Skip to content

Commit

Permalink
[ci][windows] sign executables using Azure
Browse files Browse the repository at this point in the history 
Signed-off-by: Vitalii Koshura <[email protected]>
  • Loading branch information
@AenBleidd
AenBleidd committed Dec 29, 2024
1 parent 5c05b2f commit 04ae4a7
Show file tree
Hide file tree
Showing 7 changed files with 91 additions and 21 deletions.
21 changes: 20 additions & 1 deletion .github/workflows/windows.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,16 @@ env:
AWS_ACCESS_KEY_ID: ${{secrets.S3_ACCESS_KEY}}
AWS_SECRET_ACCESS_KEY: ${{secrets.S3_SECRET_KEY}}
AWS_DEFAULT_REGION: us-west-2
AZURE_CLIENT_ID: ${{secrets.AZURE_CLIENT_ID}}
AZURE_CLIENT_SECRET: ${{secrets.AZURE_CLIENT_SECRET}}
AZURE_TENANT_ID: ${{secrets.AZURE_TENANT_ID}}
AZURE_ENDPOINT: ${{secrets.AZURE_ENDPOINT}}
AZURE_CODE_SIGNING_NAME: ${{secrets.AZURE_CODE_SIGNING_NAME}}
AZURE_CERT_PROFILE_NAME: ${{secrets.AZURE_CERT_PROFILE_NAME}}

TSCT: ${{github.workspace}}\temp\TSCT
DLIB: ${{github.workspace}}\temp\TSCT\x64\Azure.CodeSigning.Dlib.dll
DMDF: ${{github.workspace}}\metadata.json

jobs:
build:
Expand Down Expand Up @@ -88,9 +98,18 @@ jobs:
${{github.workspace}}\3rdParty\Windows\cuda\
key: windows-${{matrix.platform}}-${{matrix.configuration}}-${{hashFiles('win_build/vcpkg_3rdparty_dependencies.vcxproj', '.github/workflows/windows.yml')}}

- name: Install Trusted Signing Client Tools
if: success() && matrix.type == 'msbuild'
run: nuget.exe install Microsoft.Trusted.Signing.Client -Version 1.0.53 -x -OutputDirectory "${{ env.TSCT }}"

- name: Write metadata.json
if: success() && matrix.type == 'msbuild'
run: |
python ./ci_tools/create_signing_metadata.py "${{ env.DMDF }}" "${{ env.AZURE_ENDPOINT }}" "${{ env.AZURE_CODE_SIGNING_NAME }}" "${{ env.AZURE_CERT_PROFILE_NAME }}"
- name: Build
if: success() && matrix.type == 'msbuild'
run: msbuild win_build\boinc.sln -p:Configuration=${{matrix.configuration}} -p:Platform=${{matrix.platform}} -p:VcpkgTripletConfig=ci -m
run: msbuild win_build\boinc.sln -p:Configuration=${{matrix.configuration}} -p:Platform=${{matrix.platform}} -p:VcpkgTripletConfig=ci -p:DLIB=${{ env.DLIB }} -p:DMDF=${{ env.DMDF }} -m

- name: Build CMake
if: success() && matrix.type == 'libs-cmake'
Expand Down
20 changes: 20 additions & 0 deletions ci_tools/create_signing_metadata.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
import sys
import json

def main():
if len(sys.argv) != 5:
print("Usage: create_signing_metadata.py <output_file> <endpoint> <code_signing_account_name> <certificate_profile_name>")
sys.exit(1)

output_file = sys.argv[1]
metadata = {
"Endpoint": sys.argv[2],
"CodeSigningAccountName": sys.argv[3],
"CertificateProfileName": sys.argv[4]
}

with open(output_file, 'w', encoding='utf-8') as f:
json.dump(metadata, f, ensure_ascii=False, indent=4)

if __name__ == "__main__":
main()
14 changes: 14 additions & 0 deletions win_build/boinc.sln
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,6 +152,12 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "installer_icon", "installer
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "installer_setup", "installer_setup.vcxproj", "{80DFF29A-7B1D-41F4-BEAE-307CDB39BF54}"
ProjectSection(ProjectDependencies) = postProject
{88EB73FC-A865-4C3F-906D-44E00EF27A27} = {88EB73FC-A865-4C3F-906D-44E00EF27A27}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "installer_msi", "installer_msi.vcxproj", "{88EB73FC-A865-4C3F-906D-44E00EF27A27}"
ProjectSection(ProjectDependencies) = postProject
{49723CA5-DA05-43C0-93AB-6FD30D046919} = {49723CA5-DA05-43C0-93AB-6FD30D046919}
{BB5EF2AB-F453-463B-835A-65BBE7182378} = {BB5EF2AB-F453-463B-835A-65BBE7182378}
EndProjectSection
EndProject
Expand Down Expand Up @@ -505,6 +511,14 @@ Global
{80DFF29A-7B1D-41F4-BEAE-307CDB39BF54}.Release|ARM64.Build.0 = Release|ARM64
{80DFF29A-7B1D-41F4-BEAE-307CDB39BF54}.Release|x64.ActiveCfg = Release|x64
{80DFF29A-7B1D-41F4-BEAE-307CDB39BF54}.Release|x64.Build.0 = Release|x64
{88EB73FC-A865-4C3F-906D-44E00EF27A27}.Debug|ARM64.ActiveCfg = Debug|ARM64
{88EB73FC-A865-4C3F-906D-44E00EF27A27}.Debug|ARM64.Build.0 = Debug|ARM64
{88EB73FC-A865-4C3F-906D-44E00EF27A27}.Debug|x64.ActiveCfg = Debug|x64
{88EB73FC-A865-4C3F-906D-44E00EF27A27}.Debug|x64.Build.0 = Debug|x64
{88EB73FC-A865-4C3F-906D-44E00EF27A27}.Release|ARM64.ActiveCfg = Release|ARM64
{88EB73FC-A865-4C3F-906D-44E00EF27A27}.Release|ARM64.Build.0 = Release|ARM64
{88EB73FC-A865-4C3F-906D-44E00EF27A27}.Release|x64.ActiveCfg = Release|x64
{88EB73FC-A865-4C3F-906D-44E00EF27A27}.Release|x64.Build.0 = Release|x64
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
Expand Down
4 changes: 2 additions & 2 deletions win_build/boinc_signing.targets
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
<ItemGroup>
<FilesToSign Include="$(OutDir)$(TargetName)$(TargetExt)" Condition="('$(TargetExt)' == '.exe' or '$(TargetExt)' == '.dll' or '$(TargetExt)' == '.scr' or '$(TargetExt)' == '.msi')"/>
</ItemGroup>
<Target Name="Signing" DependsOnTargets="Build" AfterTargets="Build" Condition="('@(FilesToSign)' != '' and Exists('$(BUILDCODESIGN)\boinc.pfx'))">
<Exec Command='signtool sign /f "$(BUILDCODESIGN)/boinc.pfx" /p "$(CODESIGNBOINC)" /fd sha256 /d "BOINC Client Software" /du "http://boinc.berkeley.edu" /t "http://timestamp.sectigo.com" "@(FilesToSign)"' WorkingDirectory="$(MSBuildProjectDirectory)" />
<Target Name="Signing" DependsOnTargets="Build" AfterTargets="Build" Condition="('@(FilesToSign)' != '' and Exists('$(DLIB)') and Exists('$(DMDF)'))">
<Exec Command='signtool.exe sign /v /debug /fd SHA256 /d "BOINC Client Software" /du "https://boinc.berkeley.edu" /tr "http://timestamp.acs.microsoft.com" /td SHA256 /dlib $(DLIB) /dmdf $(DMDF) "@(FilesToSign)"' WorkingDirectory="$(MSBuildProjectDirectory)" />
</Target>
</Project>
7 changes: 1 addition & 6 deletions win_build/installer.vcxproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,12 +182,7 @@
<ClInclude Include="..\installer\UpgradeTable.h" />
<ClInclude Include="..\installer\JsonHelper.h" />
</ItemGroup>
<ItemGroup>
<None Include="..\installer\boinc.json" />
<None Include="..\installer\locale\en.json" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
<ImportGroup Label="ExtensionTargets"/>
<Import Project="boinc_signing.targets" />
</Project>
33 changes: 33 additions & 0 deletions win_build/installer_msi.vcxproj
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup Label="Globals">
<ProjectName>installer_msi</ProjectName>
<ProjectGuid>{88EB73FC-A865-4C3F-906D-44E00EF27A27}</ProjectGuid>
</PropertyGroup>
<PropertyGroup Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<CharacterSet>MultiByte</CharacterSet>
</PropertyGroup>
<Import Project="boinc.props" />
<PropertyGroup>
<TargetName>boinc</TargetName>
<TargetExt>.msi</TargetExt>
</PropertyGroup>
<ItemGroup>
<None Include="..\installer\boinc.json" />
<None Include="..\installer\locale\en.json" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
<PropertyGroup>
<CustomBuildBeforeTargets>ClCompile</CustomBuildBeforeTargets>
</PropertyGroup>
<ItemDefinitionGroup>
<CustomBuildStep>
<Command>$(SolutionDir)Build\x64\$(Configuration)\installer.exe -p $(Platform)</Command>
<Outputs>$(OutDir)$(TargetName)$(TargetExt)</Outputs>
</CustomBuildStep>
</ItemDefinitionGroup>
<Import Project="boinc_signing.targets" />
</Project>
13 changes: 1 addition & 12 deletions win_build/installer_setup.vcxproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,17 +35,6 @@
<ResourceCompile Include="..\installer\installer_setup\installer_setup.rc" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
<PropertyGroup>
<CustomBuildBeforeTargets>ClCompile</CustomBuildBeforeTargets>
</PropertyGroup>
<ItemDefinitionGroup>
<CustomBuildStep>
<Command>$(SolutionDir)Build\x64\$(Configuration)\installer.exe -p $(Platform)</Command>
<Inputs>$(MSBuildThisFileDirectory)..\installer\boinc.json;$(MSBuildThisFileDirectory)..\installer\locale\en.json;$(OutDir)boinccas.dll;$(SolutionDir)Build\x64\$(Configuration)\installer.exe</Inputs>
<Outputs>$(OutDir)boinc.msi</Outputs>
</CustomBuildStep>
</ItemDefinitionGroup>
<ImportGroup Label="ExtensionTargets"/>
<Import Project="boinc_signing.targets" />
</Project>

0 comments on commit 04ae4a7

Please sign in to comment.