Windows: Use osslsigncode from PATH for signing

We were shipping a pre-built version but it only works on specific distros as it's tightly coupled to openssl. When upgrading from F34 to F35 it started segfaulting. We now rely on the version packaged by Fedora which should be installed on the host, or compiled and installed manually in PATH by users.
2026-01-04 02:09:44 +03:00 · 2022-05-10 10:39:42 +02:00
parent 720b0fe6c0
commit 8adfdd068e
2 changed files with 6 additions and 6 deletions
--- a/build-release.sh
+++ b/build-release.sh
@@ -7,18 +7,18 @@ set -e
 # For signing keystore and password.
 source ./config.sh

-can_sign=0
-if [ ! -z "${SIGN_KEYSTORE}" ] && [ ! -z "${SIGN_PASSWORD}" ]; then
-  can_sign=1
+can_sign_windows=0
+if [ ! -z "${SIGN_KEYSTORE}" ] && [ ! -z "${SIGN_PASSWORD}" ] && [[ $(type -P "osslsigncode") ]]; then
+  can_sign_windows=1
 else
-  echo "Disabling binary signing as config.sh does not define the required data."
+  echo "Disabling Windows binary signing as config.sh does not define the required data (SIGN_KEYSTORE, SIGN_PASSWORD), or osslsigncode can't be found in PATH."
 fi

 sign_windows() {
-  if [ $can_sign == 0 ]; then
+  if [ $can_sign_windows == 0 ]; then
    return
  fi
-  ./osslsigncode -pkcs12 ${SIGN_KEYSTORE} -pass "${SIGN_PASSWORD}" -n "${SIGN_NAME}" -i "${SIGN_URL}" -t http://timestamp.comodoca.com -in $1 -out $1-signed
+  osslsigncode sign -pkcs12 ${SIGN_KEYSTORE} -pass "${SIGN_PASSWORD}" -n "${SIGN_NAME}" -i "${SIGN_URL}" -t http://timestamp.comodoca.com -in $1 -out $1-signed
  mv $1-signed $1
 }

--- a/BIN
+++ b/BIN