Merge pull request #318 from YACReader/codesign_windows_installers

Codesign windows binaries
2025-06-03 17:18:23 -04:00 · 2022-09-16 11:53:54 +02:00 · 2022-09-16 11:53:54 +02:00 · 993d1188f7
commit 993d1188f7
parent e6a8e83d2d 4fad04c441
5 changed files with 66 additions and 14 deletions
--- a/azure-pipelines-windows-template-qt6.yml
+++ b/azure-pipelines-windows-template-qt6.yml
@ -11,6 +11,9 @@ parameters:
 jobs:
 - job: ${{ parameters.name }}
  dependsOn: CodeFormatValidation
+  variables:
+  - ${{ if and(eq(variables['System.TeamFoundationCollectionUri'], 'https://dev.azure.com/luisangelsm/'), or(contains(variables['Build.SourceBranch'], 'merge'), eq(variables['Build.SourceBranch'], 'refs/heads/master'), eq(variables['Build.SourceBranch'], 'refs/heads/develop'))) }}:
+    - group: windows-codesign
  pool:
    vmImage: 'windows-2019'
  steps:
@ -38,11 +41,26 @@ jobs:
      set PATH=C:\Qt\${{ parameters.qt_version }}\${{ parameters.qt_spec }}\bin;%PATH%
      nmake check TESTARGS="-maxwarnings 100000"
    displayName: 'Run tests'
-  - script: |
-      set PATH=C:\Qt\${{ parameters.qt_version }}\${{ parameters.qt_spec }}\bin;%PATH%
-      cd $(Build.SourcesDirectory)\ci\win
-      .\create_installer.cmd ${{ parameters.architecture }} 7z $(Build.BuildNumber) qt6
-    displayName: 'Create installer'
+  - ${{ if and(eq(variables['System.TeamFoundationCollectionUri'], 'https://dev.azure.com/luisangelsm/'), or(contains(variables['Build.SourceBranch'], 'merge'), eq(variables['Build.SourceBranch'], 'refs/heads/master'), eq(variables['Build.SourceBranch'], 'refs/heads/develop'))) }}:
+    - task: DownloadSecureFile@1
+      name: pfxFile
+      displayName: 'Get the pfx file certificate'
+      inputs:
+        secureFile: 'certificate.pfx'
+  - ${{ if and(eq(variables['System.TeamFoundationCollectionUri'], 'https://dev.azure.com/luisangelsm/'), or(contains(variables['Build.SourceBranch'], 'merge'), eq(variables['Build.SourceBranch'], 'refs/heads/master'), eq(variables['Build.SourceBranch'], 'refs/heads/develop'))) }}:
+    - script: |
+        set PATH=C:\Qt\${{ parameters.qt_version }}\${{ parameters.qt_spec }}\bin;%PATH%
+        cd $(Build.SourcesDirectory)\ci\win
+        .\create_installer.cmd ${{ parameters.architecture }} 7z $(Build.BuildNumber) qt6 $(pfxFile.secureFilePath) %PASSWORD%
+      env:
+        PASSWORD: $(pfxPassword)
+      displayName: 'Create installer'
+  - ${{ else }}:
+    - script: |
+        set PATH=C:\Qt\${{ parameters.qt_version }}\${{ parameters.qt_spec }}\bin;%PATH%
+        cd $(Build.SourcesDirectory)\ci\win
+        .\create_installer.cmd ${{ parameters.architecture }} 7z $(Build.BuildNumber) qt6
+      displayName: 'Create installer'
  - task: CopyFiles@2
    inputs:
      sourceFolder: $(Build.SourcesDirectory)\ci\win\Output\
--- a/azure-pipelines-windows-template.yml
+++ b/azure-pipelines-windows-template.yml
@ -11,6 +11,9 @@ parameters:
 jobs:
 - job: ${{ parameters.name }}
  dependsOn: CodeFormatValidation
+  variables:
+  - ${{ if and(eq(variables['System.TeamFoundationCollectionUri'], 'https://dev.azure.com/luisangelsm/'), or(contains(variables['Build.SourceBranch'], 'merge'), eq(variables['Build.SourceBranch'], 'refs/heads/master'), eq(variables['Build.SourceBranch'], 'refs/heads/develop'))) }}:
+    - group: windows-codesign
  pool:
    vmImage: 'windows-2019'
  steps:
@ -38,11 +41,26 @@ jobs:
      set PATH=C:\Qt\${{ parameters.qt_version }}\${{ parameters.qt_spec }}\bin;%PATH%
      nmake check TESTARGS="-maxwarnings 100000"
    displayName: 'Run tests'
-  - script: |
-      set PATH=C:\Qt\${{ parameters.qt_version }}\${{ parameters.qt_spec }}\bin;%PATH%
-      cd $(Build.SourcesDirectory)\ci\win
-      .\create_installer.cmd ${{ parameters.architecture }} 7z $(Build.BuildNumber)
-    displayName: 'Create installer'
+  - ${{ if and(eq(variables['System.TeamFoundationCollectionUri'], 'https://dev.azure.com/luisangelsm/'), or(contains(variables['Build.SourceBranch'], 'merge'), eq(variables['Build.SourceBranch'], 'refs/heads/master'), eq(variables['Build.SourceBranch'], 'refs/heads/develop'))) }}:
+    - task: DownloadSecureFile@1
+      name: pfxFile
+      displayName: 'Get the pfx file certificate'
+      inputs:
+        secureFile: 'certificate.pfx'
+  - ${{ if and(eq(variables['System.TeamFoundationCollectionUri'], 'https://dev.azure.com/luisangelsm/'), or(contains(variables['Build.SourceBranch'], 'merge'), eq(variables['Build.SourceBranch'], 'refs/heads/master'), eq(variables['Build.SourceBranch'], 'refs/heads/develop'))) }}:
+    - script: |
+        set PATH=C:\Qt\${{ parameters.qt_version }}\${{ parameters.qt_spec }}\bin;%PATH%
+        cd $(Build.SourcesDirectory)\ci\win
+        .\create_installer.cmd ${{ parameters.architecture }} 7z $(Build.BuildNumber) qt5 $(pfxFile.secureFilePath) %PASSWORD%
+      env:
+        PASSWORD: $(pfxPassword)
+      displayName: 'Create installer'
+  - ${{ else }}:
+    - script: |
+        set PATH=C:\Qt\${{ parameters.qt_version }}\${{ parameters.qt_spec }}\bin;%PATH%
+        cd $(Build.SourcesDirectory)\ci\win
+        .\create_installer.cmd ${{ parameters.architecture }} 7z $(Build.BuildNumber) qt5
+      displayName: 'Create installer'
  - task: CopyFiles@2
    inputs:
      sourceFolder: $(Build.SourcesDirectory)\ci\win\Output\
--- a/ci/win/build_installer.iss
+++ b/ci/win/build_installer.iss
@ -15,6 +15,9 @@ SetupIconFile=setup.ico
 UninstallDisplayIcon=uninstall.ico
 ArchitecturesInstallIn64BitMode=x64
 ArchitecturesAllowed=x64
+#if CODE_SIGN == "true"
+  SignTool=signtool
+#endif

 [Registry]
 Root: HKCR; SubKey: .cbz; ValueType: string; ValueData: Comic Book (zip); Flags: uninsdeletekey; Tasks: File_association
--- a/ci/win/build_installer_qt6.iss
+++ b/ci/win/build_installer_qt6.iss
@ -15,6 +15,9 @@ SetupIconFile=setup.ico
 UninstallDisplayIcon=uninstall.ico
 ArchitecturesInstallIn64BitMode=x64
 ArchitecturesAllowed=x64
+#if CODE_SIGN == "true"
+  SignTool=signtool
+#endif

 [Registry]
 Root: HKCR; SubKey: .cbz; ValueType: string; ValueData: Comic Book (zip); Flags: uninsdeletekey; Tasks: File_association
@ -98,7 +101,7 @@ Source: "vc_redist.{#PLATFORM}.exe"; DestDir: {tmp}; Flags: deleteafterinstall
 Source: utils\7z.dll; DestDir: {app}\utils\

 ;Bin
-Source: YACReader.exe; DestDir: {app}; Permissions: everyone-full
+Source: YACReader.exe; DestDir: {app}; Permissions: everyone-full;
 Source: YACReaderLibrary.exe; DestDir: {app}; Permissions: everyone-full; Tasks:
 Source: YACReaderLibraryServer.exe; DestDir: {app}; Permissions: everyone-full; Tasks:
 
--- a/ci/win/create_installer.cmd
+++ b/ci/win/create_installer.cmd
@ -58,10 +58,20 @@ if "%1"=="x86" (
 	type copy_build_installer.iss > build_installer.iss
 )

-if "%4"=="qt6" (
-	iscc /DVERSION=%VERSION% /DPLATFORM=%1 /DCOMPRESSED_ARCHIVE_BACKEND=%2 /DBUILD_NUMBER=%3 build_installer_qt6.iss || exit /b
+echo "iscc start"
+if "%~5" == "" (
+	if "%4"=="qt6" (
+		iscc /DVERSION=%VERSION% /DPLATFORM=%1 /DCOMPRESSED_ARCHIVE_BACKEND=%2 /DBUILD_NUMBER=%3 /DCODE_SIGN=false build_installer_qt6.iss || exit /b
+	) else (
+		iscc /DVERSION=%VERSION% /DPLATFORM=%1 /DCOMPRESSED_ARCHIVE_BACKEND=%2 /DBUILD_NUMBER=%3 /DCODE_SIGN=false build_installer.iss || exit /b
+	)
 ) else (
-	iscc /DVERSION=%VERSION% /DPLATFORM=%1 /DCOMPRESSED_ARCHIVE_BACKEND=%2 /DBUILD_NUMBER=%3 build_installer.iss || exit /b
+	if "%4"=="qt6" (
+		iscc /DVERSION=%VERSION% /DPLATFORM=%1 /DCOMPRESSED_ARCHIVE_BACKEND=%2 /DBUILD_NUMBER=%3 /DCODE_SIGN=true build_installer_qt6.iss "/Ssigntool=$qC:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool\SignTool.exe$q sign /f %5 /p %6 $f" || exit /b
+	) else (
+		iscc /DVERSION=%VERSION% /DPLATFORM=%1 /DCOMPRESSED_ARCHIVE_BACKEND=%2 /DBUILD_NUMBER=%3 /DCODE_SIGN=true build_installer.iss "/Ssigntool=$qC:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool\SignTool.exe$q sign /f %5 /p %6 $f" || exit /b
+	)	
 )
+echo "iscc done!"

 cd ..