Skip to content

Commit 3656b82

Browse files
achow101achow101
committed
contrib: Sign all Windows binaries too
1 parent 31d3254 commit 3656b82

File tree

2 files changed

+19
-9
lines changed

2 files changed

+19
-9
lines changed

contrib/windeploy/detached-sig-create.sh

Lines changed: 18 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -8,9 +8,9 @@ if [ -z "$OSSLSIGNCODE" ]; then
88
OSSLSIGNCODE=osslsigncode
99
fi
1010

11-
if [ -z "$1" ]; then
12-
echo "usage: $0 <osslcodesign args>"
13-
echo "example: $0 -key codesign.key"
11+
if [ "$#" -ne 1 ]; then
12+
echo "usage: $0 <path to key>"
13+
echo "example: $0 codesign.key"
1414
exit 1
1515
fi
1616

@@ -22,12 +22,22 @@ OUTSUBDIR="${OUTDIR}/win"
2222
TIMESERVER=http://timestamp.comodoca.com
2323
CERTFILE="win-codesign.cert"
2424

25+
stty -echo
26+
printf "Enter the passphrase for %s: " "$1"
27+
read cs_key_pass
28+
printf "\n"
29+
stty echo
30+
31+
2532
mkdir -p "${OUTSUBDIR}"
26-
# shellcheck disable=SC2046
27-
basename -a $(ls -1 "${SRCDIR}"/*-unsigned.exe) | while read UNSIGNED; do
28-
echo Signing "${UNSIGNED}"
29-
"${OSSLSIGNCODE}" sign -certs "${CERTFILE}" -t "${TIMESERVER}" -h sha256 -in "${SRCDIR}/${UNSIGNED}" -out "${WORKDIR}/${UNSIGNED}" "$@"
30-
"${OSSLSIGNCODE}" extract-signature -pem -in "${WORKDIR}/${UNSIGNED}" -out "${OUTSUBDIR}/${UNSIGNED}.pem" && rm "${WORKDIR}/${UNSIGNED}"
33+
find ${SRCDIR} -wholename "*.exe" -type f -exec realpath --relative-to=. {} \; | while read -r bin
34+
do
35+
echo Signing "${bin}"
36+
bin_base="$(realpath --relative-to=${SRCDIR} "${bin}")"
37+
mkdir -p "$(dirname ${WORKDIR}/"${bin_base}")"
38+
"${OSSLSIGNCODE}" sign -certs "${CERTFILE}" -t "${TIMESERVER}" -h sha256 -in "${bin}" -out "${WORKDIR}/${bin_base}" -key "$1" -pass "${cs_key_pass}"
39+
mkdir -p "$(dirname ${OUTSUBDIR}/"${bin_base}")"
40+
"${OSSLSIGNCODE}" extract-signature -pem -in "${WORKDIR}/${bin_base}" -out "${OUTSUBDIR}/${bin_base}.pem" && rm "${WORKDIR}/${bin_base}"
3141
done
3242

3343
rm -f "${OUT}"

doc/release-process.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -174,7 +174,7 @@ In the `guix-build-${VERSION}/output/x86_64-apple-darwin` and `guix-build-${VERS
174174
In the `guix-build-${VERSION}/output/x86_64-w64-mingw32` directory:
175175

176176
tar xf bitcoin-${VERSION}-win64-codesigning.tar.gz
177-
./detached-sig-create.sh -key /path/to/codesign.key
177+
./detached-sig-create.sh /path/to/codesign.key
178178
Enter the passphrase for the key when prompted
179179
signature-win.tar.gz will be created
180180

0 commit comments

Comments
 (0)