win app signing

valory-xyz · Dec 4, 2024 · 501722d · 501722d
1 parent 69bf163
commit 501722d
Show file tree

Hide file tree

Showing 5 changed files with 45 additions and 2 deletions.
diff --git a/.github/workflows/release_win.yml b/.github/workflows/release_win.yml
@@ -94,6 +94,35 @@ jobs:
         run: yarn install:frontend
 
 
+      - name: Setup Certificate 
+        run: | 
+          echo "${{secrets.SM_CLIENT_CERT_FILE_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12 
+        shell: bash             
+
+      - name: Set variables 
+        id: variables 
+        run: | 
+          echo "::set-output name=version::${GITHUB_REF#refs/tags/v}" 
+          echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV" 
+          echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV" 
+          echo "SM_KEY_PAIR_ALIAS=${{ secrets.SM_KEY_PAIR_ALIAS }}" >> "$GITHUB_ENV" 
+          echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV" 
+          echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV" 
+          echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH 
+          echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" >> $GITHUB_PATH 
+          echo "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools" >> $GITHUB_PATH 
+        shell: bash  
+
+      - name: Setup SSM KSP on windows latest 
+        run: | 
+          curl -X GET  https://one.digicert.com/signingmanager/api-ui/v1/releases/smtools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o smtools-windows-x64.msi 
+          msiexec /i smtools-windows-x64.msi /quiet /qn 
+          smksp_registrar.exe list 
+          smctl.exe keypair ls 
+          C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user 
+          smksp_cert_sync.exe 
+
+        shell: cmd 
       - name: set env vars to prod.env
         env:
           NODE_ENV: ${{ matrix.env }}

diff --git a/build-win.js b/build-win.js
@@ -33,6 +33,7 @@ const main = async () => {
       win: {
         publish: publishOptions,
         icon: 'electron/assets/icons/splash-robot-head-dock.png',
+        signtoolOptions: { sign: "./customSign.js", },
       },
       extraResources: [
         {

diff --git a/customSign.js b/customSign.js
@@ -0,0 +1,13 @@
+exports.default = async function (configuration) {
+    const SM_KEY_PAIR_ALIAS = process.env.SM_KEY_PAIR_ALIAS;
+    if (configuration.path) {
+        if (SM_KEY_PAIR_ALIAS) {
+            console.log(`Sign ${configuration.path}`);
+            require("child_process").execSync(
+                `"C:\\Program Files\\DigiCert\\DigiCert One Signing Manager Tools\\smctl.exe" sign --keypair-alias=${SM_KEY_PAIR_ALIAS} --input "${String(configuration.path)}"`
+            );
+        } else {
+            console.log(`SKIP SIGN ${configuration.path}. no env var SM_KEY_PAIR_ALIAS specified`);
+        }
+    }
+};
diff --git a/package.json b/package.json
@@ -63,5 +63,5 @@
     "download-binaries": "sh download_binaries.sh",
     "build:pearl": "sh build_pearl.sh"
   },
-  "version": "0.1.0-rc205"
+  "version": "0.1.0-rc213"
 }
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "olas-operate-middleware"
-version = "0.1.0-rc205"
+version = "0.1.0-rc213"
 description = ""
 authors = ["David Vilela <[email protected]>", "Viraj Patel <[email protected]>"]
 readme = "README.md"