mirror of https://github.com/coder/coder.git
36 lines
1.1 KiB
Bash
Executable File
36 lines
1.1 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
# This script signs the provided windows binary with an Extended Validation
|
|
# code signing certificate.
|
|
#
|
|
# Usage: ./sign_windows.sh path/to/binary
|
|
#
|
|
# On success, the input file will be signed using the EV cert.
|
|
#
|
|
# Depends on the jsign utility (and thus Java). Requires the following environment variables
|
|
# to be set:
|
|
# - $JSIGN_PATH: The path to the jsign jar.
|
|
# - $EV_KEYSTORE: The name of the keyring containing the private key
|
|
# - $EV_KEY: The name of the key.
|
|
# - $EV_CERTIFICATE_PATH: The path to the certificate.
|
|
# - $EV_TSA_URL: The url of the timestamp server to use.
|
|
|
|
set -euo pipefail
|
|
# shellcheck source=scripts/lib.sh
|
|
source "$(dirname "${BASH_SOURCE[0]}")/lib.sh"
|
|
|
|
# Check dependencies
|
|
dependencies java
|
|
requiredenvs JSIGN_PATH EV_KEYSTORE EV_KEY EV_CERTIFICATE_PATH EV_TSA_URL GCLOUD_ACCESS_TOKEN
|
|
|
|
java -jar "$JSIGN_PATH" \
|
|
--storetype GOOGLECLOUD \
|
|
--storepass "$GCLOUD_ACCESS_TOKEN" \
|
|
--keystore "$EV_KEYSTORE" \
|
|
--alias "$EV_KEY" \
|
|
--certfile "$EV_CERTIFICATE_PATH" \
|
|
--tsmode RFC3161 \
|
|
--tsaurl "$EV_TSA_URL" \
|
|
"$@" \
|
|
1>&2
|