From c20006af0b349ad932d3b463692d417036032abf Mon Sep 17 00:00:00 2001 From: Hiroshiba Date: Tue, 3 Oct 2023 13:15:05 +0900 Subject: [PATCH] signtool --- .github/workflows/build.yml | 6 ++++++ build/codesign_cleanup.bash | 4 ++-- build/codesign_setup.bash | 16 ++++++++++++---- 3 files changed, 20 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8cfa87bf79..638ada7dcb 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -220,11 +220,13 @@ jobs: bash build/codesign_setup.bash echo "WIN_CERTIFICATE_SHA1=$(head -n 1 $THUMBPRINT_PATH)" >> $GITHUB_ENV echo 'WIN_SIGNING_HASH_ALGORITHMS=["sha256"]' >> $GITHUB_ENV + echo "SIGNTOOL_PATH=$(head -n 1 $SIGNTOOL_PATH_PATH)" >> $GITHUB_ENV env: ESIGNERCKA_USERNAME: ${{ secrets.ESIGNERCKA_USERNAME }} ESIGNERCKA_PASSWORD: ${{ secrets.ESIGNERCKA_PASSWORD }} ESIGNERCKA_TOTP_SECRET: ${{ secrets.ESIGNERCKA_TOTP_SECRET }} THUMBPRINT_PATH: /tmp/esignercka_thumbprint.txt + SIGNTOOL_PATH_PATH: /tmp/signtool_path.txt # Build result will be exported to ${{ matrix.artifact_path }} - name: Build Electron @@ -246,6 +248,7 @@ jobs: bash build/codesign_cleanup.bash echo 'WIN_CERTIFICATE_SHA1=' >> $GITHUB_ENV echo 'WIN_SIGNING_HASH_ALGORITHMS=' >> $GITHUB_ENV + echo 'SIGNTOOL_PATH=' >> $GITHUB_ENV env: THUMBPRINT_PATH: /tmp/esignercka_thumbprint.txt @@ -664,11 +667,13 @@ jobs: bash build/codesign_setup.bash echo "WIN_CERTIFICATE_SHA1=$(head -n 1 $THUMBPRINT_PATH)" >> $GITHUB_ENV echo 'WIN_SIGNING_HASH_ALGORITHMS=["sha256"]' >> $GITHUB_ENV + echo "SIGNTOOL_PATH=$(head -n 1 $SIGNTOOL_PATH_PATH)" >> $GITHUB_ENV env: ESIGNERCKA_USERNAME: ${{ secrets.ESIGNERCKA_USERNAME }} ESIGNERCKA_PASSWORD: ${{ secrets.ESIGNERCKA_PASSWORD }} ESIGNERCKA_TOTP_SECRET: ${{ secrets.ESIGNERCKA_TOTP_SECRET }} THUMBPRINT_PATH: /tmp/esignercka_thumbprint.txt + SIGNTOOL_PATH_PATH: /tmp/signtool_path.txt # NOTE: prepackage can be removed before splitting nsis-web archive - name: Build Electron @@ -694,6 +699,7 @@ jobs: bash build/codesign_cleanup.bash echo 'WIN_CERTIFICATE_SHA1=' >> $GITHUB_ENV echo 'WIN_SIGNING_HASH_ALGORITHMS=' >> $GITHUB_ENV + echo 'SIGNTOOL_PATH=' >> $GITHUB_ENV env: THUMBPRINT_PATH: /tmp/esignercka_thumbprint.txt diff --git a/build/codesign_cleanup.bash b/build/codesign_cleanup.bash index 78d68a21e1..61130d2739 100644 --- a/build/codesign_cleanup.bash +++ b/build/codesign_cleanup.bash @@ -2,12 +2,12 @@ set -eu -if [ ! -v THUMBPRINT_PATH ]; then +if [ ! -v THUMBPRINT_PATH ]; then # THUMBPRINTの出力先 echo "THUMBPRINT_PATHが未定義です" exit 1 fi -if [ ! -v ESIGNERCKA_INSTALL_DIR ]; then +if [ ! -v ESIGNERCKA_INSTALL_DIR ]; then # eSignerCKAのインストール先 ESIGNERCKA_INSTALL_DIR='..\eSignerCKA' fi diff --git a/build/codesign_setup.bash b/build/codesign_setup.bash index ab723031fa..a8e949ea2d 100644 --- a/build/codesign_setup.bash +++ b/build/codesign_setup.bash @@ -2,22 +2,26 @@ set -eu -if [ ! -v ESIGNERCKA_USERNAME ]; then +if [ ! -v ESIGNERCKA_USERNAME ]; then # eSignerCKAのユーザー名 echo "ESIGNERCKA_USERNAMEが未定義です" exit 1 fi -if [ ! -v ESIGNERCKA_PASSWORD ]; then +if [ ! -v ESIGNERCKA_PASSWORD ]; then # eSignerCKAのパスワード echo "ESIGNERCKA_PASSWORDが未定義です" exit 1 fi -if [ ! -v ESIGNERCKA_TOTP_SECRET ]; then +if [ ! -v ESIGNERCKA_TOTP_SECRET ]; then # eSignerCKAのTOTP Secret echo "ESIGNERCKA_TOTP_SECRETが未定義です" exit 1 fi -if [ ! -v THUMBPRINT_PATH ]; then +if [ ! -v THUMBPRINT_PATH ]; then # THUMBPRINTの出力先 echo "THUMBPRINT_PATHが未定義です" exit 1 fi +if [ ! -v SIGNTOOL_PATH_PATH ]; then # 対応しているsigntoolのパスの出力先 + echo "SIGNTOOL_PATH_PATHが未定義です" + exit 1 +fi if [ ! -v ESIGNERCKA_INSTALL_DIR ]; then ESIGNERCKA_INSTALL_DIR='..\eSignerCKA' @@ -48,3 +52,7 @@ THUMBPRINT=$( # THUMBPRINTを出力 echo "$THUMBPRINT" >"$THUMBPRINT_PATH" + +# 対応しているsigntoolのパスを出力 +SIGNTOOL_PATH=$(find "C:/Program Files (x86)/Windows Kits/10/bin/" -name "signtool.exe" | grep "x86/signtool.exe" | sort -V | tail -n 1) # なぜか32bit版じゃないと動かない +echo "$SIGNTOOL_PATH" >"$SIGNTOOL_PATH_PATH"