Retropex/bitcoin
1
0
Fork 0
mirror of https://github.com/Retropex/bitcoin.git synced 2025-05-12 19:20:42 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

contrib: Sign all Windows binaries too

Browse Source
This commit is contained in:
Ava Chow 2024-12-02 17:17:19 -05:00
parent 31d325464d
commit 3656b828dc
2 changed files with 19 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
contrib/windeploy/detached-sig-create.sh
View File

@ -8,9 +8,9 @@ if [ -z "$OSSLSIGNCODE" ]; then
OSSLSIGNCODE=osslsigncode OSSLSIGNCODE=osslsigncode
fi fi
if [ -z "$1" ]; then if [ "$#" -ne 1 ]; then
echo "usage: $0 <osslcodesign args>" echo "usage: $0 <path to key>"
echo "example: $0 -key codesign.key" echo "example: $0 codesign.key"
exit 1 exit 1
fi fi
@ -22,12 +22,22 @@ OUTSUBDIR="${OUTDIR}/win"
TIMESERVER=http://timestamp.comodoca.com TIMESERVER=http://timestamp.comodoca.com
CERTFILE="win-codesign.cert" CERTFILE="win-codesign.cert"
stty -echo
printf "Enter the passphrase for %s: " "$1"
read cs_key_pass
printf "\n"
stty echo
mkdir -p "${OUTSUBDIR}" mkdir -p "${OUTSUBDIR}"
# shellcheck disable=SC2046 find ${SRCDIR} -wholename "*.exe" -type f -exec realpath --relative-to=. {} \; | while read -r bin
basename -a $(ls -1 "${SRCDIR}"/*-unsigned.exe) | while read UNSIGNED; do do
echo Signing "${UNSIGNED}" echo Signing "${bin}"
"${OSSLSIGNCODE}" sign -certs "${CERTFILE}" -t "${TIMESERVER}" -h sha256 -in "${SRCDIR}/${UNSIGNED}" -out "${WORKDIR}/${UNSIGNED}" "$@" bin_base="$(realpath --relative-to=${SRCDIR} "${bin}")"
"${OSSLSIGNCODE}" extract-signature -pem -in "${WORKDIR}/${UNSIGNED}" -out "${OUTSUBDIR}/${UNSIGNED}.pem" && rm "${WORKDIR}/${UNSIGNED}" mkdir -p "$(dirname ${WORKDIR}/"${bin_base}")"
"${OSSLSIGNCODE}" sign -certs "${CERTFILE}" -t "${TIMESERVER}" -h sha256 -in "${bin}" -out "${WORKDIR}/${bin_base}" -key "$1" -pass "${cs_key_pass}"
mkdir -p "$(dirname ${OUTSUBDIR}/"${bin_base}")"
"${OSSLSIGNCODE}" extract-signature -pem -in "${WORKDIR}/${bin_base}" -out "${OUTSUBDIR}/${bin_base}.pem" && rm "${WORKDIR}/${bin_base}"
done done
rm -f "${OUT}" rm -f "${OUT}"

2
doc/release-process.md
View File

@ -174,7 +174,7 @@ In the `guix-build-${VERSION}/output/x86_64-apple-darwin` and `guix-build-${VERS
In the `guix-build-${VERSION}/output/x86_64-w64-mingw32` directory: In the `guix-build-${VERSION}/output/x86_64-w64-mingw32` directory:
tar xf bitcoin-${VERSION}-win64-codesigning.tar.gz tar xf bitcoin-${VERSION}-win64-codesigning.tar.gz
./detached-sig-create.sh -key /path/to/codesign.key ./detached-sig-create.sh /path/to/codesign.key
Enter the passphrase for the key when prompted Enter the passphrase for the key when prompted
signature-win.tar.gz will be created signature-win.tar.gz will be created