[pkg] add sign script

3 files changed, 21 insertions, 0 deletions

diff --git a/Makefile b/Makefile
index dffb77a..258c513 100755
--- a/Makefile
+++ b/Makefile
@@ -5,6 +5,8 @@ SYSTRAY_BIN := bitmask-vpn
 HELPER_BIN := bitmask_helper
 APP_NAME := RiseupVPN
 BUILD_RELEASE?=no
+WIN_CERT_PATH?=z:\leap\LEAP.pfx
+WIN_CERT_PASS?=
 OSX_CERT = "Developer ID Installer: LEAP Encryption Access Project"
 VERSION = $(shell git -C `go env GOPATH`/src/$(SYSTRAY)  describe --tags --always)
 
@@ -55,6 +57,9 @@ build_win: staging\nssm.exe helper_win systray_win
 	if not exist dist mkdir dist
 	powershell '$$gopath=go env GOPATH;$$version=git -C $$gopath/src/$(SYSTRAY) describe --tags; $(MAKE) -C win VERSION=$$version'
 	"C:\Program Files (x86)\NSIS\makensis.exe" win/RiseupVPN-installer.nsi
+sign_win:
+	echo "[+] signing windows build"
+	python win/sign.py $(WIN_CERT_PATH) $(WIN_CERT_PASS)
 build_cross_win: staging/nssm.exe
 	echo "!define VERSION $(VERSION)" > $(STAGING)/version.nsh
 	$(CROSS_FLAGS) $(MAKE) helper_win
diff --git a/win/sign.py b/win/sign.py
new file mode 100644
index 0000000..0ca2cdf
--- /dev/null
+++ b/win/sign.py
@@ -0,0 +1,15 @@
+import subprocess
+import os
+import sys
+
+WIN_CERT_PATH = sys.argv[1]
+WIN_CERT_PASS = sys.argv[2]
+SIGNTOOL = "signtool"
+
+GOPATH = os.environ.get('GOPATH')
+VERSION=subprocess.run('git -C ' + GOPATH + '\\src\\0xacab.org\\leap\\bitmask-vpn describe --tags', stdout=subprocess.PIPE).stdout.strip()
+
+installer = "RiseupVPN-" + str(VERSION, 'utf-8') + '.exe'
+target = str(os.path.join(os.path.abspath('.'), 'dist', installer))
+cmd = [SIGNTOOL, "sign", "/f", WIN_CERT_PATH, "/p", WIN_CERT_PASS, target]
+subprocess.run(cmd)
diff --git a/win/tools/README-cert.txt b/win/tools/README-cert.txt
new file mode 100644
index 0000000..e532997
--- /dev/null
+++ b/win/tools/README-cert.txt
@@ -0,0 +1 @@
+openssl pkcs12 -inkey privatekey.pem -in signing_cert.pem -export -out LEAP.pfx