Skip to content
This repository was archived by the owner on Sep 30, 2024. It is now read-only.

Commit ef842a2

Browse files
ndabasndabas
committed
Add code signing
1 parent 39360e5 commit ef842a2

File tree

3 files changed

+34
-18
lines changed

3 files changed

+34
-18
lines changed

build.ps1

+26-6
Original file line numberDiff line numberDiff line change
@@ -77,9 +77,12 @@ mkdirp "bin"
7777
Write-Host $_.file
7878
}
7979

80-
if ($_ | Get-Member prebuild) {
81-
$0 = $outfile
82-
Invoke-Expression $_.prebuild
80+
if ($_ | Get-Member dirName) {
81+
$strip = 0;
82+
if ($_ | Get-Member extractStrip) { $strip = $_.extractStrip }
83+
84+
mkdirp "build\$($_.dirName)" -clean
85+
exec { tar -xf $outfile -C "build\$($_.dirName)" --strip-components $strip }
8386
}
8487
}
8588

@@ -125,6 +128,13 @@ if (-not (Test-Path build\NSIS)) {
125128
Expand-Archive '.\downloads\nsis-log.zip' -DestinationPath '.\build\NSIS' -Force
126129
}
127130

131+
function sign {
132+
param ([string[]] $filesToSign)
133+
134+
$cert = Get-ChildItem -Path Cert:\CurrentUser\My -CodeSigningCert | Where-Object { $_.Subject -like "CN=Raspberry Pi*" }
135+
$filesToSign | Set-AuthenticodeSignature -Certificate $cert -TimestampServer "http://timestamp.digicert.com" -HashAlgorithm SHA256
136+
}
137+
128138
function msys {
129139
param ([string] $cmd)
130140

@@ -366,9 +376,9 @@ Section "$($_.name)" Sec$($_.shortName)
366376
"@
367377
})
368378
369-
$(if ($_ | Get-Member copy) {
370-
"SetOutPath '`$INSTDIR\$($_.copy)'`r`n"
371-
"File /r build\$($_.copy)\*.*"
379+
$(if ($_ | Get-Member dirName) {
380+
"SetOutPath '`$INSTDIR\$($_.dirName)'`r`n"
381+
"File /r build\$($_.dirName)\*.*"
372382
})
373383
374384
SectionEnd
@@ -484,9 +494,19 @@ $env:__COMPAT_LAYER = "RunAsInvoker"
484494
exec { Start-Process -FilePath ".\build\build-uninstaller-$suffix.exe" -ArgumentList "/S /D=$PSScriptRoot\build" -Wait }
485495
$env:__COMPAT_LAYER = ""
486496

497+
# Sign files before packaging up the installer
498+
sign "build\uninstall-$suffix.exe",
499+
"build\openocd-install\mingw$bitness\bin\openocd.exe",
500+
"build\pico-sdk-tools\mingw$bitness\elf2uf2.exe",
501+
"build\pico-sdk-tools\mingw$bitness\pioasm.exe",
502+
"build\picotool-install\mingw$bitness\picotool.exe"
503+
487504
exec { .\build\NSIS\makensis ".\$basename-$suffix.nsi" }
488505
Write-Host "Installer saved to $binfile"
489506

507+
# Sign the installer
508+
sign $binfile
509+
490510
# Package OpenOCD separately as well
491511

492512
$version = (cmd /c ".\build\openocd-install\mingw$bitness\bin\openocd.exe" --version '2>&1')[0]

config/x64-standalone.json

+7-10
Original file line numberDiff line numberDiff line change
@@ -6,36 +6,33 @@
66
"name": "GNU Arm Embedded Toolchain",
77
"file": "gcc-arm-none-eabi-10.3-2021.10-win32.zip",
88
"href": "https://developer.arm.com/-/media/Files/downloads/gnu-rm/10.3-2021.10/gcc-arm-none-eabi-10.3-2021.10-win32.zip?rev=8f4a92e2ec2040f89912f372a55d8cf3&hash=8A9EAF77EF1957B779C59EADDBF2DAC118170BBF",
9-
"prebuild": "mkdirp build\\gcc-arm-none-eabi -clean && tar -xf $0 -C build\\gcc-arm-none-eabi --strip-components 1",
10-
"copy": "gcc-arm-none-eabi"
9+
"dirName": "gcc-arm-none-eabi",
10+
"extractStrip": 1
1111
},
1212
{
1313
"name": "CMake",
1414
"file": "cmake-3.25.0-windows-x86_64.zip",
1515
"href": "https://github.com/Kitware/CMake/releases/download/v3.25.0/cmake-3.25.0-windows-x86_64.zip",
16-
"prebuild": "mkdirp build\\cmake -clean && tar -xf $0 -C build\\cmake --strip-components 1",
17-
"copy": "cmake"
16+
"dirName": "cmake",
17+
"extractStrip": 1
1818
},
1919
{
2020
"name": "Ninja",
2121
"file": "ninja-win.zip",
2222
"href": "https://github.com/ninja-build/ninja/releases/download/v1.11.1/ninja-win.zip",
23-
"prebuild": "mkdirp build\\ninja -clean && tar -xf $0 -C build\\ninja",
24-
"copy": "ninja"
23+
"dirName": "ninja"
2524
},
2625
{
2726
"name": "Python 3.9",
2827
"file": "python-3.9.13-embed-amd64.zip",
2928
"href": "https://www.python.org/ftp/python/3.9.13/python-3.9.13-embed-amd64.zip",
30-
"prebuild": "mkdirp build\\python -clean && tar -xf $0 -C build\\python",
31-
"copy": "python"
29+
"dirName": "python"
3230
},
3331
{
3432
"name": "Git for Windows",
3533
"file": "MinGit-2.38.1-64-bit.zip",
3634
"href": "https://github.com/git-for-windows/git/releases/download/v2.38.1.windows.1/MinGit-2.38.1-64-bit.zip",
37-
"prebuild": "mkdirp build\\git -clean && tar -xf $0 -C build\\git",
38-
"copy": "git"
35+
"dirName": "git"
3936
},
4037
{
4138
"name": "Visual Studio Code",

config/x64.json

+1-2
Original file line numberDiff line numberDiff line change
@@ -18,8 +18,7 @@
1818
"name": "Ninja",
1919
"file": "ninja-win.zip",
2020
"href": "https://github.com/ninja-build/ninja/releases/download/v1.11.1/ninja-win.zip",
21-
"prebuild": "mkdirp build\\ninja -clean && tar -xf $0 -C build\\ninja",
22-
"copy": "ninja"
21+
"dirName": "ninja"
2322
},
2423
{
2524
"name": "Python 3.9",

0 commit comments

Comments
 (0)