github/greenshot
1
0
Fork 0
mirror of https://github.com/greenshot/greenshot synced 2025-08-19 13:10:00 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Reducing the chance a password is visible by installing the certificate locally.

Browse source
This commit is contained in:
Robin 2016-08-15 17:09:33 +02:00
commit 6b650b3eee
2 changed files with 6 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Greenshot/releases/innosetup/setup.iss.template
View file

@ -128,9 +128,9 @@ OutputDir=..\
PrivilegesRequired=none PrivilegesRequired=none
SetupIconFile=..\..\icons\applicationIcon\icon.ico SetupIconFile=..\..\icons\applicationIcon\icon.ico
; Create a SHA1 signature ; Create a SHA1 signature
SignTool=SignTool sign /debug /fd sha1 /a /f ..\..\..\Greenshot.pfx /p %CertificatePassword% /tr http://time.certum.pl /td sha1 $f SignTool=SignTool sign /debug /fd sha1 /a /tr http://time.certum.pl /td sha1 $f
; Append a SHA256 to the previous SHA1 signature (this is what as does) ; Append a SHA256 to the previous SHA1 signature (this is what as does)
SignTool=SignTool sign /as /debug /fd sha256 /a /f ..\..\..\Greenshot.pfx /p %CertificatePassword% /a /tr http://time.certum.pl /td sha256 $f SignTool=SignTool sign /debug /as /fd sha256 /a /tr http://time.certum.pl /td sha256 $f
SignedUninstaller=yes SignedUninstaller=yes
UninstallDisplayIcon={app}\{#ExeName}.exe UninstallDisplayIcon={app}\{#ExeName}.exe
Uninstallable=true Uninstallable=true

7
build.ps1
View file

@ -55,6 +55,7 @@ Function MD5($filename) {
Function PrepareCertificate() { Function PrepareCertificate() {
$decodedContentBytes = [System.Convert]::FromBase64String($env:Certificate) $decodedContentBytes = [System.Convert]::FromBase64String($env:Certificate)
$decodedContentBytes | set-content "greenshot.pfx" -encoding byte $decodedContentBytes | set-content "greenshot.pfx" -encoding byte
certutil -f -p $env:CertificatePassword -importpfx "greenshot.pfx"
} }
# Sign the file with Signtool before they are packed in the installer / .zip etc # Sign the file with Signtool before they are packed in the installer / .zip etc
@ -64,8 +65,8 @@ Function SignBinaryFilesBeforeBuildingInstaller() {
$INCLUDE=@("*.exe", "*.gsp", "*.dll") $INCLUDE=@("*.exe", "*.gsp", "*.dll")
Get-ChildItem -Path "$sourcebase" -Recurse -Include $INCLUDE | foreach { Get-ChildItem -Path "$sourcebase" -Recurse -Include $INCLUDE | foreach {
Write-Host "Signing $_" Write-Host "Signing $_"
$signSha1Arguments = @('sign', '/fd ', 'sha1', '/a', '/f', "$(get-location)\Greenshot.pfx", '/p', $env:CertificatePassword, '/tr', 'http://time.certum.pl', '/td', 'sha1', $_) $signSha1Arguments = @('sign', '/fd ', 'sha1' , '/a', '/tr', 'http://time.certum.pl', '/td', 'sha1' , $_)
$signSha256Arguments = @('sign', '/as', '/fd ', 'sha256', '/a', '/f', "$(get-location)\Greenshot.pfx", '/p', $env:CertificatePassword, '/tr', 'http://time.certum.pl', '/td', 'sha256', $_) $signSha256Arguments = @('sign', '/as', '/fd ', 'sha256', '/a', '/tr', 'http://time.certum.pl', '/td', 'sha256', $_)
Start-Process -wait -PassThru $env:SignTool -ArgumentList $signSha1Arguments -NoNewWindow Start-Process -wait -PassThru $env:SignTool -ArgumentList $signSha1Arguments -NoNewWindow
Start-Process -wait -PassThru $env:SignTool -ArgumentList $signSha256Arguments -NoNewWindow Start-Process -wait -PassThru $env:SignTool -ArgumentList $signSha256Arguments -NoNewWindow
@ -269,7 +270,7 @@ Function PackageInstaller {
$innoSetup = "$(get-location)\packages\Tools.InnoSetup.5.5.9\tools\ISCC.exe" $innoSetup = "$(get-location)\packages\Tools.InnoSetup.5.5.9\tools\ISCC.exe"
$innoSetupFile = "$(get-location)\greenshot\releases\innosetup\setup.iss" $innoSetupFile = "$(get-location)\greenshot\releases\innosetup\setup.iss"
Write-Host "Starting $innoSetup $innoSetupFile" Write-Host "Starting $innoSetup $innoSetupFile"
$arguments = @("/SSignTool=""$env:SignTool `$p""", $innoSetupFile) $arguments = @("/Qp /SSignTool=""$env:SignTool `$p""", $innoSetupFile)
$setupResult = Start-Process -wait -PassThru "$innoSetup" -ArgumentList $arguments -NoNewWindow -RedirectStandardOutput "$setupOutput.log" -RedirectStandardError "$setupOutput.error" $setupResult = Start-Process -wait -PassThru "$innoSetup" -ArgumentList $arguments -NoNewWindow -RedirectStandardOutput "$setupOutput.log" -RedirectStandardError "$setupOutput.error"
Write-Host "Log output:" Write-Host "Log output:"
Get-Content "$setupOutput.log"| Write-Host Get-Content "$setupOutput.log"| Write-Host