chore: debugging windows code signing

momentohq · Mar 26, 2024 · 2689762 · 2689762
1 parent 72a7247
commit 2689762
Showing 1 changed file with 79 additions and 74 deletions.
diff --git a/.github/workflows/execute-release.yml b/.github/workflows/execute-release.yml
@@ -255,36 +255,36 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
-      - name: Install protoc
-        run: choco install protoc
-
-      - name: Setup Python
-        uses: actions/setup-python@v2
-        with:
-          python-version: "3.x"
-
-      - uses: actions-rs/toolchain@v1
-        with:
-          toolchain: stable
-          components: rustfmt
-          override: true
+#      - name: Install protoc
+#        run: choco install protoc
+#
+#      - name: Setup Python
+#        uses: actions/setup-python@v2
+#        with:
+#          python-version: "3.x"
+#
+#      - uses: actions-rs/toolchain@v1
+#        with:
+#          toolchain: stable
+#          components: rustfmt
+#          override: true
 
       - name: Show Cargo Version
         run: |
           cat Cargo.toml
         shell: bash
 
-      - name: Build
-        id: build
-        env:
-          VERSION: ${{ needs.release.outputs.version }}
-        run: |
-          rustup target add x86_64-pc-windows-gnu
-          cargo build --release --target x86_64-pc-windows-gnu
-
-          echo "::set-output name=momento_binary_path::.\target\x86_64-pc-windows-gnu\release\momento.exe"
-          $distributableFile64Prefix = "momento-cli-$env:VERSION.windows_x64"
-          echo "::set-output name=distributable_file_prefix::$distributableFile64Prefix"
+#      - name: Build
+#        id: build
+#        env:
+#          VERSION: ${{ needs.release.outputs.version }}
+#        run: |
+#          rustup target add x86_64-pc-windows-gnu
+#          cargo build --release --target x86_64-pc-windows-gnu
+#
+#          echo "::set-output name=momento_binary_path::.\target\x86_64-pc-windows-gnu\release\momento.exe"
+#          $distributableFile64Prefix = "momento-cli-$env:VERSION.windows_x64"
+#          echo "::set-output name=distributable_file_prefix::$distributableFile64Prefix"
 
       - name: Write client auth certificate file
         id: write_client_auth_cert
@@ -296,53 +296,53 @@ jobs:
           Set-Content $p12Path -Value $encodedBytes -AsByteStream;
           echo "p12_path=$p12Path" >> $ENV:GITHUB_OUTPUT
 
-      - name: Download digicert smtools
-        env:
-          SM_API_KEY: ${{ secrets.CODE_SIGNING_API_KEY }}
-        run: |
-          curl -X GET  https://one.digicert.com/signingmanager/api-ui/v1/releases/smtools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o smtools-windows-x64.msi
-        shell: cmd
-
-      - name: Install digicert smtools
-        run: |
-          $procMain = Start-Process "msiexec" "/i smtools-windows-x64.msi /qn /l*! msi_install.log" -NoNewWindow -PassThru
-          echo $null >> msi_install.log
-          $procLog = Start-Process "powershell" "Get-Content -Path msi_install.log -Wait" -NoNewWindow -PassThru
-          $procMain.WaitForExit()
-          $procLog.Kill()
-        shell: powershell
-
-      - name: Add digicert tools to path
-        run: |
-          echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH
-          echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" >> $GITHUB_PATH
-          echo "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools" >> $GITHUB_PATH
-        shell: bash
-
-      - name: Check path
-        run: |
-          echo %path%
-        shell: cmd
-
-      - name: List digicert dir
-        run: |
-          dir "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools"
-        shell: cmd
-
-      - name: Verify KSP Registration
-        env:
-          SM_HOST: ${{ secrets.CODE_SIGNING_HOST }}
-          SM_API_KEY: ${{ secrets.CODE_SIGNING_API_KEY }}
-          SM_CLIENT_CERT_FILE: "${{ steps.write_client_auth_cert.outputs.p12_path }}"
-          SM_CLIENT_CERT_PASSWORD: ${{ secrets.CODE_SIGNING_CERT_PASSWORD }}
-        run: |
-          dir
-          smksp_registrar.exe list
-          smctl.exe keypair ls
-          C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user
-          smksp_cert_sync.exe
-          smctl healthcheck
-        shell: cmd
+#      - name: Download digicert smtools
+#        env:
+#          SM_API_KEY: ${{ secrets.CODE_SIGNING_API_KEY }}
+#        run: |
+#          curl -X GET  https://one.digicert.com/signingmanager/api-ui/v1/releases/smtools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o smtools-windows-x64.msi
+#        shell: cmd
+#
+#      - name: Install digicert smtools
+#        run: |
+#          $procMain = Start-Process "msiexec" "/i smtools-windows-x64.msi /qn /l*! msi_install.log" -NoNewWindow -PassThru
+#          echo $null >> msi_install.log
+#          $procLog = Start-Process "powershell" "Get-Content -Path msi_install.log -Wait" -NoNewWindow -PassThru
+#          $procMain.WaitForExit()
+#          $procLog.Kill()
+#        shell: powershell
+#
+#      - name: Add digicert tools to path
+#        run: |
+#          echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH
+#          echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" >> $GITHUB_PATH
+#          echo "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools" >> $GITHUB_PATH
+#        shell: bash
+#
+#      - name: Check path
+#        run: |
+#          echo %path%
+#        shell: cmd
+#
+#      - name: List digicert dir
+#        run: |
+#          dir "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools"
+#        shell: cmd
+#
+#      - name: Verify KSP Registration
+#        env:
+#          SM_HOST: ${{ secrets.CODE_SIGNING_HOST }}
+#          SM_API_KEY: ${{ secrets.CODE_SIGNING_API_KEY }}
+#          SM_CLIENT_CERT_FILE: "${{ steps.write_client_auth_cert.outputs.p12_path }}"
+#          SM_CLIENT_CERT_PASSWORD: ${{ secrets.CODE_SIGNING_CERT_PASSWORD }}
+#        run: |
+#          dir
+#          smksp_registrar.exe list
+#          smctl.exe keypair ls
+#          C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user
+#          smksp_cert_sync.exe
+#          smctl healthcheck
+#        shell: cmd
 
       - name: Test and cache signtool path
         id: signtool
@@ -400,11 +400,16 @@ jobs:
       - name: Sign installer
         env:
           SIGNTOOL_PATH: ${{ steps.signtool.outputs.signtool_path }}
-          CERT_PATH: ${{ steps.write_pfx.outputs.pfx_path }}
-          CERT_PASSWORD: ${{ secrets.CODE_SIGNING_CERT_PASSWORD }}
           MSI_PATH: ${{ steps.build_installer.outputs.asset_path }}
+          SM_HOST: ${{ secrets.CODE_SIGNING_HOST }}
+          SM_API_KEY: ${{ secrets.CODE_SIGNING_API_KEY }}
+          SM_CLIENT_CERT_FILE: "${{ steps.write_client_auth_cert.outputs.p12_path }}"
+          SM_CLIENT_CERT_PASSWORD: ${{ secrets.CODE_SIGNING_CERT_PASSWORD }}
         run: |
-          & $env:SIGNTOOL_PATH sign /fd SHA256 /a /f $env:CERT_PATH /p $env:CERT_PASSWORD /tr http://timestamp.digicert.com /td SHA256 $env:MSI_PATH
+          echo "HERE IS THE SIGNTOOL PATH:"
+          echo $env:SIGNTOOL_PATH
+          "$env:SIGNTOOL_PATH" sign /sha1 ${{ secrets.CODE_SIGNING_CERT_SHA1_HASH }} /tr http://timestamp.digicert.com /td SHA256 /fd SHA256 $env:MSI_PATH
+          $env:SIGNTOOL_PATH verify /v /pa $env:MSI_PATH
 
       - name: Delete PFX certificate
         env: