From 40739a58875d8965313cb242c8a699d8e04dfee4 Mon Sep 17 00:00:00 2001 From: Oskar Nyberg Date: Fri, 26 Apr 2024 13:39:14 +0200 Subject: [PATCH 1/2] Point signtool to the new signing cert --- build.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/build.sh b/build.sh index 1329c2cf5ca6..7149231b1102 100755 --- a/build.sh +++ b/build.sh @@ -183,8 +183,7 @@ function sign_win { -tr http://timestamp.digicert.com -td sha256 \ -fd sha256 -d "Mullvad VPN" \ -du "https://github.com/mullvad/mullvadvpn-app#readme" \ - -f "$CERT_FILE" \ - -p "$CERT_PASSPHRASE" "$binary" + -sha1 "$CERT_HASH" "$binary" then break fi From cb842dc8e094dc304afcfb38632b3b33cd66fad3 Mon Sep 17 00:00:00 2001 From: Oskar Nyberg Date: Mon, 6 May 2024 14:18:50 +0200 Subject: [PATCH 2/2] Update certificate logic in build scripts for Windows signing key --- build.sh | 16 +++++++++------- ci/buildserver-build.sh | 2 +- gui/tasks/distribution.js | 2 -- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/build.sh b/build.sh index 7149231b1102..7b34896ca673 100755 --- a/build.sh +++ b/build.sh @@ -114,7 +114,7 @@ if [[ "$SIGN" == "true" ]]; then exit 1 fi - if [[ "$(uname -s)" == "Darwin" || "$(uname -s)" == "MINGW"* ]]; then + if [[ "$(uname -s)" == "Darwin" ]]; then log_info "Configuring environment for signing of binaries" if [[ -z ${CSC_LINK-} ]]; then log_error "The variable CSC_LINK is not set. It needs to point to a file containing the" @@ -128,13 +128,15 @@ if [[ "$SIGN" == "true" ]]; then fi # macOS: This needs to be set to 'true' to activate signing, even when CSC_LINK is set. export CSC_IDENTITY_AUTO_DISCOVERY=true - - if [[ "$(uname -s)" == "MINGW"* ]]; then - CERT_FILE=$CSC_LINK - CERT_PASSPHRASE=$CSC_KEY_PASSWORD - unset CSC_LINK CSC_KEY_PASSWORD - export CSC_IDENTITY_AUTO_DISCOVERY=false + elif [[ "$(uname -s)" == "MINGW"* ]]; then + if [[ -z ${CERT_HASH-} ]]; then + log_error "The variable CERT_HASH is not set. It needs to be set to the thumbprint of" + log_error "the signing certificate." + exit 1 fi + + unset CSC_LINK CSC_KEY_PASSWORD + export CSC_IDENTITY_AUTO_DISCOVERY=false else unset CSC_LINK CSC_KEY_PASSWORD export CSC_IDENTITY_AUTO_DISCOVERY=false diff --git a/ci/buildserver-build.sh b/ci/buildserver-build.sh index 8032c99b04fe..a730ad100de6 100755 --- a/ci/buildserver-build.sh +++ b/ci/buildserver-build.sh @@ -25,7 +25,7 @@ source "$SCRIPT_DIR/buildserver-config.sh" # Ask for the passphrase to the signing keys case "$(uname -s)" in - Darwin*|MINGW*|MSYS_NT*) + Darwin*) if [[ -z ${CSC_KEY_PASSWORD-} ]]; then read -rsp "CSC_KEY_PASSWORD = " CSC_KEY_PASSWORD echo "" diff --git a/gui/tasks/distribution.js b/gui/tasks/distribution.js index 6cae17885a73..f7bbf46c251b 100644 --- a/gui/tasks/distribution.js +++ b/gui/tasks/distribution.js @@ -134,8 +134,6 @@ const config = { ], artifactName: 'MullvadVPN-${version}.${ext}', publisherName: 'Mullvad VPN AB', - signingHashAlgorithms: ['sha256'], - signDlls: true, extraResources: [ { from: distAssets('mullvad.exe'), to: '.' }, { from: distAssets('mullvad-problem-report.exe'), to: '.' },