|
|
@@ -143,53 +143,29 @@ jobs:
|
|
|
- name: Fix permissions
|
|
|
run: attrib -r appdir/Cryptomator/Cryptomator.exe
|
|
|
shell: pwsh
|
|
|
- - name: Codesign binaries inside jars
|
|
|
+ - name: Extract jars with DLLs for Codesigning
|
|
|
+ shell: pwsh
|
|
|
run: |
|
|
|
- $certificate = '${{ secrets.WIN_CODESIGN_P12_BASE64 }}'
|
|
|
- $password = '${{ secrets.WIN_CODESIGN_P12_PW }}'
|
|
|
- $certificateSHA1 = '5FC94CE149E5B511E621F53A060AC67CBD446B3A'
|
|
|
- $description = 'Cryptomator'
|
|
|
- $timestampUrl = 'http://timestamp.digicert.com'
|
|
|
- $folder = ".\appdir\Cryptomator\app"
|
|
|
- $tmpDir = ".\extract"
|
|
|
- $signtool = $(Get-ChildItem 'C:\Program Files (x86)\Windows Kits\10\bin\' -Recurse -File signtool.exe | Where-Object { $_.Directory.ToString().EndsWith('x64') } | Select-Object -Last 1).FullName
|
|
|
-
|
|
|
- # preps
|
|
|
- Install-Module -Name Microsoft.PowerShell.TextUtility -Force -Confirm:$False
|
|
|
-
|
|
|
- # import certificate
|
|
|
- $bytes = ConvertFrom-Base64 -EncodedText $certificate -AsByteArray
|
|
|
- Set-Content -Path ".\certFile" -AsByteStream -Value $bytes
|
|
|
- & certutil -f -p $password -importpfx ".\certFile"
|
|
|
+ Add-Type -AssemblyName "System.io.compression.filesystem"
|
|
|
+ $jarFolder = Resolve-Path ".\appdir\Cryptomator\app\mods"
|
|
|
+ $jarExtractDir = New-Item -Path ".\appdir\jar-extract" -ItemType Directory
|
|
|
|
|
|
- # create directory to extract every jar to
|
|
|
- New-Item -Path $tmpDir -ItemType Directory > $null
|
|
|
- # iterate over all jars
|
|
|
- Get-ChildItem -Path $folder -Recurse -File *.jar | ForEach-Object {
|
|
|
- $jar = Copy-Item $_ -Destination $tmpDir -PassThru
|
|
|
- Set-Location -Path $tmpDir
|
|
|
- jar --file=$($_.FullName) --extract
|
|
|
- Get-ChildItem -Path "." -Recurse -File "*.dll" | ForEach-Object {
|
|
|
- # sign
|
|
|
- & $signtool sign /sm /tr ${timestampUrl} /td SHA256 /fd SHA256 /d $description /sha1 $certificateSHA1 $_.FullName
|
|
|
- # update jar with signed dll
|
|
|
- jar --file=$($jar.FullName) --update $(Resolve-Path -Relative -Path $_)
|
|
|
+ #for all jars inspect
|
|
|
+ Get-ChildItem -Path $jarFolder -Filter "*.jar" | ForEach-Object {
|
|
|
+ $jar = [Io.compression.zipfile]::OpenRead($_.FullName)
|
|
|
+ if (@($jar.Entries | Where-Object {$_.Name.ToString().EndsWith(".dll")} | Select-Object -First 1).Count -gt 0) {
|
|
|
+ #jars containing dlls extract
|
|
|
+ Set-Location $jarExtractDir
|
|
|
+ Expand-Archive -Path $_.FullName
|
|
|
}
|
|
|
- # replace old jar with its update
|
|
|
- Move-Item -Path $($jar.FullName) -Destination $_ -Force
|
|
|
- # clear extraction dir
|
|
|
- Remove-Item -Path ".\*" -Force -Recurse
|
|
|
- Set-Location -Path ".."
|
|
|
+ $jar.Dispose()
|
|
|
}
|
|
|
- # clean up
|
|
|
- Remove-Item -Path $tmpDir
|
|
|
- shell: pwsh
|
|
|
- name: Extract wixhelper.dll for Codesigning #see https://github.com/cryptomator/cryptomator/issues/3130
|
|
|
+ shell: pwsh
|
|
|
run: |
|
|
|
New-Item -Path appdir/jpackage-jmod -ItemType Directory
|
|
|
& $env:JAVA_HOME\bin\jmod.exe extract --dir jpackage-jmod "${env:JAVA_HOME}\jmods\jdk.jpackage.jmod"
|
|
|
Get-ChildItem -Recurse -Path "jpackage-jmod" -File wixhelper.dll | Select-Object -Last 1 | Copy-Item -Destination "appdir"
|
|
|
- shell: pwsh
|
|
|
- name: Codesign
|
|
|
uses: skymatic/code-sign-action@v2
|
|
|
with:
|
|
|
@@ -200,6 +176,20 @@ jobs:
|
|
|
timestampUrl: 'http://timestamp.digicert.com'
|
|
|
folder: appdir
|
|
|
recursive: true
|
|
|
+ - name: Replace DLLs inside jars with signed ones
|
|
|
+ shell: pwsh
|
|
|
+ run: |
|
|
|
+ $jarExtractDir = Resolve-Path ".\appdir\jar-extract"
|
|
|
+ $jarFolder = Resolve-Path ".\appdir\Cryptomator\app\mods"
|
|
|
+ Get-ChildItem -Path $jarExtractDir | ForEach-Object {
|
|
|
+ $jarName = $_.Name
|
|
|
+ $jarFile = "${jarFolder}\${jarName}.jar"
|
|
|
+ Set-Location $_
|
|
|
+ Get-ChildItem -Path $_ -Recurse -File "*.dll" | ForEach-Object {
|
|
|
+ # update jar with signed dll
|
|
|
+ jar --file="$jarFile" --update $(Resolve-Path -Relative -Path $_)
|
|
|
+ }
|
|
|
+ }
|
|
|
- name: Generate license for MSI
|
|
|
run: >
|
|
|
mvn -B license:add-third-party
|
Armin Schrenk