Skip to content

Commit ff063f1

Browse files
JackuBJackuB
committed
feat(windows): renew code signing certificate
1 parent 3507863 commit ff063f1

File tree

2 files changed

+23
-17
lines changed

2 files changed

+23
-17
lines changed

cliv2/scripts/sign_windows.sh

Lines changed: 11 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -9,21 +9,25 @@ EXPORT_PATH=${1:-./bin}
99
PRODUCT_NAME=${2:-snyk_windows_amd64.exe}
1010
APP_PATH="$EXPORT_PATH/$PRODUCT_NAME"
1111
APP_PATH_UNSIGNED="$APP_PATH.unsigned"
12-
SIGNING_SECRETS=secrets.p12
12+
SIGNING_CERTIFICATE_FILE=Certificate.cer
13+
SIGNING_KEY_FILE=Snyk_Limited.key
1314

1415
LOG_PREFIX="--- $(basename "$0"):"
1516
echo "$LOG_PREFIX Signing \"$APP_PATH\""
1617

1718
# create files as needed
18-
echo "$LOG_PREFIX Creating p12 file"
19-
echo "$SIGNING_SECRETS_BINARY" | base64 --decode > "$SIGNING_SECRETS"
19+
echo "$LOG_PREFIX Creating .key file"
20+
echo "$SIGNING_CERTIFICATE_BINARY" | base64 --decode > "$SIGNING_CERTIFICATE_FILE"
21+
22+
echo "$LOG_PREFIX Creating .cer file"
23+
echo "$SIGNING_KEY_BINARY" | base64 --decode > "$SIGNING_KEY_FILE"
2024

2125
echo "$LOG_PREFIX Signing binary $APP_PATH_UNSIGNED"
2226
mv "$APP_PATH" "$APP_PATH_UNSIGNED"
2327

2428
osslsigncode sign -h sha512 \
25-
-pkcs12 "$SIGNING_SECRETS" \
26-
-pass "$SIGNING_SECRETS_PASSWORD" \
29+
-certs "$SIGNING_CERTIFICATE_FILE" \
30+
-key "$SIGNING_KEY_FILE" \
2731
-n "Snyk CLI" \
2832
-i "https://snyk.io" \
2933
-t "http://timestamp.comodoca.com/authenticode" \
@@ -32,4 +36,5 @@ osslsigncode sign -h sha512 \
3236

3337
echo "$LOG_PREFIX Cleaning up"
3438
rm -f "$APP_PATH_UNSIGNED"
35-
rm -f "$SIGNING_SECRETS"
39+
rm -f "$SIGNING_CERTIFICATE_FILE"
40+
rm -f "$SIGNING_KEY_FILE"

release-scripts/sign-windows-binary.sh

Lines changed: 12 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,23 +1,24 @@
11
#!/usr/bin/env bash
22
set -euo pipefail
33

4-
# create files as needed
5-
CERT_FILE=cert.pem
6-
if [ ! -f "$CERT_FILE" ]; then
7-
echo "$SIGNING_CERT" | base64 --decode >"$CERT_FILE"
8-
fi
4+
SIGNING_CERTIFICATE_FILE=Certificate.cer
5+
SIGNING_KEY_FILE=Snyk_Limited.key
96

107
# create files as needed
11-
KEY_FILE=key.pem
12-
if [ ! -f "$KEY_FILE" ]; then
13-
echo "$SIGNING_KEY" | base64 --decode >"$KEY_FILE"
14-
fi
8+
echo "Creating .key file"
9+
echo "$SIGNING_CERTIFICATE_BINARY" | base64 --decode > "$SIGNING_CERTIFICATE_FILE"
10+
11+
echo "Creating .cer file"
12+
echo "$SIGNING_KEY_BINARY" | base64 --decode > "$SIGNING_KEY_FILE"
1513

1614
osslsigncode sign -h sha512 \
17-
-certs cert.pem \
18-
-key key.pem \
15+
-certs "$SIGNING_CERTIFICATE_FILE" \
16+
-key "$SIGNING_KEY_FILE" \
1917
-n "Snyk CLI" \
2018
-i "https://snyk.io" \
2119
-t "http://timestamp.comodoca.com/authenticode" \
2220
-in binary-releases/snyk-win-unsigned.exe \
2321
-out binary-releases/snyk-win.exe
22+
23+
rm -f "$SIGNING_CERTIFICATE_FILE"
24+
rm -f "$SIGNING_KEY_FILE"

0 commit comments

Comments
 (0)