From b457c8c1fa0e8f5f4e78c55acb734875056986a1 Mon Sep 17 00:00:00 2001 From: Janek Bevendorff Date: Thu, 14 Dec 2017 18:17:43 +0100 Subject: [PATCH] Replace signtool with osslsigncode --- release-tool | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/release-tool b/release-tool index a8d4a7a84..434547fc3 100755 --- a/release-tool +++ b/release-tool @@ -303,10 +303,10 @@ checkTransifexCommandExists() { fi } -checkSigntoolCommandExists() { - command -v signtool > /dev/null +checkOsslsigncodeCommandExists() { + command -v osslsigncode > /dev/null if [ 0 -ne $? ]; then - exitError "signtool command not found on the PATH! Please check that you have correctly installed the Windows SDK." + exitError "osslsigncode command not found on the PATH! Please install it using 'pacman -S mingw-w64-osslsigncode'." fi } @@ -851,7 +851,7 @@ appsign() { exit 1 fi - checkSigntoolCommandExists + checkOsslsigncodeCommandExists if [[ ! -f "${signtool_key}" ]]; then exitError "Key file was not found!" @@ -862,12 +862,18 @@ appsign() { for f in "${sign_files[@]}"; do if [[ ${f: -4} == '.exe' ]]; then - logInfo "Signing file '${f}' using signtool..." - signtool sign -f "${signtool_key}" -p "${password}" -v -t "http://timestamp.comodoca.com/authenticode" "${f}" + logInfo "Signing file '${f}' using osslsigncode..." + # output a signed exe; we have to use a different name due to osslsigntool limitations + osslsigncode sign -pkcs12 "${signtool_key}" -pass "${password}" \ + -t "http://timestamp.comodoca.com/authenticode" -in "${f}" -out "${f}.signed" if [ 0 -ne $? ]; then + rm -f "${f}.signed" exitError "Signing failed!" fi + + # overwrite the original exe with the signed exe + mv -f "${f}.signed" "${f}" else logInfo "Skipping non-EXE file '${f}'..." fi