3e0db567e8
- The certificate pfx file is now read from WINDOWS_CERT_PFX
- The password to decode the pfx is in WINDOWS_CERT_PASSWORD
- Quit reading from desktop-secrets repo
- Switch osslsigncode to take in pfx instead of individual certs
- 🔥 obsolete setup scripts
25 lines
552 B
Bash
Executable file
25 lines
552 B
Bash
Executable file
#!/bin/bash
|
|
set -e
|
|
|
|
EXE="$1"
|
|
|
|
if [ -z "$CERT_FILE" ]; then
|
|
echo "skipping Windows code-signing; CERT_FILE not set" >&2
|
|
exit 0
|
|
fi
|
|
|
|
if [ ! -f "$CERT_FILE" ]; then
|
|
echo "error Windows code-signing; file '$CERT_FILE' not found" >&2
|
|
exit 1
|
|
fi
|
|
|
|
if [ -z "$CERT_PASSWORD" ]; then
|
|
echo "error Windows code-signing; no value for CERT_PASSWORD" >&2
|
|
exit 1
|
|
fi
|
|
|
|
osslsigncode sign -n "GitHub CLI" -t http://timestamp.digicert.com \
|
|
-pkcs12 "$CERT_FILE" -readpass <(printf "%s" "$CERT_PASSWORD") -h sha256 \
|
|
-in "$EXE" -out "$EXE"~
|
|
|
|
mv "$EXE"~ "$EXE"
|