File: sign-windows-executable.sh

package info (click to toggle)
gh 2.23.0%2Bdfsg1-1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 18,040 kB
  • sloc: asm: 6,813; ansic: 258; sh: 100; makefile: 96
file content (25 lines) | stat: -rwxr-xr-x 552 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
#!/bin/bash
set -e

EXE="$1"

if [ -z "$CERT_FILE" ]; then
  echo "skipping Windows code-signing; CERT_FILE not set" >&2
  exit 0
fi

if [ ! -f "$CERT_FILE" ]; then
  echo "error Windows code-signing; file '$CERT_FILE' not found" >&2
  exit 1
fi

if [ -z "$CERT_PASSWORD" ]; then
  echo "error Windows code-signing; no value for CERT_PASSWORD" >&2
  exit 1
fi

osslsigncode sign -n "GitHub CLI" -t http://timestamp.digicert.com \
  -pkcs12 "$CERT_FILE" -readpass <(printf "%s" "$CERT_PASSWORD") -h sha256 \
  -in "$EXE" -out "$EXE"~

mv "$EXE"~ "$EXE"