From 71a8e96e07b8f1dfda2c13390cabcfab01c39ac1 Mon Sep 17 00:00:00 2001
From: Matthieu Gautier <mgautier@kymeria.fr>
Date: Thu, 29 Aug 2024 14:30:09 +0200
Subject: [PATCH] [TOREVERT] Temporarly setup signature in CI to be sure
 signature code is working

---
 .github/workflows/ci.yml                 | 31 ++++++++++++++++++++++++
 scripts/package_kiwix-desktop_windows.py |  2 +-
 2 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index fe4c0206..47935bda 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -50,6 +50,37 @@ jobs:
         echo "${{secrets.ssh_key}}" > $SSH_KEY
       env:
         SSH_KEY: ${{ runner.temp }}/id_rsa
+    - name: Install and configure eSigner CKA and Windows SDK
+      if: github.event_name == 'push'
+      env:
+        ESIGNER_URL: https://github.com/SSLcom/eSignerCKA/releases/download/v1.0.7/SSL.COM-eSigner-CKA_1.0.7.zip
+      run: |
+          Set-StrictMode -Version 'Latest'
+
+          # Download and Unzip eSignerCKA Setup
+          Invoke-WebRequest -OutFile eSigner_CKA_Setup.zip "$env:ESIGNER_URL"
+          Expand-Archive -Force eSigner_CKA_Setup.zip
+          Remove-Item eSigner_CKA_Setup.zip
+          Move-Item -Destination “eSigner_CKA_Installer.exe” -Path “eSigner_CKA_*\*.exe”
+
+          # Install eSignerCKA
+          New-Item -ItemType Directory -Force -Path "C:\esigner"
+          ./eSigner_CKA_Installer.exe /CURRENTUSER /VERYSILENT /SUPPRESSMSGBOXES /DIR=”C:\esigner” /TYPE=automatic | Out-Null
+          Remove-Item "eSigner_CKA_Installer.exe"
+
+          # Configure the CKA with SSL.com credentials
+          C:\esigner\eSignerCKATool.exe config -mode product -user "${{ secrets.ESIGNER_USERNAME }}" -pass "${{ secrets.ESIGNER_PASSWORD }}" -totp "${{ secrets.ESIGNER_TOTP_SECRET }}" -key "C:\esigner\master.key" -r
+          C:\esigner\eSignerCKATool.exe unload
+          C:\esigner\eSignerCKATool.exe load
+
+          # Find certificate
+          $CodeSigningCert = Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert | Select-Object -First 1
+          echo Certificate: $CodeSigningCert
+
+          # Extract thumbprint and subject name
+          $Thumbprint = $CodeSigningCert.Thumbprint
+          echo "SIGNTOOL_THUMBPRINT=$Thumbprint" >> $env:GITHUB_ENV
+
     - name: Ensure base deps
       run: |
         python .github\\scripts\\ensure_base_deps.py
diff --git a/scripts/package_kiwix-desktop_windows.py b/scripts/package_kiwix-desktop_windows.py
index 490eec94..5078d3ce 100644
--- a/scripts/package_kiwix-desktop_windows.py
+++ b/scripts/package_kiwix-desktop_windows.py
@@ -48,7 +48,7 @@
 shutil.copy2(ssl_directory / "libcrypto-1_1-x64.dll", out_dir)
 shutil.copy2(ssl_directory / "libssl-1_1-x64.dll", out_dir)
 
-if args.sign:
+if True:
     # We assume here that signtool and certificate are properly configured.
     # Env var `SIGNTOOL_THUMBPRINT` must contain thumbprint of the certificate to use.
     command = [