode.spc
rm authenticode.key
if [ ! -z "$EV_CODESIGN_SUBMITTER_PRIVATE_KEY" ] && [ ! -z "$EV_CODESIGN_PROCESSOR_PUBLIC_KEY" ]; then
mkdir -p ~/.jdeploy-codesigner/private
echo "------------------- About to Sign Windows Installer with EV Cert --------------------------"
echo "$EV_CODESIGN_SUBMITTER_PRIVATE_KEY" > ~/.jdeploy-codesigner/processor-public-key.pem
echo "$EV_CODESIGN_PROCESSOR_PUBLIC_KEY" > ~/.jdeploy-codesigner/private/submitter-private-key.pem
bash $SCRIPTPATH/scripts/windows-ev-codesign.sh jdeploy/bundles/windows/jdeploy-installer.exe jdeploy/bundles/windows/jdeploy-installer-signed.exe
mv jdeploy/bundles/windows/jdeploy-installer-signed.exe jdeploy/bundles/windows/jdeploy-installer.exe
rm -rf ~/.jdeploy-codesigner
else
echo "------------------- About to Sign Windows Installer with OV Cert --------------------------"
echo "$AUTHENTICODE_SPC" | base64 --decode > authenticode.spc
echo "$AUTHENTICODE_KEY" | base64 --decode > authenticode.key

osslsigncode \
-spc authenticode.spc \
-key authenticode.key \
-t http://timestamp.digicert.com \
-in jdeploy/bundles/windows/jdeploy-installer.exe \
-out jdeploy/bundles/windows/jdeploy-installer-signed.exe \
-n "jDeploy Application Installer" \
-i https://www.jdeploy.com

mv jdeploy/bundles/windows/jdeploy-installer-signed.exe jdeploy/bundles/windows/jdeploy-installer.exe
rm authenticode.spc
rm authenticode.key
fi

echo "------------------- About to Make Installer Templates --------------------------"

Expand Down
36 changes: 36 additions & 0 deletions scripts/windows-ev-codesign.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
#!/bin/bash

# Define the URL of the .tgz file
TAR_URL="https://github.com/shannah/winevcodesign-releases/releases/download/master/winevcodesign-0.0.0-master.tgz"
# Define the name of the downloaded file
TAR_FILE="winevcodesign-0.0.0-master.tgz"
# Define the extraction directory
EXTRACT_DIR="winevcodesign"

INPUT_FILE="$1"

OUTPUT_FILE="$2"

# Download the .tgz file using curl. You can use wget if you prefer.
curl -o "$TAR_FILE" "$TAR_URL"

# Alternatively, if you prefer wget, uncomment the following line and comment out the curl command above.
# wget -O "$TAR_FILE" "$TAR_URL"

# Create the extraction directory
mkdir -p "$EXTRACT_DIR"

# Extract the .tgz file
tar -xvzf "$TAR_FILE" -C "$EXTRACT_DIR"

# Navigate to the directory containing the JAR file
cd "$EXTRACT_DIR/package/jdeploy-bundle"

# Run the Java application
$JAVA_HOME/bin/java -jar winevcodesign-1.0-SNAPSHOT.jar \
sign "$INPUT_FILE" "$OUTPUT_FILE"

# Clean up by removing the downloaded and extracted files
cd ../../..
rm -rf "$EXTRACT_DIR"
rm "$TAR_FILE"

0 comments on commit 338ae7a

Please sign in to comment.