signtool

.github/workflows/build.yml

@@ -220,11 +220,13 @@ jobs:
           bash build/codesign_setup.bash
           echo "WIN_CERTIFICATE_SHA1=$(head -n 1 $THUMBPRINT_PATH)" >> $GITHUB_ENV
           echo 'WIN_SIGNING_HASH_ALGORITHMS=["sha256"]' >> $GITHUB_ENV
+          echo "SIGNTOOL_PATH=$(head -n 1 $SIGNTOOL_PATH_PATH)" >> $GITHUB_ENV
         env:
           ESIGNERCKA_USERNAME: ${{ secrets.ESIGNERCKA_USERNAME }}
           ESIGNERCKA_PASSWORD: ${{ secrets.ESIGNERCKA_PASSWORD }}
           ESIGNERCKA_TOTP_SECRET: ${{ secrets.ESIGNERCKA_TOTP_SECRET }}
           THUMBPRINT_PATH: /tmp/esignercka_thumbprint.txt
+          SIGNTOOL_PATH_PATH: /tmp/signtool_path.txt
 
       # Build result will be exported to ${{ matrix.artifact_path }}
       - name: Build Electron
@@ -246,6 +248,7 @@ jobs:
           bash build/codesign_cleanup.bash
           echo 'WIN_CERTIFICATE_SHA1=' >> $GITHUB_ENV
           echo 'WIN_SIGNING_HASH_ALGORITHMS=' >> $GITHUB_ENV
+          echo 'SIGNTOOL_PATH=' >> $GITHUB_ENV
         env:
           THUMBPRINT_PATH: /tmp/esignercka_thumbprint.txt
 
@@ -664,11 +667,13 @@ jobs:
           bash build/codesign_setup.bash
           echo "WIN_CERTIFICATE_SHA1=$(head -n 1 $THUMBPRINT_PATH)" >> $GITHUB_ENV
           echo 'WIN_SIGNING_HASH_ALGORITHMS=["sha256"]' >> $GITHUB_ENV
+          echo "SIGNTOOL_PATH=$(head -n 1 $SIGNTOOL_PATH_PATH)" >> $GITHUB_ENV
         env:
           ESIGNERCKA_USERNAME: ${{ secrets.ESIGNERCKA_USERNAME }}
           ESIGNERCKA_PASSWORD: ${{ secrets.ESIGNERCKA_PASSWORD }}
           ESIGNERCKA_TOTP_SECRET: ${{ secrets.ESIGNERCKA_TOTP_SECRET }}
           THUMBPRINT_PATH: /tmp/esignercka_thumbprint.txt
+          SIGNTOOL_PATH_PATH: /tmp/signtool_path.txt
 
       # NOTE: prepackage can be removed before splitting nsis-web archive
       - name: Build Electron
@@ -694,6 +699,7 @@ jobs:
           bash build/codesign_cleanup.bash
           echo 'WIN_CERTIFICATE_SHA1=' >> $GITHUB_ENV
           echo 'WIN_SIGNING_HASH_ALGORITHMS=' >> $GITHUB_ENV
+          echo 'SIGNTOOL_PATH=' >> $GITHUB_ENV
         env:
           THUMBPRINT_PATH: /tmp/esignercka_thumbprint.txt
 

build/codesign_cleanup.bash

@@ -2,12 +2,12 @@
 
 set -eu
 
-if [ ! -v THUMBPRINT_PATH ]; then
+if [ ! -v THUMBPRINT_PATH ]; then # THUMBPRINTの出力先
     echo "THUMBPRINT_PATHが未定義です"
     exit 1
 fi
 
-if [ ! -v ESIGNERCKA_INSTALL_DIR ]; then
+if [ ! -v ESIGNERCKA_INSTALL_DIR ]; then # eSignerCKAのインストール先
     ESIGNERCKA_INSTALL_DIR='..\eSignerCKA'
 fi
 

build/codesign_setup.bash

@@ -2,22 +2,26 @@
 
 set -eu
 
-if [ ! -v ESIGNERCKA_USERNAME ]; then
+if [ ! -v ESIGNERCKA_USERNAME ]; then # eSignerCKAのユーザー名
     echo "ESIGNERCKA_USERNAMEが未定義です"
     exit 1
 fi
-if [ ! -v ESIGNERCKA_PASSWORD ]; then
+if [ ! -v ESIGNERCKA_PASSWORD ]; then # eSignerCKAのパスワード
     echo "ESIGNERCKA_PASSWORDが未定義です"
     exit 1
 fi
-if [ ! -v ESIGNERCKA_TOTP_SECRET ]; then
+if [ ! -v ESIGNERCKA_TOTP_SECRET ]; then # eSignerCKAのTOTP Secret
     echo "ESIGNERCKA_TOTP_SECRETが未定義です"
     exit 1
 fi
-if [ ! -v THUMBPRINT_PATH ]; then
+if [ ! -v THUMBPRINT_PATH ]; then # THUMBPRINTの出力先
     echo "THUMBPRINT_PATHが未定義です"
     exit 1
 fi
+if [ ! -v SIGNTOOL_PATH_PATH ]; then # 対応しているsigntoolのパスの出力先
+    echo "SIGNTOOL_PATH_PATHが未定義です"
+    exit 1
+fi
 
 if [ ! -v ESIGNERCKA_INSTALL_DIR ]; then
     ESIGNERCKA_INSTALL_DIR='..\eSignerCKA'
@@ -48,3 +52,7 @@ THUMBPRINT=$(
 
 # THUMBPRINTを出力
 echo "$THUMBPRINT" >"$THUMBPRINT_PATH"
+
+# 対応しているsigntoolのパスを出力
+SIGNTOOL_PATH=$(find "C:/Program Files (x86)/Windows Kits/10/bin/" -name "signtool.exe" | grep "x86/signtool.exe" | sort -V | tail -n 1) # なぜか32bit版じゃないと動かない
+echo "$SIGNTOOL_PATH" >"$SIGNTOOL_PATH_PATH"