|
|
@@ -143,9 +143,47 @@ jobs:
|
|
|
- name: Fix permissions
|
|
|
run: attrib -r appdir/Cryptomator/Cryptomator.exe
|
|
|
shell: pwsh
|
|
|
- - name: Extract integrations DLL for code signing
|
|
|
+ - name: Codesign binaries inside jars
|
|
|
+ run: |
|
|
|
+ $certificate = '${{ secrets.WIN_CODESIGN_P12_BASE64 }}'
|
|
|
+ $password = '${{ secrets.WIN_CODESIGN_P12_PW }}'
|
|
|
+ $certificateSHA1 = '5FC94CE149E5B511E621F53A060AC67CBD446B3A'
|
|
|
+ $description = 'Cryptomator'
|
|
|
+ $timestampUrl = 'http://timestamp.digicert.com'
|
|
|
+ $folder = ".\appdir\Cryptomator\app"
|
|
|
+ $tmpDir = ".\extract"
|
|
|
+ $signtool = $(Get-ChildItem 'C:\Program Files (x86)\Windows Kits\10\bin\' -Recurse -File signtool.exe | Where-Object { $_.Directory.ToString().EndsWith('x64') } | Select-Object -Last 1).FullName
|
|
|
+
|
|
|
+ # preps
|
|
|
+ Install-Module -Name Microsoft.PowerShell.TextUtility -Force -Confirm:$False
|
|
|
+
|
|
|
+ # import certificate
|
|
|
+ $bytes = ConvertFrom-Base64 -EncodedText $certificate -AsByteArray
|
|
|
+ Set-Content -Path ".\certFile" -AsByteStream -Value $bytes
|
|
|
+ & certutil -f -p $password -importpfx ".\certFile"
|
|
|
+
|
|
|
+ # create directory to extract every jar to
|
|
|
+ New-Item -Path $tmpDir -ItemType Directory
|
|
|
+ # iterate over all jars
|
|
|
+ Get-ChildItem -Path $folder -Recurse -File *.jar | ForEach-Object {
|
|
|
+ $jar = Copy-Item $_ -Destination $tmpDir -PassThru
|
|
|
+ Set-Location -Path $tmpDir
|
|
|
+ jar --file=$($_.FullName) --extract
|
|
|
+ Get-ChildItem -Path "." -Recurse -File "*.dll" | ForEach-Object {
|
|
|
+ # sign
|
|
|
+ & $signtool sign /sm /tr ${timestampUrl} /td SHA256 /fd SHA256 /d $description /sha1 $certificateSHA1 $_.FullName
|
|
|
+ # update jar with signed dll
|
|
|
+ jar --file=$($jar.FullName) --update $(Resolve-Path -Relative -Path $_)
|
|
|
+ }
|
|
|
+ # replace old jar with its update
|
|
|
+ Move-Item -Path $($jar.FullName) -Destination $_ -Force
|
|
|
+ # clear extraction dir
|
|
|
+ Remove-Item -Path ".\*" -Force -Recurse
|
|
|
+ Set-Location -Path ".."
|
|
|
+ }
|
|
|
+ # clean up
|
|
|
+ Remove-Item -Path $tmpDir
|
|
|
shell: pwsh
|
|
|
- run: gci ./appdir/Cryptomator/app/mods/ -File integrations-win-*.jar | ForEach-Object {Set-Location -Path $_.Directory; jar --file=$($_.FullName) --extract integrations.dll }
|
|
|
- name: Codesign
|
|
|
uses: skymatic/code-sign-action@v2
|
|
|
with:
|
|
|
@@ -156,10 +194,6 @@ jobs:
|
|
|
timestampUrl: 'http://timestamp.digicert.com'
|
|
|
folder: appdir/Cryptomator
|
|
|
recursive: true
|
|
|
- - name: Repack signed DLL into jar
|
|
|
- shell: pwsh
|
|
|
- run: |
|
|
|
- gci ./appdir/Cryptomator/app/mods/ -File integrations-win-*.jar | ForEach-Object {Set-Location -Path $_.Directory; jar --file=$($_.FullName) --update integrations.dll; Remove-Item integrations.dll}
|
|
|
- name: Generate license for MSI
|
|
|
run: >
|
|
|
mvn -B license:add-third-party
|
Armin Schrenk