mirror of
https://github.com/jellyfin/jellyfin-media-player.git
synced 2024-11-30 09:40:52 +00:00
b283cda603
Fixes the Windows CI builds.
106 lines
3.4 KiB
Batchfile
106 lines
3.4 KiB
Batchfile
@echo off
|
|
|
|
rem
|
|
rem Usage - Sign.cmd <target file>
|
|
rem
|
|
|
|
setlocal
|
|
|
|
echo --- BEGIN: sign.bat -------------------------------------
|
|
|
|
set TargetFile=%~1
|
|
if not exist "%TargetFile%" (
|
|
echo FATAL ERROR - %TargetFile% does not exist and cannot be signed
|
|
echo --- END: sign.bat -------------------------------------
|
|
exit /b 1
|
|
)
|
|
for %%i in ("%TargetFile%") do set TargetFileExtension="%%~xi"
|
|
|
|
if "%SigningCertSha256%" == "" (
|
|
set SigningCertSha256=%~dp0PlexOfficialSPC_sha256.pfx
|
|
)
|
|
if not exist "%SigningCertSha256%" (
|
|
set SigningCertSha256=%~dp0PlexTestSPC.pfx
|
|
)
|
|
echo Signing with %SigningCertSha256%
|
|
set TimestampErrors=0
|
|
|
|
rem Create timestamp server lists... All servers on this list support both RFC 3161 and non-RFC variants
|
|
set ServerListRfc3161=(http://timestamp.digicert.com,http://timestamp.globalsign.com/scripts/timestamp.dll,http://timestamp.comodoca.com)
|
|
|
|
rem Signing files SHA256 with the SHA256 cert
|
|
echo Adding SHA256 signature to %TargetFile%...
|
|
call :SignFile "%SigningCertSha256%" "%SigningCertPasswordSha256%" sha256 0 "%TargetFile%" "%ServerListRfc3161%" sha256
|
|
if errorlevel 1 goto SignFailed
|
|
|
|
echo Verifying signature...
|
|
signtool.exe verify /pa "%TargetFile%"
|
|
if errorlevel 1 (
|
|
echo FATAL ERROR - could not verify signature for %TargetFile%. There were %TimestampErrors% timestamping errors.
|
|
echo --- END: sign.bat ------------------------------------------------------------
|
|
exit /b 1
|
|
) else (
|
|
echo --- END: sign.bat ------------------------------------------------------------
|
|
exit /b 0
|
|
)
|
|
|
|
:SignFailed
|
|
REM return an error code...
|
|
echo FAILED: FATAL ERROR - signing %TargetFile% failed. There were %TimestampErrors% timestamping errors.
|
|
echo --- END: sign.bat -------------------------------------------------------------
|
|
exit /b 1
|
|
|
|
rem When timestamping a file, signtool will fail when the timestamp server doesn't respond. So we retry in a loop, in an attempt to reduce spurious failures.
|
|
rem When running signtool, we redirect output to null because signtool.exe may inadvertently output the word "error", causing msbuild to fail the build.
|
|
:SignFile
|
|
|
|
setlocal
|
|
set CertFilePath=%1
|
|
set CertPassword=%~2
|
|
set SignatureHashAlgorithm=%3
|
|
set AppendSignature=%4
|
|
set TargetFilePath=%5
|
|
set TimestampServerList=%~6
|
|
set Rfc3161HashAlgorithm=%7
|
|
|
|
rem Compute password args
|
|
if "%CertPassword%" neq "" (
|
|
set PasswordArgs=/p %CertPassword%
|
|
) else (
|
|
set PasswordArgs=
|
|
)
|
|
|
|
rem Compute append args
|
|
if "%AppendSignature%" == "1" (
|
|
set AppendSignatureArgs=/as
|
|
) else (
|
|
set AppendSignatureArgs=
|
|
)
|
|
|
|
rem Compute timestamp server args
|
|
set TimestampArg1=/tr
|
|
set TimestampArg2=/td %Rfc3161HashAlgorithm%
|
|
|
|
for /L %%a in (1,1,300) do (
|
|
for %%s in %TimestampServerList% do (
|
|
|
|
rem echo signtool.exe sign %AppendSignatureArgs% /fd %SignatureHashAlgorithm% %TimestampArg1% %%s %TimestampArg2% /f %CertFilePath% %PasswordArgs% %TargetFilePath%
|
|
signtool.exe sign %AppendSignatureArgs% /fd %SignatureHashAlgorithm% %TimestampArg1% %%s %TimestampArg2% /f %CertFilePath% %PasswordArgs% %TargetFilePath% > NUL 2>&1
|
|
if errorlevel 0 if not errorlevel 1 goto SignFileSuccess
|
|
|
|
echo Signing attempt %%a failed. Probably cannot find the timestamp server at %%s
|
|
set /a TimestampErrors+=1
|
|
)
|
|
|
|
echo Waiting 1 second...
|
|
choice /N /T:1 /D:Y >NUL
|
|
)
|
|
|
|
endlocal
|
|
exit /b 1
|
|
|
|
:SignFileSuccess
|
|
echo Signing succeeded
|
|
endlocal
|
|
exit /b 0
|