Merge pull request #3131 from cryptomator/feature/sign-all-dlls

Feature: Sign all dlls to pass Microsoft Windows Smart App control

.github/workflows/win-exe.yml

@@ -143,9 +143,29 @@ jobs:
       - name: Fix permissions
         run: attrib -r appdir/Cryptomator/Cryptomator.exe
         shell: pwsh
-      - name: Extract integrations DLL for code signing
+      - name: Extract jars with DLLs for Codesigning
         shell: pwsh
-        run: gci ./appdir/Cryptomator/app/mods/ -File integrations-win-*.jar | ForEach-Object {Set-Location -Path $_.Directory; jar --file=$($_.FullName) --extract integrations.dll }
+        run: |
+          Add-Type -AssemblyName "System.io.compression.filesystem"
+          $jarFolder = Resolve-Path ".\appdir\Cryptomator\app\mods"
+          $jarExtractDir = New-Item -Path ".\appdir\jar-extract" -ItemType Directory
+
+          #for all jars inspect
+          Get-ChildItem -Path $jarFolder -Filter "*.jar" | ForEach-Object {
+              $jar = [Io.compression.zipfile]::OpenRead($_.FullName)
+              if (@($jar.Entries | Where-Object {$_.Name.ToString().EndsWith(".dll")} | Select-Object -First 1).Count -gt 0) {
+                  #jars containing dlls extract
+                  Set-Location $jarExtractDir
+                  Expand-Archive -Path $_.FullName
+              }
+              $jar.Dispose()
+          }
+      - name: Extract wixhelper.dll for Codesigning #see https://github.com/cryptomator/cryptomator/issues/3130
+        shell: pwsh
+        run: |
+          New-Item -Path appdir/jpackage-jmod -ItemType Directory
+          & $env:JAVA_HOME\bin\jmod.exe extract --dir jpackage-jmod "${env:JAVA_HOME}\jmods\jdk.jpackage.jmod"
+          Get-ChildItem -Recurse -Path "jpackage-jmod" -File wixhelper.dll | Select-Object -Last 1 | Copy-Item -Destination "appdir"
       - name: Codesign
         uses: skymatic/code-sign-action@v2
         with:
@@ -154,12 +174,22 @@ jobs:
           certificatesha1: 5FC94CE149E5B511E621F53A060AC67CBD446B3A
           description: Cryptomator
           timestampUrl: 'http://timestamp.digicert.com'
-          folder: appdir/Cryptomator
+          folder: appdir
           recursive: true
-      - name: Repack signed DLL into jar
+      - name: Replace DLLs inside jars with signed ones
         shell: pwsh
         run: |
-          gci ./appdir/Cryptomator/app/mods/ -File integrations-win-*.jar | ForEach-Object {Set-Location -Path $_.Directory; jar --file=$($_.FullName) --update integrations.dll; Remove-Item integrations.dll}
+          $jarExtractDir = Resolve-Path ".\appdir\jar-extract"
+          $jarFolder = Resolve-Path ".\appdir\Cryptomator\app\mods"
+          Get-ChildItem -Path $jarExtractDir | ForEach-Object {
+              $jarName = $_.Name
+              $jarFile = "${jarFolder}\${jarName}.jar"
+              Set-Location $_
+              Get-ChildItem -Path $_ -Recurse -File "*.dll" | ForEach-Object {
+                  # update jar with signed dll
+                  jar --file="$jarFile" --update $(Resolve-Path -Relative -Path $_)
+              }
+          }
       - name: Generate license for MSI
         run: >
           mvn -B license:add-third-party
@@ -193,6 +223,7 @@ jobs:
           --file-associations dist/win/resources/FAvaultFile.properties
         env:
           JP_WIXWIZARD_RESOURCES: ${{ github.workspace }}/dist/win/resources # requires abs path, used in resources/main.wxs
+          JP_WIXHELPER_DIR: ${{ github.workspace }}\appdir
       - name: Codesign MSI
         uses: skymatic/code-sign-action@v2
         with:

dist/win/build.ps1

@@ -144,6 +144,7 @@ try {
 
 # create .msi
 $Env:JP_WIXWIZARD_RESOURCES = "$buildDir\resources"
+$Env:JP_WIXHELPER_DIR = "."
 & "$Env:JAVA_HOME\bin\jpackage" `
 	--verbose `
 	--type msi `

dist/win/resources/main.wxs

@@ -70,7 +70,7 @@
     <CustomAction Id="JpDisallowDowngrade" Error="!(loc.DowngradeErrorMessage)" />
     <?endif?>
 
-    <Binary Id="JpCaDll" SourceFile="wixhelper.dll"/>
+    <Binary Id="JpCaDll" SourceFile="$(env.JP_WIXHELPER_DIR)\wixhelper.dll"/>
     <CustomAction Id="JpFindRelatedProducts" BinaryKey="JpCaDll" DllEntry="FindRelatedProductsEx" />
 
     <?ifndef SkipCryptomatorLegacyCheck ?>