diff options
| author | Dan Engelbrecht <[email protected]> | 2023-12-15 04:17:44 -0500 |
|---|---|---|
| committer | GitHub <[email protected]> | 2023-12-15 10:17:44 +0100 |
| commit | d90c1f24815c036ed3f8c9e34e9aa6dcc7a000f8 (patch) | |
| tree | 51b6f0f881d378f15b577ff91a0a04c80c402b1b | |
| parent | changelog (diff) | |
| download | zen-d90c1f24815c036ed3f8c9e34e9aa6dcc7a000f8.tar.xz zen-d90c1f24815c036ed3f8c9e34e9aa6dcc7a000f8.zip | |
windows executable signing (#566)
Windows executables are now signed with official cert when creating a release
| -rw-r--r-- | .github/workflows/validate.yml | 3 | ||||
| -rw-r--r-- | CHANGELOG.md | 1 | ||||
| -rw-r--r-- | scripts/bundle.lua | 30 |
3 files changed, 31 insertions, 3 deletions
diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index bdaf672f2..0702e6fa0 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -2,6 +2,7 @@ name: Validate env: VCPKG_VERSION: 2023.07.21 XMAKE_VERSION: 2.8.2 # 2.8.3 breaks fetching of asio package on MacOS ARM + WINDOWS_SDK_VERSION: 22621 on: pull_request: @@ -96,7 +97,7 @@ jobs: - name: Bundle if: ${{ matrix.config == 'release' }} run: | - xmake bundle -v -y + xmake bundle -v -y --codesignidentity="Epic Games" env: VCPKG_ROOT: ${{ github.workspace }}/.vcpkg diff --git a/CHANGELOG.md b/CHANGELOG.md index e891b667c..b84150fbf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,6 @@ ## - Improvement: Cache RPC recording now limits duration of individual segments to 1h +- Improvement: Windows executables are now signed with official cert when creating a release ## 0.2 37 - Bugfix: ShutdownLogging code would throw an exception if it was called before everything had been initialised properly diff --git a/scripts/bundle.lua b/scripts/bundle.lua index 207122345..7294043ec 100644 --- a/scripts/bundle.lua +++ b/scripts/bundle.lua @@ -156,7 +156,7 @@ local function _find_vcpkg_binary(triple, port, binary) end -------------------------------------------------------------------------------- -local function main_windows() +local function main_windows(signidentity) import("core.base.option") zip_path = "build/zenserver-win64.zip" @@ -168,6 +168,31 @@ local function main_windows() _build("x64", false, config_args) + if signidentity == nil or signidentity == "" then + print("Skipping signing since no signidentity was given") + else + program_files_path = os.getenv("PROGRAMFILES(x86)") + signtool_path = program_files_path .. "/Windows Kits/10/App Certification Kit/signtool.exe" + if not os.isfile(signtool_path) then + raise("Failed signing, unable to locate signtool at "..signtool_path) + end + local ret = _exec(signtool_path, + "sign", + "/sm", + "/a", + "/n", + signidentity, + "/tr", + "http://timestamp.digicert.com", + "/v", + "/as", + "build/windows/x64/release/zenserver.exe", + "build/windows/x64/release/zen.exe") + if ret > 0 then + raise("Failed signing zenserver binary") + end + end + local crashpad_handler_path = _find_vcpkg_binary( "x64-windows-static", "sentry-native", @@ -272,7 +297,8 @@ import("core.base.option") function main() if is_host("windows") then - return main_windows() + signidentity = option.get("codesignidentity") + return main_windows(signidentity) end if is_host("mac") then |