Use user-provided codesign
script for Windows signing
The `app/win/codesign` script should take a path to a file and a description (`/d` parameter to `signtool.exe`) and sign the file using whatever process the certificate authority requires.
This commit is contained in:
parent
38dc364f57
commit
db19e52547
4 changed files with 10 additions and 49 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -3,3 +3,4 @@ node_modules
|
|||
build/
|
||||
.signatures.json
|
||||
tmp
|
||||
app/win/codesign
|
||||
|
|
44
app/build.sh
44
app/build.sh
|
@ -672,13 +672,7 @@ if [ $BUILD_WIN == 1 ]; then
|
|||
|
||||
# Sign updater
|
||||
if [ $SIGN -eq 1 ]; then
|
||||
"`cygpath -u \"$SIGNTOOL\"`" \
|
||||
sign /n "$SIGNTOOL_CERT_SUBJECT" \
|
||||
/d "$SIGNATURE_DESC Updater" \
|
||||
/fd SHA256 \
|
||||
/tr "$SIGNTOOL_TIMESTAMP_SERVER" \
|
||||
/td SHA256 \
|
||||
"`cygpath -w \"$APPDIR/updater.exe\"`"
|
||||
"$CALLDIR/win/codesign" "$APPDIR/updater.exe" "$SIGNATURE_DESC Updater"
|
||||
fi
|
||||
|
||||
# Copy app files
|
||||
|
@ -742,13 +736,7 @@ if [ $BUILD_WIN == 1 ]; then
|
|||
mv "$BUILD_DIR/win_installer/helper.exe" "$APPDIR/uninstall"
|
||||
|
||||
if [ $SIGN -eq 1 ]; then
|
||||
"`cygpath -u \"$SIGNTOOL\"`" \
|
||||
sign /n "$SIGNTOOL_CERT_SUBJECT" \
|
||||
/d "$SIGNATURE_DESC Uninstaller" \
|
||||
/fd SHA256 \
|
||||
/tr "$SIGNTOOL_TIMESTAMP_SERVER" \
|
||||
/td SHA256 \
|
||||
"`cygpath -w \"$APPDIR/uninstall/helper.exe\"`"
|
||||
"$CALLDIR/win/codesign" "$APPDIR/uninstall/helper.exe" "$SIGNATURE_DESC Uninstaller"
|
||||
sleep $SIGNTOOL_DELAY
|
||||
fi
|
||||
|
||||
|
@ -762,15 +750,7 @@ if [ $BUILD_WIN == 1 ]; then
|
|||
fi
|
||||
|
||||
if [ $SIGN -eq 1 ]; then
|
||||
# Sign zotero.exe
|
||||
"`cygpath -u \"$SIGNTOOL\"`" \
|
||||
sign /n "$SIGNTOOL_CERT_SUBJECT" \
|
||||
/d "$SIGNATURE_DESC" \
|
||||
/du "$SIGNATURE_URL" \
|
||||
/fd SHA256 \
|
||||
/tr "$SIGNTOOL_TIMESTAMP_SERVER" \
|
||||
/td SHA256 \
|
||||
"`cygpath -w \"$APPDIR/zotero.exe\"`"
|
||||
"$CALLDIR/win/codesign" "$APPDIR/zotero.exe" "$SIGNATURE_DESC"
|
||||
sleep $SIGNTOOL_DELAY
|
||||
fi
|
||||
|
||||
|
@ -793,14 +773,7 @@ if [ $BUILD_WIN == 1 ]; then
|
|||
mv "$BUILD_DIR/win_installer/setup.exe" "$INSTALLER_STAGE_DIR"
|
||||
|
||||
if [ $SIGN == 1 ]; then
|
||||
"`cygpath -u \"$SIGNTOOL\"`" \
|
||||
sign /n "$SIGNTOOL_CERT_SUBJECT" \
|
||||
/d "$SIGNATURE_DESC Setup" \
|
||||
/du "$SIGNATURE_URL" \
|
||||
/fd SHA256 \
|
||||
/tr "$SIGNTOOL_TIMESTAMP_SERVER" \
|
||||
/td SHA256 \
|
||||
"`cygpath -w \"$INSTALLER_STAGE_DIR/setup.exe\"`"
|
||||
"$CALLDIR/win/codesign" "$INSTALLER_STAGE_DIR/setup.exe" "$SIGNATURE_DESC Setup"
|
||||
sleep $SIGNTOOL_DELAY
|
||||
fi
|
||||
|
||||
|
@ -814,14 +787,7 @@ if [ $BUILD_WIN == 1 ]; then
|
|||
|
||||
# Sign installer .exe
|
||||
if [ $SIGN == 1 ]; then
|
||||
"`cygpath -u \"$SIGNTOOL\"`" \
|
||||
sign /n "$SIGNTOOL_CERT_SUBJECT" \
|
||||
/d "$SIGNATURE_DESC Setup" \
|
||||
/du "$SIGNATURE_URL" \
|
||||
/fd SHA256 \
|
||||
/tr "$SIGNTOOL_TIMESTAMP_SERVER" \
|
||||
/td SHA256 \
|
||||
"`cygpath -w \"$INSTALLER_PATH\"`"
|
||||
"$CALLDIR/win/codesign" "$INSTALLER_PATH" "$SIGNATURE_DESC Installer"
|
||||
fi
|
||||
|
||||
chmod 755 "$INSTALLER_PATH"
|
||||
|
|
|
@ -28,13 +28,7 @@ NOTARIZATION_PASSWORD=""
|
|||
# Paths for Windows installer build
|
||||
NSIS_DIR='C:\Program Files (x86)\NSIS\'
|
||||
|
||||
# Paths for Windows installer build only necessary for signed binaries
|
||||
SIGNTOOL='C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x64\signtool.exe'
|
||||
SIGNATURE_DESC='Zotero'
|
||||
SIGNATURE_URL='https://www.zotero.org/'
|
||||
SIGNTOOL_CERT_SUBJECT="Corporation for Digital Scholarship"
|
||||
SIGNTOOL_TIMESTAMP_SERVER="http://timestamp.sectigo.com"
|
||||
SIGNTOOL_DELAY=15
|
||||
SIGNTOOL_DELAY=5
|
||||
|
||||
# Directory for unpacked binaries
|
||||
STAGE_DIR="$DIR/staging"
|
||||
|
|
|
@ -93,9 +93,9 @@ if [ $platform = "w" ]; then
|
|||
echo -n "Checking for uuidgen: "
|
||||
which uuidgen || { $FAIL_CMD; FAILED=1; }
|
||||
|
||||
echo -n "Checking for signtool: "
|
||||
if [ -x "`cygpath -u \"$SIGNTOOL\"`" ]; then
|
||||
echo "`cygpath -u \"$SIGNTOOL\"`"
|
||||
echo -n "Checking for code-signing script: "
|
||||
if [ -x "$APP_ROOT_DIR/win/codesign" ]; then
|
||||
echo "$APP_ROOT_DIR/win/codesign"
|
||||
else
|
||||
$FAIL_CMD
|
||||
FAILED=1
|
||||
|
|
Loading…
Reference in a new issue