mirrors/cryptomator
1
0
Fork 0
mirror of https://github.com/cryptomator/cryptomator.git synced 2026-05-14 08:41:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refactor extraction and singing in seperate steps

Browse Source
This commit is contained in:
Armin Schrenk
2023-10-11 12:55:05 +02:00
parent 0d805b2d43
commit 9b55f6fc56
1 changed files with 31 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
.github/workflows/win-exe.yml vendored
View File

@@ -143,53 +143,29 @@ jobs:
- name: Fix permissions
run: attrib -r appdir/Cryptomator/Cryptomator.exe
shell: pwsh
- name: Codesign binaries inside jars
run: |
$certificate = '${{ secrets.WIN_CODESIGN_P12_BASE64 }}'
$password = '${{ secrets.WIN_CODESIGN_P12_PW }}'
$certificateSHA1 = '5FC94CE149E5B511E621F53A060AC67CBD446B3A'
$description = 'Cryptomator'
$timestampUrl = 'http://timestamp.digicert.com'
$folder = ".\appdir\Cryptomator\app"
$tmpDir = ".\extract"
$signtool = $(Get-ChildItem 'C:\Program Files (x86)\Windows Kits\10\bin\' -Recurse -File signtool.exe | Where-Object { $_.Directory.ToString().EndsWith('x64') } | Select-Object -Last 1).FullName
# preps
Install-Module -Name Microsoft.PowerShell.TextUtility -Force -Confirm:$False
# import certificate
$bytes = ConvertFrom-Base64 -EncodedText $certificate -AsByteArray
Set-Content -Path ".\certFile" -AsByteStream -Value $bytes
& certutil -f -p $password -importpfx ".\certFile"
# create directory to extract every jar to
New-Item -Path $tmpDir -ItemType Directory > $null
# iterate over all jars
Get-ChildItem -Path $folder -Recurse -File *.jar | ForEach-Object {
$jar = Copy-Item $_ -Destination $tmpDir -PassThru
Set-Location -Path $tmpDir
jar --file=$($_.FullName) --extract
Get-ChildItem -Path "." -Recurse -File "*.dll" | ForEach-Object {
# sign
& $signtool sign /sm /tr ${timestampUrl} /td SHA256 /fd SHA256 /d $description /sha1 $certificateSHA1 $_.FullName
# update jar with signed dll
jar --file=$($jar.FullName) --update $(Resolve-Path -Relative -Path $_)
}
# replace old jar with its update
Move-Item -Path $($jar.FullName) -Destination $_ -Force
# clear extraction dir
Remove-Item -Path ".\*" -Force -Recurse
Set-Location -Path ".."
}
# clean up
Remove-Item -Path $tmpDir
- name: Extract jars with DLLs for Codesigning
shell: pwsh
run: |
Add-Type -AssemblyName "System.io.compression.filesystem"
$jarFolder = Resolve-Path ".\appdir\Cryptomator\app\mods"
$jarExtractDir = New-Item -Path ".\appdir\jar-extract" -ItemType Directory
#for all jars inspect
Get-ChildItem -Path $jarFolder -Filter "*.jar" | ForEach-Object {
$jar = [Io.compression.zipfile]::OpenRead($_.FullName)
if (@($jar.Entries | Where-Object {$_.Name.ToString().EndsWith(".dll")} | Select-Object -First 1).Count -gt 0) {
#jars containing dlls extract
Set-Location $jarExtractDir
Expand-Archive -Path $_.FullName
}
$jar.Dispose()
}
- name: Extract wixhelper.dll for Codesigning #see https://github.com/cryptomator/cryptomator/issues/3130
shell: pwsh
run: |
New-Item -Path appdir/jpackage-jmod -ItemType Directory
& $env:JAVA_HOME\bin\jmod.exe extract --dir jpackage-jmod "${env:JAVA_HOME}\jmods\jdk.jpackage.jmod"
Get-ChildItem -Recurse -Path "jpackage-jmod" -File wixhelper.dll | Select-Object -Last 1 | Copy-Item -Destination "appdir"
shell: pwsh
- name: Codesign
uses: skymatic/code-sign-action@v2
with:
@@ -200,6 +176,20 @@ jobs:
timestampUrl: 'http://timestamp.digicert.com'
folder: appdir
recursive: true
- name: Replace DLLs inside jars with signed ones
shell: pwsh
run: |
$jarExtractDir = Resolve-Path ".\appdir\jar-extract"
$jarFolder = Resolve-Path ".\appdir\Cryptomator\app\mods"
Get-ChildItem -Path $jarExtractDir | ForEach-Object {
$jarName = $_.Name
$jarFile = "${jarFolder}\${jarName}.jar"
Set-Location $_
Get-ChildItem -Path $_ -Recurse -File "*.dll" | ForEach-Object {
# update jar with signed dll
jar --file="$jarFile" --update $(Resolve-Path -Relative -Path $_)
}
}
- name: Generate license for MSI
run: >
mvn -B license:add-third-party