merge 0.14.8 (VOICEVOX#1600)

Hiroshiba · Oct 7, 2023 · 54a5068 · 54a5068
2 parents a0864fd + 7f3f1a8
commit 54a5068
Show file tree

Hide file tree

Showing 5 changed files with 142 additions and 22 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -27,8 +27,8 @@ on:
 
 env:
   VOICEVOX_ENGINE_REPO_URL: "https://github.com/VOICEVOX/voicevox_engine"
-  VOICEVOX_ENGINE_VERSION: 0.14.5
-  VOICEVOX_RESOURCE_VERSION: 0.14.3
+  VOICEVOX_ENGINE_VERSION: 0.14.6
+  VOICEVOX_RESOURCE_VERSION: 0.14.4
   VOICEVOX_EDITOR_VERSION:
     |- # releaseタグ名か、workflow_dispatchでのバージョン名か、999.999.999-developが入る
     ${{ github.event.release.tag_name || github.event.inputs.version || '999.999.999-develop' }}
@@ -208,17 +208,23 @@ jobs:
       - name: Generate public/licenses.json
         run: npm run license:generate -- -o public/licenses.json
 
-      # build electronでコード署名するには環境変数を指定が必要だけど、
-      # コード署名しない場合に環境変数を定義するとエラーになるので、動的に環境変数を足す
       - name: Define Code Signing Envs
         if: startsWith(matrix.os, 'windows-') && github.event.inputs.code_signing == 'true'
         run: |
-          # 複数行の文字列を環境変数に代入
-          echo 'CSC_LINK<<EOF' >> $GITHUB_ENV
-          echo "${{ secrets.CERT_BASE64 }}" >> $GITHUB_ENV
-          echo 'EOF' >> $GITHUB_ENV
-
-          echo 'CSC_KEY_PASSWORD=${{ secrets.CERT_PASSWORD }}' >> $GITHUB_ENV
+          bash build/codesign_setup.bash
+          THUMBPRINT="$(head -n 1 $THUMBPRINT_PATH)"
+          SIGNTOOL_PATH="$(head -n 1 $SIGNTOOL_PATH_PATH)"
+          echo "::add-mask::$THUMBPRINT"
+
+          echo "WIN_CERTIFICATE_SHA1=$THUMBPRINT" >> $GITHUB_ENV
+          echo 'WIN_SIGNING_HASH_ALGORITHMS=["sha256"]' >> $GITHUB_ENV
+          echo "SIGNTOOL_PATH=$SIGNTOOL_PATH" >> $GITHUB_ENV
+        env:
+          ESIGNERCKA_USERNAME: ${{ secrets.ESIGNERCKA_USERNAME }}
+          ESIGNERCKA_PASSWORD: ${{ secrets.ESIGNERCKA_PASSWORD }}
+          ESIGNERCKA_TOTP_SECRET: ${{ secrets.ESIGNERCKA_TOTP_SECRET }}
+          THUMBPRINT_PATH: /tmp/esignercka_thumbprint.txt
+          SIGNTOOL_PATH_PATH: /tmp/signtool_path.txt
 
       # Build result will be exported to ${{ matrix.artifact_path }}
       - name: Build Electron
@@ -235,8 +241,12 @@ jobs:
       - name: Reset Code Signing Envs
         if: startsWith(matrix.os, 'windows-') && github.event.inputs.code_signing == 'true'
         run: |
-          echo 'CSC_LINK=' >> $GITHUB_ENV
-          echo 'CSC_KEY_PASSWORD=' >> $GITHUB_ENV
+          bash build/codesign_cleanup.bash
+          echo 'WIN_CERTIFICATE_SHA1=' >> $GITHUB_ENV
+          echo 'WIN_SIGNING_HASH_ALGORITHMS=' >> $GITHUB_ENV
+          echo 'SIGNTOOL_PATH=' >> $GITHUB_ENV
+        env:
+          THUMBPRINT_PATH: /tmp/esignercka_thumbprint.txt
 
       - name: Rename NoEngine Prepackage
         run: |
@@ -361,17 +371,23 @@ jobs:
         run: |
           rm ${{ matrix.compressed_artifact_name }}-${{ env.VOICEVOX_EDITOR_VERSION }}.zip
 
-      # build electronでコード署名するには環境変数を指定が必要だけど、
-      # コード署名しない場合に環境変数を定義するとエラーになるので、動的に環境変数を足す
       - name: Define Code Signing Envs
         if: startsWith(matrix.os, 'windows-') && github.event.inputs.code_signing == 'true'
         run: |
-          # 複数行の文字列を環境変数に代入
-          echo 'CSC_LINK<<EOF' >> $GITHUB_ENV
-          echo "${{ secrets.CERT_BASE64 }}" >> $GITHUB_ENV
-          echo 'EOF' >> $GITHUB_ENV
-
-          echo 'CSC_KEY_PASSWORD=${{ secrets.CERT_PASSWORD }}' >> $GITHUB_ENV
+          bash build/codesign_setup.bash
+          THUMBPRINT="$(head -n 1 $THUMBPRINT_PATH)"
+          SIGNTOOL_PATH="$(head -n 1 $SIGNTOOL_PATH_PATH)"
+          echo "::add-mask::$THUMBPRINT"
+
+          echo "WIN_CERTIFICATE_SHA1=$THUMBPRINT" >> $GITHUB_ENV
+          echo 'WIN_SIGNING_HASH_ALGORITHMS=["sha256"]' >> $GITHUB_ENV
+          echo "SIGNTOOL_PATH=$SIGNTOOL_PATH" >> $GITHUB_ENV
+        env:
+          ESIGNERCKA_USERNAME: ${{ secrets.ESIGNERCKA_USERNAME }}
+          ESIGNERCKA_PASSWORD: ${{ secrets.ESIGNERCKA_PASSWORD }}
+          ESIGNERCKA_TOTP_SECRET: ${{ secrets.ESIGNERCKA_TOTP_SECRET }}
+          THUMBPRINT_PATH: /tmp/esignercka_thumbprint.txt
+          SIGNTOOL_PATH_PATH: /tmp/signtool_path.txt
 
       # NOTE: prepackage can be removed before splitting nsis-web archive
       - name: Build Electron
@@ -393,8 +409,12 @@ jobs:
       - name: Reset Code Signing Envs
         if: startsWith(matrix.os, 'windows-') && github.event.inputs.code_signing == 'true'
         run: |
-          echo 'CSC_LINK=' >> $GITHUB_ENV
-          echo 'CSC_KEY_PASSWORD=' >> $GITHUB_ENV
+          bash build/codesign_cleanup.bash
+          echo 'WIN_CERTIFICATE_SHA1=' >> $GITHUB_ENV
+          echo 'WIN_SIGNING_HASH_ALGORITHMS=' >> $GITHUB_ENV
+          echo 'SIGNTOOL_PATH=' >> $GITHUB_ENV
+        env:
+          THUMBPRINT_PATH: /tmp/esignercka_thumbprint.txt
 
       - name: Create Linux AppImage split
         if: endsWith(matrix.installer_artifact_name, '-appimage')

diff --git a/build/codesign_cleanup.bash b/build/codesign_cleanup.bash
@@ -0,0 +1,20 @@
+# !!! コードサイニング証明書を取り扱うので取り扱い注意 !!!
+
+# eSignerCKAで読み込んだコードサイニング証明書を破棄する
+
+set -eu
+
+if [ ! -v THUMBPRINT_PATH ]; then # THUMBPRINTの出力先
+    echo "THUMBPRINT_PATHが未定義です"
+    exit 1
+fi
+
+if [ ! -v ESIGNERCKA_INSTALL_DIR ]; then # eSignerCKAのインストール先
+    ESIGNERCKA_INSTALL_DIR='..\eSignerCKA'
+fi
+
+# 証明書を破棄
+powershell "& '$ESIGNERCKA_INSTALL_DIR\eSignerCKATool.exe' unload"
+
+# THUMBPRINTを削除
+rm "$THUMBPRINT_PATH"
diff --git a/build/codesign_setup.bash b/build/codesign_setup.bash
@@ -0,0 +1,61 @@
+# !!! コードサイニング証明書を取り扱うので取り扱い注意 !!!
+
+# eSignerCKAを使ってコードサイニング証明書を読み込む
+# electronから利用するためにTHUMBPRINTとsigntoolのパスを出力する
+
+set -eu
+
+if [ ! -v ESIGNERCKA_USERNAME ]; then # eSignerCKAのユーザー名
+    echo "ESIGNERCKA_USERNAMEが未定義です"
+    exit 1
+fi
+if [ ! -v ESIGNERCKA_PASSWORD ]; then # eSignerCKAのパスワード
+    echo "ESIGNERCKA_PASSWORDが未定義です"
+    exit 1
+fi
+if [ ! -v ESIGNERCKA_TOTP_SECRET ]; then # eSignerCKAのTOTP Secret
+    echo "ESIGNERCKA_TOTP_SECRETが未定義です"
+    exit 1
+fi
+if [ ! -v THUMBPRINT_PATH ]; then # THUMBPRINTの出力先
+    echo "THUMBPRINT_PATHが未定義です"
+    exit 1
+fi
+if [ ! -v SIGNTOOL_PATH_PATH ]; then # 対応しているsigntoolのパスの出力先
+    echo "SIGNTOOL_PATH_PATHが未定義です"
+    exit 1
+fi
+
+if [ ! -v ESIGNERCKA_INSTALL_DIR ]; then
+    ESIGNERCKA_INSTALL_DIR='..\eSignerCKA'
+fi
+
+# eSignerCKAのセットアップ
+if [ ! -d "$ESIGNERCKA_INSTALL_DIR" ]; then
+    curl -LO "https://github.com/SSLcom/eSignerCKA/releases/download/v1.0.6/SSL.COM-eSigner-CKA_1.0.6.zip"
+    unzip -o SSL.COM-eSigner-CKA_1.0.6.zip
+    mv *eSigner*CKA_*.exe eSigner_CKA_Installer.exe
+    powershell "
+        & ./eSigner_CKA_Installer.exe /CURRENTUSER /VERYSILENT /SUPPRESSMSGBOXES /DIR="$ESIGNERCKA_INSTALL_DIR" | Out-Null
+        & '$ESIGNERCKA_INSTALL_DIR\eSignerCKATool.exe' config -mode product -user '$ESIGNERCKA_USERNAME' -pass '$ESIGNERCKA_PASSWORD' -totp '$ESIGNERCKA_TOTP_SECRET' -key '$ESIGNERCKA_INSTALL_DIR\master.key' -r
+        & '$ESIGNERCKA_INSTALL_DIR\eSignerCKATool.exe' unload
+    "
+    rm SSL.COM-eSigner-CKA_1.0.6.zip eSigner_CKA_Installer.exe
+fi
+
+# 証明書を読み込む
+powershell "& '$ESIGNERCKA_INSTALL_DIR\eSignerCKATool.exe' load"
+
+THUMBPRINT=$(
+    powershell '
+        $CodeSigningCert = Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert | Select-Object -First 1
+        echo "$($CodeSigningCert.Thumbprint)"
+    '
+)
+
+# THUMBPRINTを出力
+echo "$THUMBPRINT" >"$THUMBPRINT_PATH"
+
+# 対応しているsigntoolのパスを出力
+SIGNTOOL_PATH=$(ls "C:/Program Files (x86)/Windows Kits/"10/bin/*/x86/signtool.exe | sort -V | tail -n 1) # なぜかこれじゃないと動かない
+echo "$SIGNTOOL_PATH" >"$SIGNTOOL_PATH_PATH"
diff --git a/electron-builder.config.js b/electron-builder.config.js
@@ -21,6 +21,12 @@ const LINUX_EXECUTABLE_NAME = process.env.LINUX_EXECUTABLE_NAME;
 // ${productName}-${version}.${ext}
 const MACOS_ARTIFACT_NAME = process.env.MACOS_ARTIFACT_NAME;
 
+// コード署名証明書
+const WIN_CERTIFICATE_SHA1 = process.env.WIN_CERTIFICATE_SHA1;
+const WIN_SIGNING_HASH_ALGORITHMS = process.env.WIN_SIGNING_HASH_ALGORITHMS
+  ? JSON.parse(process.env.WIN_SIGNING_HASH_ALGORITHMS)
+  : undefined;
+
 const isMac = process.platform === "darwin";
 
 // electron-builderのextraFilesは、ファイルのコピー先としてVOICEVOX.app/Contents/を使用する。
@@ -108,6 +114,12 @@ const builderOptions = {
         arch: ["x64"],
       },
     ],
+    certificateSha1:
+      WIN_CERTIFICATE_SHA1 !== "" ? WIN_CERTIFICATE_SHA1 : undefined,
+    signingHashAlgorithms:
+      WIN_SIGNING_HASH_ALGORITHMS !== ""
+        ? WIN_SIGNING_HASH_ALGORITHMS
+        : undefined,
   },
   nsisWeb: {
     artifactName:

diff --git a/public/updateInfos.json b/public/updateInfos.json
@@ -1,4 +1,11 @@
 [
+  {
+    "version": "0.14.8",
+    "descriptions": [
+      "キャラクター「栗田まろん」「あいえるたん」「満別花丸」「琴詠ニア」を追加"
+    ],
+    "contributors": []
+  },
   {
     "version": "0.14.7",
     "descriptions": [