mirror of
https://github.com/greenshot/greenshot
synced 2025-08-19 13:10:00 -07:00
First try of getting code signing working.
This commit is contained in:
Robin
parent
9e88119fd9
commit
5951a4705a
3 changed files with 47 additions and 2 deletions
|
|
@ -30,6 +30,7 @@ Fixed:
|
||||||
* FEATURE-919: Allow adding of space around screenshot (use Ctrl + / Ctrl -)
|
* FEATURE-919: Allow adding of space around screenshot (use Ctrl + / Ctrl -)
|
||||||
* FEATURE-945: Added environment variables resolving to the external command
|
* FEATURE-945: Added environment variables resolving to the external command
|
||||||
* FEATURE-949: Updated to Inno-Setup 5.5.9 for improved installer security
|
* FEATURE-949: Updated to Inno-Setup 5.5.9 for improved installer security
|
||||||
|
* FEATURE-958: Added code-signing of Greenshot and the installer, this should help preventing security issues
|
||||||
|
|
||||||
Open issues planned for this version:
|
Open issues planned for this version:
|
||||||
BUG-1872: OneDrive prevents Greenshot hotkeys from working
|
BUG-1872: OneDrive prevents Greenshot hotkeys from working
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
#define ExeName "Greenshot"
|
#define ExeName "Greenshot"
|
||||||
#define Version "@VERSION@"
|
#define Version "@VERSION@"
|
||||||
#define FileVersion "@FILEVERSION@"
|
#define FileVersion "@FILEVERSION@"
|
||||||
|
#define CertificatePassword GetEnv('CertificatePassword')
|
||||||
|
|
||||||
; Include the scripts to install .NET Framework
|
; Include the scripts to install .NET Framework
|
||||||
; See http://www.codeproject.com/KB/install/dotnetfx_innosetup_instal.aspx
|
; See http://www.codeproject.com/KB/install/dotnetfx_innosetup_instal.aspx
|
||||||
|
|
@ -127,6 +128,11 @@ OutputBaseFilename={#ExeName}-INSTALLER-{#FileVersion}
|
||||||
OutputDir=..\
|
OutputDir=..\
|
||||||
PrivilegesRequired=none
|
PrivilegesRequired=none
|
||||||
SetupIconFile=..\..\icons\applicationIcon\icon.ico
|
SetupIconFile=..\..\icons\applicationIcon\icon.ico
|
||||||
|
; Create a SHA1 signature
|
||||||
|
SignTool=SignTool sign /debug /fd sha1 /a /f ..\..\..\Greenshot.pfx /p {#CertificatePassword} /tr http://time.certum.pl /td sha1 $f
|
||||||
|
; Append a SHA256 to the previous SHA1 signature (this is what as does)
|
||||||
|
SignTool=SignTool sign /as /debug /fd sha256 /a /f ..\..\..\Greenshot.pfx /p {#CertificatePassword} /a /tr http://time.certum.pl /td sha256 $f
|
||||||
|
SignedUninstaller=yes
|
||||||
UninstallDisplayIcon={app}\{#ExeName}.exe
|
UninstallDisplayIcon={app}\{#ExeName}.exe
|
||||||
Uninstallable=true
|
Uninstallable=true
|
||||||
VersionInfoCompany={#ExeName}
|
VersionInfoCompany={#ExeName}
|
||||||
|
|
|
||||||
42
build.ps1
42
build.ps1
|
|
@ -23,8 +23,19 @@
|
||||||
################################################################
|
################################################################
|
||||||
|
|
||||||
$version=$env:APPVEYOR_BUILD_VERSION
|
$version=$env:APPVEYOR_BUILD_VERSION
|
||||||
|
if ( !$version ) {
|
||||||
|
$version = "1.3.0.0"
|
||||||
|
}
|
||||||
|
|
||||||
$buildType=$env:build_type
|
$buildType=$env:build_type
|
||||||
|
if ( !$buildType ) {
|
||||||
|
$buildType = "local"
|
||||||
|
}
|
||||||
|
|
||||||
$gitcommit=$env:APPVEYOR_REPO_COMMIT
|
$gitcommit=$env:APPVEYOR_REPO_COMMIT
|
||||||
|
if ( !$gitcommit ) {
|
||||||
|
$gitcommit = "abcdefghijklmnopqrstuvwxy"
|
||||||
|
}
|
||||||
$gitcommit=$gitcommit.SubString(0, [math]::Min($gitcommit.Length, 7))
|
$gitcommit=$gitcommit.SubString(0, [math]::Min($gitcommit.Length, 7))
|
||||||
$detailversion=$version + '-' + $gitcommit + " " + $buildType
|
$detailversion=$version + '-' + $gitcommit + " " + $buildType
|
||||||
$release=(([version]$version).build) % 2 -eq 1
|
$release=(([version]$version).build) % 2 -eq 1
|
||||||
|
|
@ -40,6 +51,27 @@ Function MD5($filename) {
|
||||||
return [System.BitConverter]::ToString($hash) -replace "-", ""
|
return [System.BitConverter]::ToString($hash) -replace "-", ""
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Write the certificate to the file system, so signtool can use it
|
||||||
|
Function PrepareCertificate() {
|
||||||
|
$decodedContentBytes = [System.Convert]::FromBase64String($env:Certificate)
|
||||||
|
$decodedContentBytes | set-content "greenshot.pfx" -encoding byte
|
||||||
|
}
|
||||||
|
|
||||||
|
# Sign the file with Signtool before they are packed in the installer / .zip etc
|
||||||
|
Function SignBinaryFilesBeforeBuildingInstaller() {
|
||||||
|
$sourcebase = "$(get-location)\Greenshot\bin\Release"
|
||||||
|
|
||||||
|
$INCLUDE=@("*.exe", "*.gsp", "*.dll")
|
||||||
|
Get-ChildItem -Path "$sourcebase" -Recurse -Include $INCLUDE | foreach {
|
||||||
|
Write-Host "Signing $_"
|
||||||
|
$signSha1Arguments = @('sign', '/fd ', 'sha1', '/a', '/f', "$(get-location)\Greenshot.pfx", '/p', $env:CertificatePassword, '/tr', 'http://time.certum.pl', '/td', 'sha1', $_)
|
||||||
|
$signSha256Arguments = @('sign', '/as', '/fd ', 'sha256', '/a', '/f', "$(get-location)\Greenshot.pfx", '/p', $env:CertificatePassword, '/tr', 'http://time.certum.pl', '/td', 'sha256', $_)
|
||||||
|
|
||||||
|
Start-Process -wait -PassThru $env:SignTool -ArgumentList $signSha1Arguments -NoNewWindow
|
||||||
|
Start-Process -wait -PassThru $env:SignTool -ArgumentList $signSha256Arguments -NoNewWindow
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
# Fill the templates
|
# Fill the templates
|
||||||
Function FillTemplates {
|
Function FillTemplates {
|
||||||
Write-Host "Filling templates for version $detailversion`n`n"
|
Write-Host "Filling templates for version $detailversion`n`n"
|
||||||
|
|
@ -237,7 +269,8 @@ Function PackageInstaller {
|
||||||
$innoSetup = "$(get-location)\packages\Tools.InnoSetup.5.5.9\tools\ISCC.exe"
|
$innoSetup = "$(get-location)\packages\Tools.InnoSetup.5.5.9\tools\ISCC.exe"
|
||||||
$innoSetupFile = "$(get-location)\greenshot\releases\innosetup\setup.iss"
|
$innoSetupFile = "$(get-location)\greenshot\releases\innosetup\setup.iss"
|
||||||
Write-Host "Starting $innoSetup $innoSetupFile"
|
Write-Host "Starting $innoSetup $innoSetupFile"
|
||||||
$setupResult = Start-Process -wait -PassThru "$innoSetup" -ArgumentList "$innoSetupFile" -NoNewWindow -RedirectStandardOutput "$setupOutput.log" -RedirectStandardError "$setupOutput.error"
|
$arguments = @("/SSignTool=""$env:SignTool `$p""", $innoSetupFile)
|
||||||
|
$setupResult = Start-Process -wait -PassThru "$innoSetup" -ArgumentList $arguments -NoNewWindow -RedirectStandardOutput "$setupOutput.log" -RedirectStandardError "$setupOutput.error"
|
||||||
Write-Host "Log output:"
|
Write-Host "Log output:"
|
||||||
Get-Content "$setupOutput.log"| Write-Host
|
Get-Content "$setupOutput.log"| Write-Host
|
||||||
if ($setupResult.ExitCode -ne 0) {
|
if ($setupResult.ExitCode -ne 0) {
|
||||||
|
|
@ -274,9 +307,14 @@ Function TagCode {
|
||||||
FillTemplates
|
FillTemplates
|
||||||
|
|
||||||
echo "Generating MD5"
|
echo "Generating MD5"
|
||||||
|
|
||||||
MD5Checksums | Set-Content "$(get-location)\Greenshot\bin\Release\checksum.MD5" -encoding UTF8
|
MD5Checksums | Set-Content "$(get-location)\Greenshot\bin\Release\checksum.MD5" -encoding UTF8
|
||||||
|
|
||||||
|
echo "Preparing certificate"
|
||||||
|
PrepareCertificate
|
||||||
|
|
||||||
|
echo "Signing executables"
|
||||||
|
SignBinaryFilesBeforeBuildingInstaller
|
||||||
|
|
||||||
echo "Generating Installer"
|
echo "Generating Installer"
|
||||||
PackageInstaller
|
PackageInstaller
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue