mirror of
https://github.com/FiloSottile/age.git
synced 2025-12-23 13:35:14 +00:00
.github/workflows: sign Windows binaries
Fixes #326 Closes #328 Co-authored-by: Joshua Small <technion@lolware.net>
This commit is contained in:
Filippo Valsorda
10
.github/workflows/build.yml
vendored
10
.github/workflows/build.yml
vendored
@@ -10,6 +10,7 @@ jobs:
|
||||
build:
|
||||
name: Build binaries
|
||||
runs-on: ubuntu-latest
|
||||
environment: "Build, sign, release binaries"
|
||||
steps:
|
||||
- name: Install Go
|
||||
uses: actions/setup-go@v2
|
||||
@@ -21,6 +22,7 @@ jobs:
|
||||
fetch-depth: 0
|
||||
- name: Build binaries
|
||||
run: |
|
||||
sudo apt-get update && sudo apt-get install -y osslsigncode
|
||||
cp LICENSE "$RUNNER_TEMP/LICENSE"
|
||||
echo -e "\n---\n" >> "$RUNNER_TEMP/LICENSE"
|
||||
curl "https://golang.org/LICENSE?m=text" >> "$RUNNER_TEMP/LICENSE"
|
||||
@@ -31,6 +33,14 @@ jobs:
|
||||
cp "$RUNNER_TEMP/LICENSE" "$DIR/age"
|
||||
go build -o "$DIR/age" -ldflags "-X main.Version=$VERSION" -trimpath ./cmd/...
|
||||
if [ "$GOOS" == "windows" ]; then
|
||||
for exe in "$DIR"/age/*.exe; do
|
||||
/usr/bin/osslsigncode sign -t "http://timestamp.comodoca.com" \
|
||||
-certs .github/workflows/certs/uitacllc.crt \
|
||||
-key .github/workflows/certs/uitacllc.key \
|
||||
-pass "${{ secrets.SIGN_PASS }}" \
|
||||
-n age -in "$exe" -out "$exe.signed"
|
||||
mv "$exe.signed" "$exe"
|
||||
done
|
||||
( cd "$DIR"; zip age.zip -r age )
|
||||
mv "$DIR/age.zip" "age-$VERSION-$GOOS-$GOARCH.zip"
|
||||
else
|
||||
|
||||
14
.github/workflows/certs/README
vendored
Normal file
14
.github/workflows/certs/README
vendored
Normal file
@@ -0,0 +1,14 @@
|
||||
In this folder there are
|
||||
|
||||
uitacllc.crt
|
||||
|
||||
PKCS#7 encoded certificate chain for a code signing certificate issued
|
||||
to Up in the Air Consulting LLC valid until Sep 26 23:59:59 2024 GMT.
|
||||
|
||||
https://crt.sh/?id=5339775059
|
||||
|
||||
uitacllc.key
|
||||
|
||||
PEM encrypted private key for the leaf certificate above.
|
||||
Its passphrase is long and randomly generated, so the awful legacy key
|
||||
derivation doesn't really matter, and it makes osslsigncode happy.
|
||||
BIN
.github/workflows/certs/uitacllc.crt
vendored
Normal file
BIN
.github/workflows/certs/uitacllc.crt
vendored
Normal file
Binary file not shown.
42
.github/workflows/certs/uitacllc.key
vendored
Normal file
42
.github/workflows/certs/uitacllc.key
vendored
Normal file
@@ -0,0 +1,42 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
Proc-Type: 4,ENCRYPTED
|
||||
DEK-Info: AES-256-CBC,B93C1A166F3677D68FB9CB3E8A184729
|
||||
|
||||
UriYsaq3tLyvycDDB2YeQ+9L1P5VCPcfVkYR1ocleF8WxNDUPdz3RqbryAZZdXVO
|
||||
0bcvAHTXkdI4Oiw5mN0S8fGsNq9zn+pyResx3lXtgN3oCDCe2SQn28uEEKxPzud5
|
||||
0NRXYoBP+pLDjiuQ/6Lp7DovnAO/uxaPFvYRMiknNVOhwyHGWZyuUe01S9J9im7y
|
||||
vgc1wkyQzmABIhARynEXHp3KnM9aF8X1/ck839lQRBFrvRFNm5rqiON26spr1Hu5
|
||||
znrbVGROYk0XNdH5VHDk7V9k+v2WLL/b4nxlMymZpDzr9pXzX8olpLnQrarsMbHe
|
||||
ysfXNTtQi5Dq6KXURW8VA4DmxAzTRNUxe2aA4JnAEyFU5LDLetTN9F9M7BUkHbXH
|
||||
RpSbZqDjPwg7U98vuSwxjIkncHSiYYi3FmSoupLvV+eIP6qRSgONdzGlP5NTn4Lh
|
||||
N1lYMPHPldH6UjLHrldkYN16TQlrqNHZExN91XvsZVjpyAgErY18xwi3CTEco45D
|
||||
fRqsiWXtoas4LkafhSY0vfl5aFhY9YPUpS6uFdgWBvgcQeYb8meX5Nr4dNXVk5Wa
|
||||
yRlYlW/X0TWC0T9qaBOPN/z7OWO5aL4jYRcKQQ+aR8gFcHGGCpRAKD369OneXfOQ
|
||||
MD9UHoPG4WTBg/NU9OSskcywfuSOkwAGfBVNXrnEj6tYFjsjYK2nC2gm+opUCfm0
|
||||
a1FeDb5nQSOgOJKUCO6Aj+0NvDvVLUOsTk1lfzSugIkmUOdV+rXHnrZC+90q8KfN
|
||||
S2JlzwSZNg0e+VxZpnD7k7axHkbHrbebtrLvzKVnrh3s0OFAXN0isMw7yhhWtzUe
|
||||
mPoQTZusLDOAJe/QPuNlDUgr4uoVZtoXrPzoZZkw2VFLwYy2g/EYvlK9BdVVTnRm
|
||||
9Hq9IBDrZw+SV/7roaeVOXbzrQoxEoXcL7eo6iWvV5Q7Ll5C4ovelHKy3IAzcpYP
|
||||
6LKfxAO2sIKTALrHbtBNG+O4RTtxOva1hyg27V4v2k53CF/GhoBRPSpbbupwppXc
|
||||
lJJ9RtMTRfhCv/ObhdsJED+YUqFifTJfcnQ1iGN8dnBuGrjXxVCN0wgmv46Pdhn0
|
||||
tUfGlkFquOOWamaVaIvp6JCVUDa1ezMzleILoYvrxvOuP+dGVrwTwVCXpx4JuUgp
|
||||
d72/w+EnqlZnwsAzdrErJFXnHux981ZoojmG94km1B6gPPwMB8JRcD67lfhG/vne
|
||||
IpTuuzGaSInf24cGNig01hbBuKSg79yNY0llkECPBXbEhfkemEMhg1WHoNP2eG8j
|
||||
MHS5OCT5KiOfi77pSO3M2mGB1HWYE5R0lcMibukK9ZdyIYcTeMZ0RcGm6YSNv570
|
||||
ok/Ex4LUCW66AIWFefmbIOtJSIMHlNKWRPJwnJxVoE5qgH0f/2xL3k15vpI55lAS
|
||||
sabzegnYlElPbUlZGhgwjKknxgqMhFIW/ZS0h2FukFLwipr4qI47nHWz5dguNkYn
|
||||
48sSKg3YMhVx/sT+X2A/6zqsC+p4PT7Ti5ruWb7S9L9vRuBdIDNE9qAwuz0g8Bs3
|
||||
WhOx6OW2ZqDQEuRhN0lyGA0mwRC4HPFE9b8dnN8lNm+RsnMfNoFxzPnqtsxhEAwa
|
||||
2a4ijT97ka94lDy7WQ2bwLRz7trKV/T6MeETKE4s7+z2dMTr1f8IwA2uCovFmO9T
|
||||
aMQAePFEtDT3qwIPu0zH1ocSCkZ50f7RgVmp4FNn03uT/TnsASrr5CS9m8A9gjEn
|
||||
QiztQyqt27fTT61YkNdA6lwbpFiByugVbS+mWsNa9kvBkgQkcMQwgrELmU9sYdBT
|
||||
nRMa60i0nEINT/x3zFvT6R7Dl/O8/QhXLeYv20X2roghPw48IovLb8x7dT3YEQSn
|
||||
ARIXXVPxwOVvS8xcCa69/+1HjC6vNG9dNNnAsVHxB8mDTBqmmLzAMOVzDoNWEgDd
|
||||
zoRhQ3ORb1brPlKWg8um/svLiSV63ZYi2J8LPamoGmZ/7J8i5rjOpOeG493UICBR
|
||||
JymmYGUo6/C1Ze8swdMHApVU/spo0s8BCGkMjYUAaxXD7RufN2DuY30Vny/DMn4y
|
||||
XasuHS9RstD2Okv25PD06Y2H52HJ6MNdArmPZRe0k2ZbhATs5dXOfmaF5Z0f4IkE
|
||||
G+hsxE1wlCo900ewntx16sBCbI0v9aE+Napf2+ueqPQ06CdfiTG5yOmeXzgR/8zS
|
||||
KVmTHpmmFpYtj/N350BLAVb/Hwzmh+ieWnO7TUjvNAHUn2i5LZU65rN3GOlPyIlz
|
||||
DzB2T6KjOUPFKqSRrIin14HLyf5w0vDuJhe5Zpe0hhYKvoKhwCEVefbmkasWeso3
|
||||
xsXxOOoL39GA0QpYjR6ztqR8fS9jTeu5IY+zY5LO8yS7+StP3H8CcqRMuxb3ntym
|
||||
-----END RSA PRIVATE KEY-----
|
||||
Reference in New Issue
Block a user