mirror of
https://github.com/greenshot/greenshot
synced 2025-08-19 04:59:30 -07:00
First try of getting code signing working.
This commit is contained in:
Robin
parent
9e88119fd9
commit
5951a4705a
3 changed files with 47 additions and 2 deletions
|
|
@ -30,6 +30,7 @@ Fixed:
|
|||
* FEATURE-919: Allow adding of space around screenshot (use Ctrl + / Ctrl -)
|
||||
* FEATURE-945: Added environment variables resolving to the external command
|
||||
* FEATURE-949: Updated to Inno-Setup 5.5.9 for improved installer security
|
||||
* FEATURE-958: Added code-signing of Greenshot and the installer, this should help preventing security issues
|
||||
|
||||
Open issues planned for this version:
|
||||
BUG-1872: OneDrive prevents Greenshot hotkeys from working
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
#define ExeName "Greenshot"
|
||||
#define Version "@VERSION@"
|
||||
#define FileVersion "@FILEVERSION@"
|
||||
#define CertificatePassword GetEnv('CertificatePassword')
|
||||
|
||||
; Include the scripts to install .NET Framework
|
||||
; See http://www.codeproject.com/KB/install/dotnetfx_innosetup_instal.aspx
|
||||
|
|
@ -127,6 +128,11 @@ OutputBaseFilename={#ExeName}-INSTALLER-{#FileVersion}
|
|||
OutputDir=..\
|
||||
PrivilegesRequired=none
|
||||
SetupIconFile=..\..\icons\applicationIcon\icon.ico
|
||||
; Create a SHA1 signature
|
||||
SignTool=SignTool sign /debug /fd sha1 /a /f ..\..\..\Greenshot.pfx /p {#CertificatePassword} /tr http://time.certum.pl /td sha1 $f
|
||||
; Append a SHA256 to the previous SHA1 signature (this is what as does)
|
||||
SignTool=SignTool sign /as /debug /fd sha256 /a /f ..\..\..\Greenshot.pfx /p {#CertificatePassword} /a /tr http://time.certum.pl /td sha256 $f
|
||||
SignedUninstaller=yes
|
||||
UninstallDisplayIcon={app}\{#ExeName}.exe
|
||||
Uninstallable=true
|
||||
VersionInfoCompany={#ExeName}
|
||||
|
|
|
|||
42
build.ps1
42
build.ps1
|
|
@ -23,8 +23,19 @@
|
|||
################################################################
|
||||
|
||||
$version=$env:APPVEYOR_BUILD_VERSION
|
||||
if ( !$version ) {
|
||||
$version = "1.3.0.0"
|
||||
}
|
||||
|
||||
$buildType=$env:build_type
|
||||
if ( !$buildType ) {
|
||||
$buildType = "local"
|
||||
}
|
||||
|
||||
$gitcommit=$env:APPVEYOR_REPO_COMMIT
|
||||
if ( !$gitcommit ) {
|
||||
$gitcommit = "abcdefghijklmnopqrstuvwxy"
|
||||
}
|
||||
$gitcommit=$gitcommit.SubString(0, [math]::Min($gitcommit.Length, 7))
|
||||
$detailversion=$version + '-' + $gitcommit + " " + $buildType
|
||||
$release=(([version]$version).build) % 2 -eq 1
|
||||
|
|
@ -40,6 +51,27 @@ Function MD5($filename) {
|
|||
return [System.BitConverter]::ToString($hash) -replace "-", ""
|
||||
}
|
||||
|
||||
# Write the certificate to the file system, so signtool can use it
|
||||
Function PrepareCertificate() {
|
||||
$decodedContentBytes = [System.Convert]::FromBase64String($env:Certificate)
|
||||
$decodedContentBytes | set-content "greenshot.pfx" -encoding byte
|
||||
}
|
||||
|
||||
# Sign the file with Signtool before they are packed in the installer / .zip etc
|
||||
Function SignBinaryFilesBeforeBuildingInstaller() {
|
||||
$sourcebase = "$(get-location)\Greenshot\bin\Release"
|
||||
|
||||
$INCLUDE=@("*.exe", "*.gsp", "*.dll")
|
||||
Get-ChildItem -Path "$sourcebase" -Recurse -Include $INCLUDE | foreach {
|
||||
Write-Host "Signing $_"
|
||||
$signSha1Arguments = @('sign', '/fd ', 'sha1', '/a', '/f', "$(get-location)\Greenshot.pfx", '/p', $env:CertificatePassword, '/tr', 'http://time.certum.pl', '/td', 'sha1', $_)
|
||||
$signSha256Arguments = @('sign', '/as', '/fd ', 'sha256', '/a', '/f', "$(get-location)\Greenshot.pfx", '/p', $env:CertificatePassword, '/tr', 'http://time.certum.pl', '/td', 'sha256', $_)
|
||||
|
||||
Start-Process -wait -PassThru $env:SignTool -ArgumentList $signSha1Arguments -NoNewWindow
|
||||
Start-Process -wait -PassThru $env:SignTool -ArgumentList $signSha256Arguments -NoNewWindow
|
||||
}
|
||||
}
|
||||
|
||||
# Fill the templates
|
||||
Function FillTemplates {
|
||||
Write-Host "Filling templates for version $detailversion`n`n"
|
||||
|
|
@ -237,7 +269,8 @@ Function PackageInstaller {
|
|||
$innoSetup = "$(get-location)\packages\Tools.InnoSetup.5.5.9\tools\ISCC.exe"
|
||||
$innoSetupFile = "$(get-location)\greenshot\releases\innosetup\setup.iss"
|
||||
Write-Host "Starting $innoSetup $innoSetupFile"
|
||||
$setupResult = Start-Process -wait -PassThru "$innoSetup" -ArgumentList "$innoSetupFile" -NoNewWindow -RedirectStandardOutput "$setupOutput.log" -RedirectStandardError "$setupOutput.error"
|
||||
$arguments = @("/SSignTool=""$env:SignTool `$p""", $innoSetupFile)
|
||||
$setupResult = Start-Process -wait -PassThru "$innoSetup" -ArgumentList $arguments -NoNewWindow -RedirectStandardOutput "$setupOutput.log" -RedirectStandardError "$setupOutput.error"
|
||||
Write-Host "Log output:"
|
||||
Get-Content "$setupOutput.log"| Write-Host
|
||||
if ($setupResult.ExitCode -ne 0) {
|
||||
|
|
@ -274,9 +307,14 @@ Function TagCode {
|
|||
FillTemplates
|
||||
|
||||
echo "Generating MD5"
|
||||
|
||||
MD5Checksums | Set-Content "$(get-location)\Greenshot\bin\Release\checksum.MD5" -encoding UTF8
|
||||
|
||||
echo "Preparing certificate"
|
||||
PrepareCertificate
|
||||
|
||||
echo "Signing executables"
|
||||
SignBinaryFilesBeforeBuildingInstaller
|
||||
|
||||
echo "Generating Installer"
|
||||
PackageInstaller
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue