From ec1e80cf455db7aa000f5e414584891e4a2fe907 Mon Sep 17 00:00:00 2001 From: Robin Date: Mon, 15 Aug 2016 18:02:52 +0200 Subject: [PATCH] Hope this brings more details on why the signing doesn't work --- .../releases/innosetup/setup.iss.template | 4 +- build.ps1 | 38 ++++++++++++------- 2 files changed, 27 insertions(+), 15 deletions(-) diff --git a/Greenshot/releases/innosetup/setup.iss.template b/Greenshot/releases/innosetup/setup.iss.template index 459fc7525..413bb97ba 100644 --- a/Greenshot/releases/innosetup/setup.iss.template +++ b/Greenshot/releases/innosetup/setup.iss.template @@ -128,9 +128,9 @@ OutputDir=..\ PrivilegesRequired=none SetupIconFile=..\..\icons\applicationIcon\icon.ico ; Create a SHA1 signature -SignTool=SignTool sign /debug /fd sha1 /a /tr http://time.certum.pl /td sha1 $f +SignTool=SignTool sign /debug /sm /fd sha1 /tr http://time.certum.pl /td sha1 $f ; Append a SHA256 to the previous SHA1 signature (this is what as does) -SignTool=SignTool sign /debug /as /fd sha256 /a /tr http://time.certum.pl /td sha256 $f +SignTool=SignTool sign /debug /as /sm /fd sha256 /tr http://time.certum.pl /td sha256 $f SignedUninstaller=yes UninstallDisplayIcon={app}\{#ExeName}.exe Uninstallable=true diff --git a/build.ps1 b/build.ps1 index 769bb66bc..7452d87f6 100644 --- a/build.ps1 +++ b/build.ps1 @@ -56,8 +56,18 @@ Function PrepareCertificate() { $decodedContentBytes = [System.Convert]::FromBase64String($env:Certificate) $decodedContentBytes | set-content "greenshot.pfx" -encoding byte - $certutilArguments = @('-f', '-p', $env:CertificatePassword, '-importpfx', "greenshot.pfx") - Start-Process -wait -PassThru certutil -ArgumentList $certutilArguments -NoNewWindow + $certutilArguments = @('-p', $env:CertificatePassword, '-importpfx', "greenshot.pfx") + Start-Process -wait certutil -ArgumentList $certutilArguments -NoNewWindow +} + +# Sign the specify file +Function SignWithCertificate($filename) { + Write-Host "Signing $filename" + $signSha1Arguments = @('sign', '/debug', '/sm', '/fd', 'sha1' , '/tr', 'http://time.certum.pl', '/td', 'sha1' , $filename) + $signSha256Arguments = @('sign', '/debug', '/as', '/sm', '/fd', 'sha256', '/tr', 'http://time.certum.pl', '/td', 'sha256', $filename) + + Start-Process -wait $env:SignTool -ArgumentList $signSha1Arguments -NoNewWindow + Start-Process -wait $env:SignTool -ArgumentList $signSha256Arguments -NoNewWindow } # Sign the file with Signtool before they are packed in the installer / .zip etc @@ -65,13 +75,8 @@ Function SignBinaryFilesBeforeBuildingInstaller() { $sourcebase = "$(get-location)\Greenshot\bin\Release" $INCLUDE=@("*.exe", "*.gsp", "*.dll") - Get-ChildItem -Path "$sourcebase" -Recurse -Include $INCLUDE | foreach { - Write-Host "Signing $_" - $signSha1Arguments = @('sign', '/fd ', 'sha1' , '/a', '/tr', 'http://time.certum.pl', '/td', 'sha1' , $_) - $signSha256Arguments = @('sign', '/as', '/fd ', 'sha256', '/a', '/tr', 'http://time.certum.pl', '/td', 'sha256', $_) - - Start-Process -wait -PassThru $env:SignTool -ArgumentList $signSha1Arguments -NoNewWindow - Start-Process -wait -PassThru $env:SignTool -ArgumentList $signSha256Arguments -NoNewWindow + Get-ChildItem -Path "$sourcebase" -Recurse -Include $INCLUDE -Exclude "log4net.dll" | foreach { + SignWithCertificate($_) } } @@ -162,6 +167,13 @@ Function PackagePortable { } Start-Sleep -m 1500 Remove-Item "$destbase\portabletmp" -Recurse -Confirm:$false + + # sign the .paf.exe + $pafFiles = @("*.paf.exe") + Get-ChildItem -Path "$destbase" -Recurse -Include $pafFiles | foreach { + SignWithCertificate($_) + } + return } @@ -316,17 +328,17 @@ echo "Preparing certificate" PrepareCertificate echo "Signing executables" -SignBinaryFilesBeforeBuildingInstaller +#SignBinaryFilesBeforeBuildingInstaller echo "Generating Installer" -PackageInstaller +#PackageInstaller echo "Generating ZIP" -PackageZip +#PackageZip echo "Generating Portable" PackagePortable echo "Generating Debug Symbols ZIP" -PackageDbgSymbolsZip +#PackageDbgSymbolsZip