-
-
Notifications
You must be signed in to change notification settings - Fork 389
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
PICARD-3002: Use Azure Trusted Signing for code signing
- Loading branch information
Showing
6 changed files
with
84 additions
and
253 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
# Apply fixes to the build result | ||
|
||
Param( | ||
[ValidateScript({Test-Path $_ -PathType Container})] | ||
[String] | ||
$Path | ||
) | ||
|
||
$ErrorActionPreference = 'Stop' | ||
|
||
$InternalPath = (Join-Path -Path $Path -ChildPath _internal) | ||
# Move all Qt6 DLLs into the main folder to avoid conflicts with system wide | ||
# versions of those dependencies. Since some version PyInstaller tries to | ||
# maintain the file hierarchy of imported modules, but this easily breaks | ||
# DLL loading on Windows. | ||
# Workaround for https://tickets.metabrainz.org/browse/PICARD-2736 | ||
$Qt6Dir = (Join-Path -Path $InternalPath -ChildPath PyQt6\Qt6) | ||
Move-Item -Path (Join-Path -Path $Qt6Dir -ChildPath bin\*.dll) -Destination $Path -Force | ||
Remove-Item -Path (Join-Path -Path $Qt6Dir -ChildPath bin) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,72 +1,24 @@ | ||
# Build a MSIX app package for Windows 10 | ||
|
||
Param( | ||
[ValidateScript({ (Test-Path $_ -PathType Leaf) -or (-not $_) })] | ||
[ValidateScript({ Test-Path $_ -PathType Container })] | ||
[String] | ||
$CertificateFile, | ||
[SecureString] | ||
$CertificatePassword, | ||
[Int] | ||
$BuildNumber | ||
$PackageDir | ||
) | ||
|
||
# Errors are handled explicitly. Otherwise any output to stderr when | ||
# calling classic Windows exes causes a script error. | ||
# TODO: For PowerShell >= 7.3 use $PSNativeCommandUseErrorActionPreference = $true | ||
$ErrorActionPreference = 'Continue' | ||
$ErrorActionPreference = 'Stop' | ||
$PSNativeCommandUseErrorActionPreference = $true | ||
|
||
If (-Not $BuildNumber) { | ||
$BuildNumber = 0 | ||
} | ||
|
||
If (-Not $Certificate -And $CertificateFile) { | ||
$Certificate = Get-PfxCertificate -FilePath $CertificateFile -Password $CertificatePassword | ||
} | ||
|
||
$ScriptDirectory = Split-Path -Path $MyInvocation.MyCommand.Definition -Parent | ||
. $ScriptDirectory\win-common.ps1 -CertificateFile $CertificateFile -CertificatePassword $CertificatePassword | ||
|
||
Write-Output "Building Windows 10 app package..." | ||
|
||
# Set the publisher based on the certificate subject | ||
if ($Certificate) { | ||
$env:PICARD_APPX_PUBLISHER = $Certificate.Subject | ||
Write-Output "Publisher: $env:PICARD_APPX_PUBLISHER" | ||
} | ||
|
||
# Build | ||
Remove-Item -Path build,dist/picard,locale -Recurse -ErrorAction Ignore | ||
python setup.py clean 2>&1 | %{ "$_" } | ||
ThrowOnExeError "setup.py clean failed" | ||
python setup.py build --build-number=$BuildNumber --disable-autoupdate 2>&1 | %{ "$_" } | ||
ThrowOnExeError "setup.py build failed" | ||
python setup.py build_ext -i 2>&1 | %{ "$_" } | ||
ThrowOnExeError "setup.py build_ext -i failed" | ||
|
||
# Package application | ||
pyinstaller --noconfirm --clean picard.spec 2>&1 | %{ "$_" } | ||
ThrowOnExeError "PyInstaller failed" | ||
$PackageDir = (Resolve-Path dist\picard) | ||
FinalizePackage $PackageDir | ||
$PackageDir = (Resolve-Path $PackageDir) | ||
|
||
# Generate resource files | ||
Copy-Item appxmanifest.xml $PackageDir | ||
$PriConfigFile = (Join-Path (Resolve-Path .\build) priconfig.xml) | ||
Push-Location $PackageDir | ||
MakePri createconfig /ConfigXml $PriConfigFile /Default en-US /Overwrite | ||
ThrowOnExeError "MakePri createconfig failed" | ||
MakePri new /ProjectRoot $PackageDir /ConfigXml $PriConfigFile | ||
ThrowOnExeError "MakePri new failed" | ||
Pop-Location | ||
|
||
# Generate msix package | ||
$PicardVersion = (python -c "import picard; print(picard.__version__)") | ||
If ($CertificateFile -or $Certificate) { | ||
$PackageFile = "dist\MusicBrainz-Picard-$PicardVersion.msix" | ||
} Else { | ||
$PackageFile = "dist\MusicBrainz-Picard-$PicardVersion-unsigned.msix" | ||
} | ||
$PackageFile = "dist\MusicBrainz-Picard-${PicardVersion}_unsigned.msix" | ||
MakeAppx pack /o /h SHA256 /d $PackageDir /p $PackageFile | ||
ThrowOnExeError "MakeAppx failed" | ||
|
||
CodeSignBinary -BinaryPath $PackageFile -ErrorAction Stop |
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.