mudhorn/oh-my-posh
1
0
Fork 0
mirror of https://github.com/JanDeDobbeleer/oh-my-posh.git synced 2025-02-02 05:41:10 -08:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat(windows): sign executables

Browse source 
resolves #767
This commit is contained in:
Jan De Dobbeleer 2022-06-19 20:00:31 +02:00 committed by Jan De Dobbeleer
parent 17857db340
commit 0c966cc429
2 changed files with 27 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.github/workflows/inno.yml vendored
View file

@ -18,6 +18,9 @@ jobs:
uses: actions/checkout@v2 uses: actions/checkout@v2
- name: Build installer 📦 - name: Build installer 📦
id: build id: build
env:
CERTIFICATE: ${{ secrets.CERTIFICATE }}
CERTIFICATE_PASSWORD: ${{ secrets.CERTIFICATE_PASSWORD }}
run: | run: |
$version = $env:GITHUB_REF.TrimStart("refs/tags/v") $version = $env:GITHUB_REF.TrimStart("refs/tags/v")
./build.ps1 -Architecture ${{ matrix.arch }} -Version $version ./build.ps1 -Architecture ${{ matrix.arch }} -Version $version

28
packages/inno/build.ps1
View file

@ -8,14 +8,30 @@ Param
$Version $Version
) )
$sign = $false
$pfxPath = Join-Path -Path $env:RUNNER_TEMP -ChildPath "cert.pfx"
$signtool = 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.22000.0/x86/signtool.exe'
if ($env:CERTIFICATE -ne "") {
# create a base64 encoded value of your certificate using
# [convert]::ToBase64String((Get-Content -path "certificate.pfx" -AsByteStream))
# requires Windows Dev Kit 10.0.22000.0
$encodedBytes = [System.Convert]::FromBase64String($env:CERTIFICATE)
Set-Content -Path $pfxPath -Value $encodedBytes -AsByteStream
$sign = $true
}
New-Item -Path "." -Name "bin" -ItemType Directory New-Item -Path "." -Name "bin" -ItemType Directory
Copy-Item -Path "../../themes" -Destination "./bin" -Recurse Copy-Item -Path "../../themes" -Destination "./bin" -Recurse
# download the files and pack them # download the file
@{file = "posh-windows-$Architecture.exe"; name = "oh-my-posh.exe" } | ForEach-Object -Process { $file = "posh-windows-$Architecture.exe"
$download = "https://github.com/jandedobbeleer/oh-my-posh/releases/download/v$Version/$($_.file)" $name = "oh-my-posh.exe"
Invoke-WebRequest $download -Out "./bin/$($_.name)" $download = "https://github.com/jandedobbeleer/oh-my-posh/releases/download/v$Version/$($file)"
Invoke-WebRequest $download -Out "./bin/$($name)"
if ($sign) {
& $signtool sign /f $pfxPath /p $env:CERTIFICATE_PASSWORD /t http://timestamp.digicert.com "./bin/$($name)"
} }
# license # license
Invoke-WebRequest "https://raw.githubusercontent.com/JanDeDobbeleer/oh-my-posh/v$Version/COPYING" -Out "./bin/COPYING.txt" Invoke-WebRequest "https://raw.githubusercontent.com/JanDeDobbeleer/oh-my-posh/v$Version/COPYING" -Out "./bin/COPYING.txt"
$content = Get-Content '.\oh-my-posh.iss' -Raw $content = Get-Content '.\oh-my-posh.iss' -Raw
@ -25,6 +41,10 @@ $content | Out-File -Encoding 'UTF8' $ISSName
# package content # package content
$installer = "install-$Architecture" $installer = "install-$Architecture"
ISCC.exe /F$installer $ISSName ISCC.exe /F$installer $ISSName
if ($sign) {
& $signtool sign /f $pfxPath /p $env:CERTIFICATE_PASSWORD /t http://timestamp.digicert.com "Output/$installer.exe"
Remove-Item -Path $pfxPath
}
# get hash # get hash
$zipHash = Get-FileHash "Output/$installer.exe" -Algorithm SHA256 $zipHash = Get-FileHash "Output/$installer.exe" -Algorithm SHA256
$zipHash.Hash | Out-File -Encoding 'UTF8' "Output/$installer.exe.sha256" $zipHash.Hash | Out-File -Encoding 'UTF8' "Output/$installer.exe.sha256"