From 58f9d66fbe63de3d9079d9f0ecbd1b224f2350f2 Mon Sep 17 00:00:00 2001 From: Kien Nguyen Date: Sat, 17 Aug 2024 19:55:46 -0700 Subject: [PATCH] sign msix package --- .github/workflows/build.yml | 1 + certs/emacs-cert.pfx | Bin 0 -> 2726 bytes emacs-build.sh | 6 ++++-- scripts/create_msix.ps1 | 15 ++++++++------- 4 files changed, 13 insertions(+), 9 deletions(-) create mode 100644 certs/emacs-cert.pfx diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c914e32..20b8192 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -70,6 +70,7 @@ jobs: MSYS2_DIR: C:\msys64 EMACS_REPO: ${{ needs.prepare_env.outputs.repo }} EMACS_PKG_VERSION: ${{ needs.prepare_env.outputs.pkg_version }} + EMACS_CERT_SECRET: ${{ secrets.EMACS_CERT_SECRET }} defaults: run: diff --git a/certs/emacs-cert.pfx b/certs/emacs-cert.pfx new file mode 100644 index 0000000000000000000000000000000000000000..10892d70cf4cf2cd56484807f9aa8257ba733ee5 GIT binary patch literal 2726 zcmZXUc{tQvAI5((W-MbjCR<9z$ivVe+epY3!h|esgG9=bWn^s``@R&}%~&F2No32! zSSuk}!`QMf+0r8OPF>IYJlA`@*SYTRIp=eq^F8OU8$*QUfk8|dBJ3(Nn{@cu@I6it z3y4I7nL&s!V+JhXj3m!&!&y~NSX4|#fqQUk2^fu`Mi1yRD<=~2`XDwwBwY4T8b4A@xN5Ki;oH!Urm^9U(x>ip zTa}+Nm`7Kp1S9|At{MUUh zbu6xxUC}*E+3{Syxy671n*suBC{7kEK$~qk`lQmrq_^XvPDJO`;4&qnyXhA!uEyf? z8dxllgxK>yKEl;%v4j#JP)F&nZm%rcRak*Pa@u*Sq?X#O44mByqzy;k++gCjP^ zmhTKp&ijX%oc!;`up#)HhKoBAtT~fGCi5P9#%fz%YvbiH4tQMJX zyPfaplc4dWF`Jrjk>-hX%v@Z6o)IqDlXJ)Yzy?FMZIDrSh{~&XpvkX-5TEPJKn=2A zsj03`ZQ`D7T&x%%T7#x|zdxf^K_98_p?K%)G)0&4@RC)+U2mat7)i1?ns5EaUIV8( z2vaJK9y(jUv6i+v+1y;<#Mk;bq_^RLfc4$QEupp^GnIs=>R<~r%k2rP*s4I91Dng2 zSDKj-&#Nbm_A7Ak`%vGD{&}Kk|0gTXs-iDe_xgX7KQ=bcqnY^4e09w&O$mz7;=V-r zc9b)iFspatG9S^o16wk#A5^(jcXFXn*5@dq-)ehS1~y+(1kS!??Eo?;o$!DN?U`S2 zFA2gbyhAtb*N7%tzRt?JHIarNJ@CnhDnaHJOkcf=t$d)!L0>Km zr5OgY5^;vL5F@2VCu^k)tJ=yU+o`ee)$FRGtq5E^qPC910S_6Oc#T}8^lfO(u=|bz zZKr;6X!~5fm(542E5Pv`qt^#`k?IxN@CpVW=ans9s`4|JQh^hE!B@gvN$LejFJ-;lrGvZo5-KEq1_Gd`hBo~0Y)!E!+ zsbUyG4_p$F^V`>zzl*1%xumRRC9gn5;O|%GiqA@(|hjKW{yudhur8 z+|0fbsxi0S=qUrdG}zIW*-jbWRqpq{F;#HJ?<>{KhWTz;uTK`$VR1yz?-D%8|e|+IZ3H-ZAOH)bW(P z4%d~gYjJZf+;r_+oBM+y9OYX%;=S`vph47}KB!)GM5lC zw;zwjOD2t>c7KeanyFq)4@;MvjAKs)oQ% zrt*W&e>FfbK&Jp@#e25Bcr*UwvO`GMsFGYJ=%OJxk1bae4wQ){49m z@?DwpjoW}E5~a#5!oK$_{nz11Ez5i^`F3IZp-Qwzi|-dff9LXKKNF)DX?pfT4M#(Eaj^ zW458LPW$;6Bo|1jln1>h-VB=cvY#m6Ujhz|-x*Qv+(A9j z)1?PK&t%L9byBSUdE`DYYA;)`RSa5h|kLHW5fc$$sk+ZRSsFo$T(@ z3+dZp?s&OF-;O1DCk;0{)vKq^i!ify1QQHMx5U{nlpEzNTiR_OLi0o^r+29uUGqq^ zbT)sqo#??Bc4z7dtQ7UW)Vf%=942BasPf&Vt-DBbZjA4+sYSnwMic3$DHHMzf<#MS z$QcA9197O@6`Q2@6_OJ=3o@Y^3luA!^u2ufpns^e>72LJrblUM77@F<4x#kRK~`;&^ZU;P!J;eF&;lvM^N~l_Bbc%VDExjZ)P_*B^zo?i_f= z8@HRsRlY2%dbdh$;@m9H--{d2a!qB^l<2V@GQwYoh;Yx16KLFOr2^mqcc(Mj0TC^e z!l$K-H?uG>yF3D?MK*_FGrVUtLFSNRt-(h9Ua8#1-Byl5A#tLz*Ib^Xy{d)OBLD)n zJx*s)>OXIUQO6v`urNbqxR}7g5dOUka_{OFAGI6DMxBOlYPV72(BB~Z;{~z&Q}j;! T>?$r!DP^D>I(tFrcX0d%VI0cb literal 0 HcmV?d00001 diff --git a/emacs-build.sh b/emacs-build.sh index 737b069..b83720d 100644 --- a/emacs-build.sh +++ b/emacs-build.sh @@ -345,9 +345,11 @@ function action5_package_all () pkg_version="${EMACS_PKG_VERSION:-0.0.0.0}" dist_file=`cygpath -w "$emacs_build_root/zips/${emacs_pkg_prefix}.msix"` script_file=`cygpath -w "$emacs_build_root/scripts/create_msix.ps1"` + cert_file=`cygpath -w "$emacs_build_root/certs/emacs-cert.pfx"` + secret="${EMACS_CERT_SECRET:-cert!emacs}" - echo Creating $dist_file package with version $pkg_version and manifest $man_file - powershell.exe -nop -ex bypass -c "& {$script_file -m $man_file -v $pkg_version -d . -p $dist_file}" + echo Creating $dist_file package with version $pkg_version + powershell.exe -nop -ex bypass -c "& {$script_file -m $man_file -v $pkg_version -d . -p $dist_file -c $cert_file -s $secret}" else echo Creating zip package zip -9 -r "${emacs_distfile}" * diff --git a/scripts/create_msix.ps1 b/scripts/create_msix.ps1 index f348fb2..fcc11d8 100644 --- a/scripts/create_msix.ps1 +++ b/scripts/create_msix.ps1 @@ -4,17 +4,18 @@ param( [string] $manifesTemplate, [string] $version, [string] $directory, - [string] $package + [string] $package, + [string] $cert, + [string] $secret ) # create a manifest file $content = [System.IO.File]::ReadAllText($manifesTemplate).Replace("{{version}}", $version) [System.IO.File]::WriteAllText("$directory\AppxManifest.xml", $content) +$msixcli = if ($env:MSIXHeroCLI) { $env:MSIXHeroCLI } else { "MSIXHeroCLI.exe" } # create the msix package -if ($env:MSIXHeroCLI) { - &$env:MSIXHeroCLI pack -d $directory -p $package -} -else { - MSIXHeroCLI.exe pack -d $directory -p $package -} +& $msixcli pack -d $directory -p $package + +# sign the msix package +& $msixcli sign -f $cert -p $secret -t "http://timestamp.comodoca.com" "$package"