mirror of
https://github.com/keepassxreboot/keepassxc.git
synced 2025-01-26 06:26:11 -05:00
Update release-tool
* Use signtool instead of osslsigncode * Sign exe and dll files when building * Check full tag name * Check that snapcraft is in release build mode
This commit is contained in:
parent
fb5faf0ff5
commit
ce5cf3573a
48
release-tool
48
release-tool
@ -236,15 +236,8 @@ checkGitRepository() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
checkTagExists() {
|
|
||||||
git tag | grep -q "$TAG_NAME"
|
|
||||||
if [ $? -ne 0 ]; then
|
|
||||||
exitError "Tag '${TAG_NAME}' does not exist!"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
checkReleaseDoesNotExist() {
|
checkReleaseDoesNotExist() {
|
||||||
git tag | grep -q "$TAG_NAME"
|
git tag | grep -q "^$TAG_NAME$"
|
||||||
if [ $? -eq 0 ]; then
|
if [ $? -eq 0 ]; then
|
||||||
exitError "Release '$RELEASE_NAME' (tag: '$TAG_NAME') already exists!"
|
exitError "Release '$RELEASE_NAME' (tag: '$TAG_NAME') already exists!"
|
||||||
fi
|
fi
|
||||||
@ -325,6 +318,11 @@ checkSnapcraft() {
|
|||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
exitError "'snapcraft.yaml' has not been updated to the '${RELEASE_NAME}' release!"
|
exitError "'snapcraft.yaml' has not been updated to the '${RELEASE_NAME}' release!"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
grep -qPzo "KEEPASSXC_BUILD_TYPE=Release" snapcraft.yaml
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
exitError "'snapcraft.yaml' is not set for a release build!"
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
checkTransifexCommandExists() {
|
checkTransifexCommandExists() {
|
||||||
@ -333,12 +331,6 @@ checkTransifexCommandExists() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
checkOsslsigncodeCommandExists() {
|
|
||||||
if ! cmdExists osslsigncode; then
|
|
||||||
exitError "osslsigncode command not found on the PATH! Please install it using 'pacman -S mingw-w64-osslsigncode'."
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
checkSigntoolCommandExists() {
|
checkSigntoolCommandExists() {
|
||||||
if ! cmdExists signtool; then
|
if ! cmdExists signtool; then
|
||||||
exitError "signtool command not found on the PATH! Add the Windows SDK binary folder to your PATH."
|
exitError "signtool command not found on the PATH! Add the Windows SDK binary folder to your PATH."
|
||||||
@ -818,6 +810,10 @@ build() {
|
|||||||
shift
|
shift
|
||||||
done
|
done
|
||||||
|
|
||||||
|
if [[ ${build_appsign} && ! -f ${build_key} ]]; then
|
||||||
|
exitError "--appsign specified with invalid key file\n"
|
||||||
|
fi
|
||||||
|
|
||||||
init
|
init
|
||||||
|
|
||||||
OUTPUT_DIR="$(realpath "$OUTPUT_DIR")"
|
OUTPUT_DIR="$(realpath "$OUTPUT_DIR")"
|
||||||
@ -912,7 +908,7 @@ build() {
|
|||||||
make ${MAKE_OPTIONS} package
|
make ${MAKE_OPTIONS} package
|
||||||
|
|
||||||
# Appsign the executables if desired
|
# Appsign the executables if desired
|
||||||
if [[ ${build_appsign} && ! -z ${build_key} ]]; then
|
if [[ ${build_appsign} ]]; then
|
||||||
logInfo "Signing executable files"
|
logInfo "Signing executable files"
|
||||||
appsign "-f" "./${APP_NAME}-${RELEASE_NAME}.dmg" "-k" "${build_key}"
|
appsign "-f" "./${APP_NAME}-${RELEASE_NAME}.dmg" "-k" "${build_key}"
|
||||||
fi
|
fi
|
||||||
@ -928,9 +924,9 @@ build() {
|
|||||||
mingw32-make ${MAKE_OPTIONS} preinstall
|
mingw32-make ${MAKE_OPTIONS} preinstall
|
||||||
|
|
||||||
# Appsign the executables if desired
|
# Appsign the executables if desired
|
||||||
if [[ ${build_appsign} && ! -z ${build_key} ]]; then
|
if [[ ${build_appsign} ]]; then
|
||||||
logInfo "Signing executable files"
|
logInfo "Signing executable files"
|
||||||
appsign "-f" $(find src | grep '\.exe') "-k" "${build_key}"
|
appsign "-f" $(find src | grep -P '\.exe$|\.dll$') "-k" "${build_key}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Call cpack directly instead of calling make package.
|
# Call cpack directly instead of calling make package.
|
||||||
@ -1172,8 +1168,6 @@ appsign() {
|
|||||||
done
|
done
|
||||||
|
|
||||||
elif [ "$(uname -o)" == "Msys" ]; then
|
elif [ "$(uname -o)" == "Msys" ]; then
|
||||||
checkOsslsigncodeCommandExists
|
|
||||||
|
|
||||||
if [[ ! -f "${key}" ]]; then
|
if [[ ! -f "${key}" ]]; then
|
||||||
exitError "Key file was not found!"
|
exitError "Key file was not found!"
|
||||||
fi
|
fi
|
||||||
@ -1182,20 +1176,8 @@ appsign() {
|
|||||||
echo
|
echo
|
||||||
|
|
||||||
for f in "${sign_files[@]}"; do
|
for f in "${sign_files[@]}"; do
|
||||||
if [[ ${f: -4} == ".exe" ]]; then
|
ext=${f: -4}
|
||||||
logInfo "Signing file '${f}' using osslsigncode..."
|
if [[ $ext == ".msi" || $ext == ".exe" || $ext == ".dll" ]]; then
|
||||||
# output a signed exe; we have to use a different name due to osslsigntool limitations
|
|
||||||
osslsigncode sign -pkcs12 "${key}" -pass "${password}" -n "KeePassXC" \
|
|
||||||
-t "http://timestamp.comodoca.com/authenticode" -in "${f}" -out "${f}.signed"
|
|
||||||
|
|
||||||
if [ 0 -ne $? ]; then
|
|
||||||
rm -f "${f}.signed"
|
|
||||||
exitError "Signing failed!"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# overwrite the original exe with the signed exe
|
|
||||||
mv -f "${f}.signed" "${f}"
|
|
||||||
elif [[ ${f: -4} == ".msi" ]]; then
|
|
||||||
# Make sure we can find the signtool
|
# Make sure we can find the signtool
|
||||||
checkSigntoolCommandExists
|
checkSigntoolCommandExists
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user