Windows: Use osslsigncode from PATH for signing

We were shipping a pre-built version but it only works on specific distros as it's tightly coupled to openssl. When upgrading from F34 to F35 it started segfaulting. We now rely on the version packaged by Fedora which should be installed on the host, or compiled and installed manually in PATH by users. (cherry picked from commit 8adfdd068e)
2025-12-31 05:48:35 +03:00 · 2022-05-10 10:39:42 +02:00
parent 5cbd6f9d3a
commit aca4c84831
3 changed files with 7 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
 # User-specific configuration and signing key
 config.sh
+*.pfx
 *.pkcs12

 # Generated by build scripts
--- a/build-release.sh
+++ b/build-release.sh
@@ -7,18 +7,18 @@ set -e
 # For signing keystore and password.
 source ./config.sh

-can_sign=0
-if [ ! -z "${SIGN_KEYSTORE}" ] && [ ! -z "${SIGN_PASSWORD}" ]; then
-  can_sign=1
+can_sign_windows=0
+if [ ! -z "${SIGN_KEYSTORE}" ] && [ ! -z "${SIGN_PASSWORD}" ] && [[ $(type -P "osslsigncode") ]]; then
+  can_sign_windows=1
 else
-  echo "Disabling binary signing as config.sh does not define the required data."
+  echo "Disabling Windows binary signing as config.sh does not define the required data (SIGN_KEYSTORE, SIGN_PASSWORD), or osslsigncode can't be found in PATH."
 fi

 sign_windows() {
-  if [ $can_sign == 0 ]; then
+  if [ $can_sign_windows == 0 ]; then
    return
  fi
-  ./osslsigncode -pkcs12 ${SIGN_KEYSTORE} -pass "${SIGN_PASSWORD}" -n "${SIGN_NAME}" -i "${SIGN_URL}" -t http://timestamp.comodoca.com -in $1 -out $1-signed
+  osslsigncode sign -pkcs12 ${SIGN_KEYSTORE} -pass "${SIGN_PASSWORD}" -n "${SIGN_NAME}" -i "${SIGN_URL}" -t http://timestamp.comodoca.com -in $1 -out $1-signed
  mv $1-signed $1
 }

--- a/BIN
+++ b/BIN