diff options
Diffstat (limited to 'build.go')
-rw-r--r-- | build.go | 30 |
1 files changed, 29 insertions, 1 deletions
@@ -15,6 +15,7 @@ import ( "bytes" "compress/flate" "compress/gzip" + "encoding/base64" "encoding/json" "errors" "flag" @@ -1383,6 +1384,33 @@ func windowsCodesign(file string) { args := []string{"sign", "/fd", algo} if f := os.Getenv("CODESIGN_CERTIFICATE_FILE"); f != "" { args = append(args, "/f", f) + } else if b := os.Getenv("CODESIGN_CERTIFICATE_BASE64"); b != "" { + // Decode the PFX certificate from base64. + bs, err := base64.RawStdEncoding.DecodeString(b) + if err != nil { + log.Println("Codesign: signing failed: decoding base64:", err) + return + } + + // Write it to a temporary file + f, err := os.CreateTemp("", "codesign-*.pfx") + if err != nil { + log.Println("Codesign: signing failed: creating temp file:", err) + return + } + _ = f.Chmod(0600) // best effort remove other users' access + defer os.Remove(f.Name()) + if _, err := f.Write(bs); err != nil { + log.Println("Codesign: signing failed: writing temp file:", err) + return + } + if err := f.Close(); err != nil { + log.Println("Codesign: signing failed: closing temp file:", err) + return + } + + // Use that when signing + args = append(args, "/f", f.Name()) } if p := os.Getenv("CODESIGN_CERTIFICATE_PASSWORD"); p != "" { args = append(args, "/p", p) @@ -1402,7 +1430,7 @@ func windowsCodesign(file string) { bs, err := runError(st, args...) if err != nil { - log.Println("Codesign: signing failed:", string(bs)) + log.Printf("Codesign: signing failed: %v: %s", err, string(bs)) return } log.Println("Codesign: successfully signed", file, "using", algo) |