try to sign win portable on build

cnr-isti-vclab · Dec 1, 2022 · 5b18287 · 5b18287
1 parent 7fa0ba3
commit 5b18287
Show file tree

Hide file tree

Showing 4 changed files with 70 additions and 20 deletions.
diff --git a/.github/workflows/BuildMeshLab.yml b/.github/workflows/BuildMeshLab.yml
@@ -21,6 +21,12 @@ jobs:
         submodules: recursive
     - name: Setup MSVC
       uses: ilammy/msvc-dev-cmd@v1
+    - name: Set Certificate Windows
+      if: runner.os == 'Windows'
+      run: |
+        New-Item -ItemType directory -Path certificate
+        Set-Content -Path certificate\certificate.txt -Value '${{ secrets.WIN_CERTIFICATE }}'
+        certutil -decode certificate\certificate.txt certificate\certificate.pfx
     - name: Install Qt
       uses: jurplel/install-qt-action@v3
       with:
@@ -53,20 +59,10 @@ jobs:
       shell: bash
       run: |
         bash scripts/${{ runner.os }}/1_build.sh --${{ matrix.precision }} --nightly --ccache
-    - name: Build deb package
-      if: runner.os == 'Linux'
-      uses: jiro4989/build-deb-action@v2
-      with:
-        package: MeshLab
-        package_root: install
-        maintainer: cnr-isti-vclab
-        version: 2022.02 # refs/tags/v*.*.*
-        arch: 'amd64'
-        desc: 'MeshLab 2022.02 deb package.'
     - name: Deploy
       shell: bash
       run: |
-        bash scripts/${{ runner.os }}/2_deploy.sh
+        bash scripts/${{ runner.os }}/2_deploy.sh --cert_pssw='${{ secrets.WIN_CERTIFICATE_PSSW }}'
     - name: Upload MeshLab Portable
       uses: actions/upload-artifact@v3
       with:
@@ -76,10 +72,4 @@ jobs:
       uses: actions/upload-artifact@v3
       with:
         name: MeshLab_${{ runner.os }}_packages${{steps.envs.outputs.artifact_suffix}}
-        path: packages/MeshLab*
-    - name: Upload MeshLab deb
-      if: runner.os == 'Linux'
-      uses: actions/upload-artifact@v3
-      with:
-        name: MeshLab_${{ runner.os }}_deb${{steps.envs.outputs.artifact_suffix}}
-        path: MeshLab_2022.02_amd64.deb
+        path: packages/MeshLab*
diff --git a/scripts/Windows/2_deploy.sh b/scripts/Windows/2_deploy.sh
@@ -5,6 +5,9 @@ RESOURCES_PATH=$SCRIPTS_PATH/../../resources
 INSTALL_PATH=$SCRIPTS_PATH/../../install
 QT_DIR_OPTION=""
 PACKAGES_PATH=$SCRIPTS_PATH/../../packages
+SIGN=false
+CERT_FILE_OPTION=""
+CERT_PSSW=""
 
 #checking for parameters
 for i in "$@"
@@ -15,13 +18,22 @@ case $i in
         shift # past argument=value
         ;;
     -qt=*|--qt_dir=*)
-        QT_DIR_OPTION=qt=${i#*=}
+        QT_DIR_OPTION=qt="${i#*=}"
         shift # past argument=value
         ;;
     -p=*|--packages_path=*)
         PACKAGES_PATH="${i#*=}"
         shift # past argument=value
         ;;
+    -cf=*|--cert_file=*)
+        CERT_FILE_OPTION=cf="${i#*=}"
+        shift # past argument=value
+        ;;
+    -cp=*|--cert_pssw=*)
+        SIGN=true
+        CERT_PSSW="${i#*=}"
+        shift # past argument=value
+        ;;
     *)
         # unknown option
         ;;
@@ -32,6 +44,12 @@ bash $SCRIPTS_PATH/internal/2a_portable.sh -i=$INSTALL_PATH $QT_DIR_OPTION
 
 echo "======= Portable Version Created ======="
 
-bash $SCRIPTS_PATH/internal/2b_installer.sh -i=$INSTALL_PATH -p=$PACKAGES_PATH
+if [ "$SIGN" = true ] ; then
+    bash $SCRIPTS_PATH/internal/2b_sign_dlls.sh -i=$INSTALL_PATH  $CERT_FILE_OPTION -cp=$CERT_PSSW
+
+    echo "======= Portable Version Signed ======="
+fi
+
+bash $SCRIPTS_PATH/internal/2c_installer.sh -i=$INSTALL_PATH -p=$PACKAGES_PATH
 
 echo "======= Installer Created ======="
diff --git a/scripts/Windows/internal/2b_sign_dlls.sh b/scripts/Windows/internal/2b_sign_dlls.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+SCRIPTS_PATH="$(dirname "$(realpath "$0")")"/..
+INSTALL_PATH=$SCRIPTS_PATH/../../install
+CERT_FILE=$SCRIPTS_PATH/../../certificate/certificate.pfx
+CERT_PSSW=""
+
+#checking for parameters
+for i in "$@"
+do
+case $i in
+    -i=*|--install_path=*)
+        INSTALL_PATH="${i#*=}"
+        shift # past argument=value
+        ;;
+    -cf=*|--cert_file=*)
+        CERT_FILE="${i#*=}"
+        shift # past argument=value
+        ;;
+    -cp=*|--cert_pssw=*)
+        CERT_PSSW=${i#*=}
+        shift # past argument=value
+        ;;
+    *)
+        # unknown option
+        ;;
+esac
+done
+
+cd $INSTALL_PATH
+
+CERT_REL=$(realpath --relative-to=$INSTALL_PATH $CERT_FILE)
+CERT_WIN=$(echo "$CERT_REL" | sed 's/^\///' | sed 's/\//\\/g')
+echo "=== Cert win path: $CERT_WIN" 
+
+for file in $(find $INSTALL_PATH -name '*.dll' -or -name '*.exe');
+do
+    FILE_REL=$(realpath --relative-to=$INSTALL_PATH $file)
+    FILE_WIN=$(echo "$FILE_REL" | sed 's/^\///' | sed 's/\//\\/g')
+    echo "=== File win path: $FILE_WIN" 
+    signtool.exe sign //fd SHA256 //f $CERT_WIN //p $CERT_PSSW //t http://timestamp.comodoca.com/authenticode $FILE_WIN
+done
diff --git a/scripts/Windows/internal/2b_installer.sh → scripts/Windows/internal/2c_installer.sh b/scripts/Windows/internal/2b_installer.sh → scripts/Windows/internal/2c_installer.sh