From 9c1d28509179bac89fb6831803d939897acd47da Mon Sep 17 00:00:00 2001 From: Earle Lowe <30607889+emlowe@users.noreply.github.com> Date: Wed, 23 Aug 2023 15:50:36 -0700 Subject: [PATCH] Make sure to sign all EXEs (#16141) * Make sure to sign all EXEs * type dev->dir * Adjust code to sign all EXEs --- build_scripts/build_windows-2-installer.ps1 | 25 ++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/build_scripts/build_windows-2-installer.ps1 b/build_scripts/build_windows-2-installer.ps1 index 38ea75a49714..c612a4e4c242 100644 --- a/build_scripts/build_windows-2-installer.ps1 +++ b/build_scripts/build_windows-2-installer.ps1 @@ -68,14 +68,33 @@ mv temp.json package.json Write-Output " ---" Write-Output " ---" -Write-Output "electron-builder" -electron-builder build --win --x64 --config.productName="Chia" +Write-Output "electron-builder create package directory" +electron-builder build --win --x64 --config.productName="Chia" --dir Get-ChildItem dist\win-unpacked\resources Write-Output " ---" If ($env:HAS_SIGNING_SECRET) { Write-Output " ---" - Write-Output "Sign App" + Write-Output "Sign all EXEs" + Get-ChildItem ".\dist\win-unpacked" -Recurse | Where-Object { $_.Extension -eq ".exe" } | ForEach-Object { + $exePath = $_.FullName + Write-Output "Signing $exePath" + signtool.exe sign /sha1 $env:SM_CODE_SIGNING_CERT_SHA1_HASH /tr http://timestamp.digicert.com /td SHA256 /fd SHA256 $exePath + Write-Output "Verify signature" + signtool.exe verify /v /pa $exePath + } +} Else { + Write-Output "Skipping verify signatures - no authorization to install certificates" +} + +Write-Output " ---" +Write-Output "electron-builder create installer" +electron-builder build --win --x64 --config.productName="Chia" --pd ".\dist\win-unpacked" +Write-Output " ---" + +If ($env:HAS_SIGNING_SECRET) { + Write-Output " ---" + Write-Output "Sign Final Installer App" signtool.exe sign /sha1 $env:SM_CODE_SIGNING_CERT_SHA1_HASH /tr http://timestamp.digicert.com /td SHA256 /fd SHA256 .\dist\ChiaSetup-$packageVersion.exe Write-Output " ---" Write-Output "Verify signature"