Skip to content

Commit

Permalink
fix packaging and add code signing
Browse files Browse the repository at this point in the history
  • Loading branch information
awakecoding committed Nov 28, 2023
1 parent ca0393b commit d58dff3
Show file tree
Hide file tree
Showing 5 changed files with 110 additions and 28 deletions.
128 changes: 106 additions & 22 deletions .github/workflows/build-package.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,18 @@ on:
description: 'Detours git commit'
default: '4b8c659'
required: true
sign-nuget:
description: 'Sign nuget package'
required: true
type: boolean
default: false
skip-publish:
description: 'Skip publishing'
required: true
type: boolean
default: false
dry-run:
description: Dry run (simulate)
description: 'Dry run (simulate)'
required: true
type: boolean
default: true
Expand All @@ -42,7 +47,7 @@ jobs:
$IsScheduledJob = ('${{ github.event_name }}' -eq 'schedule')
$DryRun = [System.Boolean]::Parse('${{ inputs.dry-run }}')
$PackageEnv = if ($IsMasterBranch) {
$PackageEnv = if ($IsMasterBranch -And -Not $IsScheduledJob) {
"publish-prod"
} else {
"publish-test"
Expand Down Expand Up @@ -131,10 +136,9 @@ jobs:
cmake -G "Visual Studio 17 2022" -A $MsvcArch -DWITH_DOTNET=OFF -B $BuildDir
cmake --build $BuildDir --config Release
New-Item -ItemType Directory -Path "dependencies/MsRdpEx/$Arch" | Out-Null
Copy-Item "$BuildDir/Release/MsRdpEx.dll" "dependencies/MsRdpEx/$Arch"
Copy-Item "$BuildDir/Release/MsRdpEx.pdb" "dependencies/MsRdpEx/$Arch"
Copy-Item "$BuildDir/Release/mstscex.exe" "dependencies/MsRdpEx/$Arch"
Copy-Item "$BuildDir/Release/msrdcex.exe" "dependencies/MsRdpEx/$Arch"
@('MsRdpEx.dll','MsRdpEx.pdb','mstscex.exe','msrdcex.exe') | % {
Copy-Item "$BuildDir/Release/$_" "dependencies/MsRdpEx/$Arch"
}
Compress-Archive "dependencies\MsRdpEx\$Arch\*" ".\package\MsRdpEx-$PackageVersion-$Arch.zip" -CompressionLevel Optimal
- name: Upload MsRdpEx (${{matrix.arch}})
Expand All @@ -147,6 +151,7 @@ jobs:
name: Build managed library
runs-on: windows-2022
needs: [preflight, build-native]
environment: ${{ needs.preflight.outputs.package-env }}

steps:
- name: Check out ${{ github.repository }}
Expand All @@ -158,6 +163,18 @@ jobs:
New-Item .\package -ItemType Directory -ErrorAction SilentlyContinue | Out-Null
New-Item ".\dependencies\MsRdpEx" -ItemType Directory | Out-Null
- name: Install code signing tools
run: |
dotnet tool install --global AzureSignTool
dotnet tool install --global NuGetKeyVaultSignTool
Install-Module -Name Devolutions.Authenticode -Force
# trust test code signing CA
$TestCertsUrl = "https://raw.githubusercontent.com/Devolutions/devolutions-authenticode/master/data/certs"
Invoke-WebRequest -Uri "$TestCertsUrl/authenticode-test-ca.crt" -OutFile ".\authenticode-test-ca.crt"
Import-Certificate -FilePath ".\authenticode-test-ca.crt" -CertStoreLocation "cert:\LocalMachine\Root"
Remove-Item ".\authenticode-test-ca.crt" -ErrorAction SilentlyContinue | Out-Null
- name: Set package version
shell: pwsh
run: |
Expand All @@ -181,25 +198,36 @@ jobs:
Expand-Archive $_ "dependencies\$Name\$Arch\" -Force
}
- name: Build MsRdpEx MSI installers
- name: Code sign native zip package
shell: pwsh
run: |
$PackageVersion = '${{ needs.preflight.outputs.package-version }}'
$ShortVersion = $PackageVersion.Substring(2) # MSI short version
$WixVariables = Get-Content .\installer\Variables.wxi
$WixVariables = $WixVariables -Replace 'ProductVersion = "([^"]*)"', "ProductVersion = `"$ShortVersion`""
Set-Content .\installer\Variables.wxi $WixVariables
foreach ($Arch in @('x86','x64','arm64')) {
$MsvcArch = @{"x86"="Win32";"x64"="x64";"arm64"="ARM64"}[$Arch]
dotnet build /p:Configuration=Release /p:Platform=$MsvcArch installer/MsRdpEx.sln
Move-Item "installer\bin\$MsvcArch\Release\en-US\MsRdpEx.msi" "package\MsRdpEx-$PackageVersion-$Arch.msi"
$Params = @('sign',
'-kvt', '${{ secrets.AZURE_TENANT_ID }}',
'-kvu', '${{ secrets.CODE_SIGNING_KEYVAULT_URL }}',
'-kvi', '${{ secrets.CODE_SIGNING_CLIENT_ID }}',
'-kvs', '${{ secrets.CODE_SIGNING_CLIENT_SECRET }}',
'-kvc', '${{ secrets.CODE_SIGNING_CERTIFICATE_NAME }}',
'-tr', '${{ vars.CODE_SIGNING_TIMESTAMP_SERVER }}',
'-v')
Get-Item .\package\*.zip | ForEach-Object {
$ZipFile = $_.FullName
($Name, $Version, $Arch) = $_.BaseName -Split '-'
$BinDir = "dependencies\$Name\$Arch"
Get-ChildItem -Path "$BinDir/*" -Include @("*.exe","*.dll") | ForEach-Object {
AzureSignTool @Params $_.FullName
}
Remove-Item $ZipFile | Out-Null
Compress-Archive "$BinDir\*" $ZipFile -CompressionLevel Optimal
Get-ZipAuthenticodeDigest $ZipFile -Export
AzureSignTool @Params "${ZipFile}.sig.ps1"
Import-ZipAuthenticodeSignature $ZipFile -Remove
}
- name: Upload MsRdpEx nuget package
- name: Upload MsRdpEx zip packages
uses: actions/upload-artifact@v3
with:
name: MsRdpEx-msi
path: package/*.msi
name: MsRdpEx-zip
path: package/*.zip

- name: Build MsRdpEx nuget package
shell: pwsh
Expand All @@ -209,13 +237,63 @@ jobs:
cmake -G "Visual Studio 17 2022" -A x64 -DWITH_DOTNET=ON -DWITH_NATIVE=OFF -B $BuildDir
cmake --build $BuildDir --config Release
& dotnet pack .\dotnet\Devolutions.MsRdpEx -o package
- name: Code sign nuget package
if: ${{ fromJSON(inputs.sign-nuget) == true }}
shell: pwsh
run: |
$NugetPackage = (Get-Item ".\package\*.nupkg" | Select-Object -First 1) | Resolve-Path -Relative
$Params = @('sign', $NugetPackage,
'-kvt', '${{ secrets.AZURE_TENANT_ID }}',
'-kvu', '${{ secrets.CODE_SIGNING_KEYVAULT_URL }}',
'-kvi', '${{ secrets.CODE_SIGNING_CLIENT_ID }}',
'-kvs', '${{ secrets.CODE_SIGNING_CLIENT_SECRET }}',
'-kvc', '${{ secrets.CODE_SIGNING_CERTIFICATE_NAME }}',
'-tr', '${{ vars.CODE_SIGNING_TIMESTAMP_SERVER }}',
'-v')
& NuGetKeyVaultSignTool @Params
- name: Upload MsRdpEx nuget package
uses: actions/upload-artifact@v3
with:
name: MsRdpEx-nupkg
path: package/*.nupkg

- name: Build MsRdpEx MSI packages
shell: pwsh
run: |
$PackageVersion = '${{ needs.preflight.outputs.package-version }}'
$ShortVersion = $PackageVersion.Substring(2) # MSI short version
$WixVariables = Get-Content .\installer\Variables.wxi
$WixVariables = $WixVariables -Replace 'ProductVersion = "([^"]*)"', "ProductVersion = `"$ShortVersion`""
Set-Content .\installer\Variables.wxi $WixVariables
foreach ($Arch in @('x86','x64','arm64')) {
$MsvcArch = @{"x86"="Win32";"x64"="x64";"arm64"="ARM64"}[$Arch]
dotnet build /p:Configuration=Release /p:Platform=$MsvcArch installer/MsRdpEx.sln
Move-Item "installer\bin\$MsvcArch\Release\en-US\MsRdpEx.msi" "package\MsRdpEx-$PackageVersion-$Arch.msi"
}
- name: Code sign MSI package
shell: pwsh
run: |
$Params = @('sign',
'-kvt', '${{ secrets.AZURE_TENANT_ID }}',
'-kvu', '${{ secrets.CODE_SIGNING_KEYVAULT_URL }}',
'-kvi', '${{ secrets.CODE_SIGNING_CLIENT_ID }}',
'-kvs', '${{ secrets.CODE_SIGNING_CLIENT_SECRET }}',
'-kvc', '${{ secrets.CODE_SIGNING_CERTIFICATE_NAME }}',
'-tr', '${{ vars.CODE_SIGNING_TIMESTAMP_SERVER }}',
'-v')
Get-ChildItem .\package\*.msi | ForEach-Object {
AzureSignTool @Params $_.FullName
}
- name: Upload MsRdpEx MSI packages
uses: actions/upload-artifact@v3
with:
name: MsRdpEx-msi
path: package/*.msi

publish:
name: Publish packages
runs-on: ubuntu-22.04
Expand All @@ -224,18 +302,24 @@ jobs:
if: ${{ fromJSON(inputs.skip-publish) == false }}

steps:
- name: Download zip native package
- name: Download zip package
uses: actions/download-artifact@v3
with:
name: MsRdpEx-zip
path: package

- name: Download nuget managed package
- name: Download nuget package
uses: actions/download-artifact@v3
with:
name: MsRdpEx-nupkg
path: package

- name: Download MSI package
uses: actions/download-artifact@v3
with:
name: MsRdpEx-msi
path: package

- name: Publish to nuget.org
shell: pwsh
run: |
Expand Down
10 changes: 4 additions & 6 deletions dll/String.c
Original file line number Diff line number Diff line change
Expand Up @@ -657,7 +657,7 @@ void MsRdpEx_FreeStringVector(int argc, char** argv)

char** MsRdpEx_GetArgumentVector(int* argc)
{
int index;
int argi;
char* arg = NULL;
char** args = NULL;
LPWSTR* argsW = NULL;
Expand Down Expand Up @@ -685,18 +685,16 @@ char** MsRdpEx_GetArgumentVector(int* argc)

args[0] = arg;

for (index = 0; index < *argc; index++) {
for (argi = 0; argi < *argc; argi++) {
arg = NULL;

if (MsRdpEx_ConvertFromUnicode(CP_UTF8, 0, argsW[index], -1, &arg, 0, NULL, NULL) < 0) {
if (MsRdpEx_ConvertFromUnicode(CP_UTF8, 0, argsW[argi], -1, &arg, 0, NULL, NULL) < 0) {
goto exit;
}

args[index + 1] = arg;
args[argi] = arg;
}

*argc = *argc + 1;

exit:
LocalFree(argsW);
return args;
Expand Down
Binary file modified exe/msrdcex/msrdcex.ico
Binary file not shown.
Binary file modified exe/mstscex/mstscex.ico
Binary file not shown.
Binary file modified installer/MsRdpEx.ico
Binary file not shown.

0 comments on commit d58dff3

Please sign in to comment.