godotengine/godot-build-scripts
1
0
Fork 0
mirror of https://github.com/godotengine/godot-build-scripts.git synced 2025-12-31 05:48:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

Windows: Change code signing process to match new key

Browse Source 
(cherry picked from commit 11046692e1)
This commit is contained in:
Rémi Verschelde
2025-06-18 12:44:22 +02:00
parent 91a1c8a980
commit 208ca56437
2 changed files with 6 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
build-release.sh
View File

@@ -9,17 +9,17 @@ export basedir=$(pwd)
source ./config.sh
can_sign_windows=0
if [ ! -z "${SIGN_KEYSTORE}" ] && [ ! -z "${SIGN_PASSWORD}" ] && [[ $(type -P "osslsigncode") ]]; then
if [ ! -z "${WINDOWS_SIGN_NAME}" ] && [ ! -z "${WINDOWS_SIGN_URL}" ] && [[ $(type -P "osslsigncode") ]]; then
can_sign_windows=1
else
echo "Disabling Windows binary signing as config.sh does not define the required data (SIGN_KEYSTORE, SIGN_PASSWORD), or osslsigncode can't be found in PATH."
echo "Disabling Windows binary signing as config.sh does not define the required data (WINDOWS_SIGN_NAME, WINDOWS_SIGN_URL), or osslsigncode can't be found in PATH."
fi
sign_windows() {
if [ $can_sign_windows == 0 ]; then
return
fi
osslsigncode sign -pkcs12 ${SIGN_KEYSTORE} -pass "${SIGN_PASSWORD}" -n "${SIGN_NAME}" -i "${SIGN_URL}" -t http://timestamp.comodoca.com -in $1 -out $1-signed
P11_KIT_SERVER_ADDRESS=unix:path=/run/p11-kit/p11kit.sock osslsigncode sign -pkcs11module /usr/lib64/pkcs11/p11-kit-client.so -pkcs11cert 'pkcs11:model=SimplySign%20C' -key 'pkcs11:model=SimplySign%20C' -t http://time.certum.pl/ -n "${WINDOWS_SIGN_NAME}" -i "${WINDOWS_SIGN_URL}" -in $1 -out $1-signed
mv $1-signed $1
}

12
config.sh.in
View File

@@ -21,19 +21,13 @@ export BUILD_REVISION='custom_build'
# Default number of parallel cores for each build.
export NUM_CORES=16
# Set up your own signing keystore and relevant details below.
# Set up your own Windows signing details below.
# If you do not fill all SIGN_* fields, signing will be skipped.
# Path to pkcs12 archive.
export SIGN_KEYSTORE=''
# Password for the private key.
export SIGN_PASSWORD=''
# Name and URL of the signed application.
# Use your own when making a thirdparty build.
export SIGN_NAME=''
export SIGN_URL=''
export WINDOWS_SIGN_NAME=''
export WINDOWS_SIGN_URL=''
# Hostname or IP address of an OSX host (Needed for signing)
# eg 'user@10.1.0.10'