build: don't hardcode Windows certificate password
Use a file for the Windows code-signing certificate instead of hardcoding it into the CMake code. Update the developer manual with instructions on where to put the Windows code-signing certificate and the file containing the password for it. Signed-off-by: Rafael Kitover <rkitover@gmail.com>
This commit is contained in:
parent
7fa90531e6
commit
4e2799b582
|
@ -212,6 +212,10 @@ and tags.
|
||||||
Make sure you have set up a Windows code signing certificate with the right
|
Make sure you have set up a Windows code signing certificate with the right
|
||||||
password and a Mac 'Developer ID Application' certificate.
|
password and a Mac 'Developer ID Application' certificate.
|
||||||
|
|
||||||
|
Put the Windows certificate into `~/.codesign/windows_comodo.pkcs12` as a PKCS12
|
||||||
|
file that is password protected, and put the password for it into
|
||||||
|
`~/.codesign/windows_comodo.pkcs12.password`.
|
||||||
|
|
||||||
#### Release Commit and Tag
|
#### Release Commit and Tag
|
||||||
|
|
||||||
Once you are sure you're ready to release, and you are in a git clone on master
|
Once you are sure you're ready to release, and you are in a git clone on master
|
||||||
|
|
|
@ -788,7 +788,7 @@ endif()
|
||||||
if(UPSTREAM_RELEASE AND WIN32)
|
if(UPSTREAM_RELEASE AND WIN32)
|
||||||
set(home "$ENV{HOME}")
|
set(home "$ENV{HOME}")
|
||||||
|
|
||||||
if((MSVC OR NOT CMAKE_CROSSCOMPILING) AND NOT DEFINED ENV{MSYSTEM_PREFIX})
|
if(NOT home OR ((MSVC OR NOT CMAKE_CROSSCOMPILING) AND NOT DEFINED ENV{MSYSTEM_PREFIX}))
|
||||||
set(home "$ENV{USERPROFILE}")
|
set(home "$ENV{USERPROFILE}")
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
|
@ -796,8 +796,9 @@ if(UPSTREAM_RELEASE AND WIN32)
|
||||||
string(REGEX REPLACE "\\\\" "/" home "${home}")
|
string(REGEX REPLACE "\\\\" "/" home "${home}")
|
||||||
|
|
||||||
set(cert "${home}/.codesign/windows_comodo.pkcs12")
|
set(cert "${home}/.codesign/windows_comodo.pkcs12")
|
||||||
|
file(STRINGS "${home}/.codesign/windows_comodo.pkcs12.password" cert_password)
|
||||||
|
|
||||||
if(EXISTS "${cert}")
|
if(EXISTS "${cert}" AND cert_password)
|
||||||
find_program(OSSLSIGNCODE_PROGRAM osslsigncode)
|
find_program(OSSLSIGNCODE_PROGRAM osslsigncode)
|
||||||
find_program(SIGNTOOL_PROGRAM signtool)
|
find_program(SIGNTOOL_PROGRAM signtool)
|
||||||
|
|
||||||
|
@ -806,7 +807,7 @@ if(UPSTREAM_RELEASE AND WIN32)
|
||||||
TARGET visualboyadvance-m
|
TARGET visualboyadvance-m
|
||||||
POST_BUILD
|
POST_BUILD
|
||||||
COMMAND ${CMAKE_COMMAND} -E rename visualboyadvance-m.exe visualboyadvance-m-unsigned.exe
|
COMMAND ${CMAKE_COMMAND} -E rename visualboyadvance-m.exe visualboyadvance-m-unsigned.exe
|
||||||
COMMAND ${OSSLSIGNCODE_PROGRAM} sign -pkcs12 ${cert} -pass "vbam3!13" -t http://timestamp.digicert.com -n visualboyadvance-m -i https://github.com/visualboyadvance-m/visualboyadvance-m -in visualboyadvance-m-unsigned.exe -out visualboyadvance-m.exe
|
COMMAND ${OSSLSIGNCODE_PROGRAM} sign -pkcs12 ${cert} -pass "${cert_password}" -t http://timestamp.digicert.com -n visualboyadvance-m -i https://github.com/visualboyadvance-m/visualboyadvance-m -in visualboyadvance-m-unsigned.exe -out visualboyadvance-m.exe
|
||||||
WORKING_DIRECTORY ${CMAKE_BINARY_DIR}
|
WORKING_DIRECTORY ${CMAKE_BINARY_DIR}
|
||||||
)
|
)
|
||||||
elseif(SIGNTOOL_PROGRAM)
|
elseif(SIGNTOOL_PROGRAM)
|
||||||
|
@ -814,7 +815,7 @@ if(UPSTREAM_RELEASE AND WIN32)
|
||||||
TARGET visualboyadvance-m
|
TARGET visualboyadvance-m
|
||||||
POST_BUILD
|
POST_BUILD
|
||||||
COMMAND ${CMAKE_COMMAND} -E copy visualboyadvance-m.exe visualboyadvance-m-unsigned.exe
|
COMMAND ${CMAKE_COMMAND} -E copy visualboyadvance-m.exe visualboyadvance-m-unsigned.exe
|
||||||
COMMAND ${SIGNTOOL_PROGRAM} sign /f ${cert} /fd certHash /td certHash /p "vbam3!13" /tr http://timestamp.digicert.com /du https://github.com/visualboyadvance-m/visualboyadvance-m /a visualboyadvance-m.exe
|
COMMAND ${SIGNTOOL_PROGRAM} sign /f ${cert} /fd certHash /td certHash /p "${cert_password}" /tr http://timestamp.digicert.com /du https://github.com/visualboyadvance-m/visualboyadvance-m /a visualboyadvance-m.exe
|
||||||
WORKING_DIRECTORY ${CMAKE_BINARY_DIR}
|
WORKING_DIRECTORY ${CMAKE_BINARY_DIR}
|
||||||
)
|
)
|
||||||
endif()
|
endif()
|
||||||
|
|
Loading…
Reference in New Issue