From 1aa5a17451c852628ecc8c07c3d6e6779ad10dce Mon Sep 17 00:00:00 2001 From: Salah Benmoussati <51402489+sbenmoussati@users.noreply.github.com> Date: Fri, 19 Apr 2024 16:17:25 +0200 Subject: [PATCH] Update code signing process (#2126) (#2133) * Update code signing process --- scripts/build-win64.bat | 48 ++++++++++++++++++++--------------------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/scripts/build-win64.bat b/scripts/build-win64.bat index a4bf80604..7d04fbd64 100644 --- a/scripts/build-win64.bat +++ b/scripts/build-win64.bat @@ -8,6 +8,12 @@ set DISABLE_REBUILD=true set NODE_REQUIRED_VERSION=18.16.0 set SNYK_ORG=sda set SNYK_PROJECT_NAME="Symphony Desktop Application" +set SCREENSHARE_INDICATOR_PATH="node_modules\screen-share-indicator-frame\ScreenShareIndicatorFrame.exe" +set NATIVE_WINDOW_HANDLE_PATH="node_modules\symphony-native-window-handle-helper\SymphonyNativeWindowHandleHelper.exe" +set SCREEN_SNIPPET_PATH="node_modules\screen-snippet\ScreenSnippet.exe" +set SYMPHONY_EXE_PATH=%WORKSPACE%\dist\win-unpacked\Symphony.exe +set SYMPHONY_SYMVER_EXE_PATH=%WORKSPACE%\dist\Symphony-%SYMVER%-win.exe +set SYMPHONY_MSI_PATH="WixSharpInstaller\Symphony.msi" set PATH=%PATH%;C:\Program Files\nodejs\;C:\Program Files\Git\cmd echo %PATH% @@ -44,24 +50,22 @@ sed -i -e "s/\"version\"[[:space:]]*\:[[:space:]]\"\(.*\)\"/\"version\": \"\1-%P echo "Installing dependencies..." call npm install -:: Signing screen snippet and screen share indicator - -if NOT EXIST %SIGNING_FILE_PATH% ( - echo Signing failed, 'signing.bat' not found. - exit /b -1 -) - -call %SIGNING_FILE_PATH% node_modules\screen-share-indicator-frame\ScreenShareIndicatorFrame.exe - -call %SIGNING_FILE_PATH% node_modules\symphony-native-window-handle-helper\SymphonyNativeWindowHandleHelper.exe +echo "Sign screen-share indicator..." +echo %SS_FOLDER% +call smctl sign --fingerprint %DIGICERT_FINGERPRINT% --input %SCREENSHARE_INDICATOR_PATH% --tool signtool --verbose +smctl sign verify --input node_modules\screen-share-indicator-frame\ScreenShareIndicatorFrame.exe +smctl sign --tool signtool --fingerprint %DIGICERT_FINGERPRINT% --input %NATIVE_WINDOW_HANDLE_PATH% +smctl sign verify --input %NATIVE_WINDOW_HANDLE_PATH% IF %errorlevel% neq 0 ( echo "Signing failed" exit /b -1 ) -call %SIGNING_FILE_PATH% node_modules\screen-snippet\ScreenSnippet.exe +smctl sign --tool signtool --fingerprint %DIGICERT_FINGERPRINT% --input %SCREEN_SNIPPET_PATH% +smctl sign verify --input %SCREEN_SNIPPET_PATH% + IF %errorlevel% neq 0 ( echo "Signing failed" exit /b -1 @@ -85,9 +89,6 @@ call npm run unpacked-win echo "creating 64 bit msi..." -set PATH="%PATH%";C:\Program Files\nodejs\ -echo %PATH% - call node -e "console.log(require('./package.json').version);" > version.txt set /p baseVer=