github.com/influxdata/telegraf@v1.30.3/scripts/sign-windows.sh

github.com/influxdata/telegraf@v1.30.3/scripts/sign-windows.sh (about)

     1  #!/bin/bash
     2  set -eux
     3  
     4  # Install dependencies
     5  sudo apt update && sudo apt install --yes 7zip default-jre-headless osslsigncode wget
     6  wget https://github.com/ebourg/jsign/releases/download/5.0/jsign_5.0_all.deb
     7  sha256sum="9877a0949a9c9ac4485155bbb8679ac863d3ec3d67e0a380b880eed650d06854"
     8  if ! echo "${sha256sum}  jsign_5.0_all.deb" | sha256sum --check -; then
     9      echo "Checksum for jsign deb failed" >&2
    10      exit 1
    11  fi
    12  sudo dpkg -i jsign_5.0_all.deb
    13  
    14  # Load certificates
    15  touch "$SM_CLIENT_CERT_FILE"
    16  set +x
    17  echo "$SM_CLIENT_CERT_FILE_B64" > "$SM_CLIENT_CERT_FILE.b64"
    18  set -x
    19  base64 -d "$SM_CLIENT_CERT_FILE.b64" > "$SM_CLIENT_CERT_FILE"
    20  
    21  # Loop through and sign + verify the binaries
    22  artifactDirectory="./dist"
    23  extractDirectory="$artifactDirectory/extracted"
    24  for file in "$artifactDirectory"/*windows*; do
    25      7zz x "$file" -o$extractDirectory
    26      subDirectoryPath=$(find $extractDirectory -mindepth 1 -maxdepth 1 -type d)
    27      telegrafExePath="$subDirectoryPath/telegraf.exe"
    28  
    29      jsign \
    30          -storetype DIGICERTONE \
    31          -alias "$SM_CERT_ALIAS" \
    32          -storepass "$SM_API_KEY|$SM_CLIENT_CERT_FILE|$SM_CLIENT_CERT_PASSWORD" \
    33          -alg SHA-256 \
    34          -tsaurl http://timestamp.digicert.com \
    35          "$telegrafExePath"
    36  
    37      osslsigncode verify \
    38          -CAfile /usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt \
    39          -TSA-CAfile /usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt \
    40          -in "$telegrafExePath"
    41  
    42      7zz a -r "$file" "$subDirectoryPath"
    43      rm -rf "$extractDirectory"
    44  done