github.com/influxdata/telegraf@v1.30.3/scripts/sign-windows.sh (about) 1 #!/bin/bash 2 set -eux 3 4 # Install dependencies 5 sudo apt update && sudo apt install --yes 7zip default-jre-headless osslsigncode wget 6 wget https://github.com/ebourg/jsign/releases/download/5.0/jsign_5.0_all.deb 7 sha256sum="9877a0949a9c9ac4485155bbb8679ac863d3ec3d67e0a380b880eed650d06854" 8 if ! echo "${sha256sum} jsign_5.0_all.deb" | sha256sum --check -; then 9 echo "Checksum for jsign deb failed" >&2 10 exit 1 11 fi 12 sudo dpkg -i jsign_5.0_all.deb 13 14 # Load certificates 15 touch "$SM_CLIENT_CERT_FILE" 16 set +x 17 echo "$SM_CLIENT_CERT_FILE_B64" > "$SM_CLIENT_CERT_FILE.b64" 18 set -x 19 base64 -d "$SM_CLIENT_CERT_FILE.b64" > "$SM_CLIENT_CERT_FILE" 20 21 # Loop through and sign + verify the binaries 22 artifactDirectory="./dist" 23 extractDirectory="$artifactDirectory/extracted" 24 for file in "$artifactDirectory"/*windows*; do 25 7zz x "$file" -o$extractDirectory 26 subDirectoryPath=$(find $extractDirectory -mindepth 1 -maxdepth 1 -type d) 27 telegrafExePath="$subDirectoryPath/telegraf.exe" 28 29 jsign \ 30 -storetype DIGICERTONE \ 31 -alias "$SM_CERT_ALIAS" \ 32 -storepass "$SM_API_KEY|$SM_CLIENT_CERT_FILE|$SM_CLIENT_CERT_PASSWORD" \ 33 -alg SHA-256 \ 34 -tsaurl http://timestamp.digicert.com \ 35 "$telegrafExePath" 36 37 osslsigncode verify \ 38 -CAfile /usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt \ 39 -TSA-CAfile /usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt \ 40 -in "$telegrafExePath" 41 42 7zz a -r "$file" "$subDirectoryPath" 43 rm -rf "$extractDirectory" 44 done