-
Notifications
You must be signed in to change notification settings - Fork 278
/
Copy pathsign.ps1
71 lines (58 loc) · 2.34 KB
/
sign.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
# Get the certificate and password from environment variables
$certificateBase64 = $env:CODESIGN_CERT_PFX
$certificatePassword = $env:CODESIGN_CERT_PASSWORD
# Write the certificate to a file
$certificatePath = Join-Path -Path $env:TEMP -ChildPath 'certificate.pfx'
$certificateBytes = [Convert]::FromBase64String($certificateBase64)
[System.IO.File]::WriteAllBytes($certificatePath, $certificateBytes)
# Define the function to find the path to signtool.exe
function Get-SignToolPath {
# Array of common installation directories for Windows SDK
$sdkInstallationDirs = @(
"$env:ProgramFiles (x86)\Windows Kits\10\bin\x64",
"$env:ProgramFiles\Windows Kits\10\bin\x64",
"$env:ProgramFiles (x86)\Windows Kits\10\App Certification Kit"
)
foreach ($dir in $sdkInstallationDirs) {
$path = Join-Path -Path $dir -ChildPath 'signtool.exe'
#Write-Host $path
if (Test-Path -Path $path) {
return $path
}
}
throw "Could not find signtool.exe. Make sure the Windows SDK is installed."
}
# Find the path to signtool.exe
$signtoolPath = Get-SignToolPath
# Define the function to code-sign a file
function Sign-File {
param (
[Parameter(Mandatory=$true)]
[String]$FilePath
)
# Check if the file is already code-signed
$signature = Get-AuthenticodeSignature -FilePath $FilePath -ErrorAction SilentlyContinue
if ($signature.status -ne "NotSigned") {
Write-Host "File '$FilePath' is already code-signed. Skipping."
return
}
# Code-sign the file using signtool
Write-Host "Code-signing file '$FilePath'..."
& $signtoolPath sign /tr http://timestamp.digicert.com /td sha256 /v /fd sha256 /f $certificatePath /p $certificatePassword $FilePath
}
# Define the function to recursively code-sign files in a directory
function Sign-FilesRecursively {
param (
[Parameter(Mandatory=$true)]
[String]$DirectoryPath
)
Write-Host $DirectoryPath
# Get all exe and dll files recursively
dir $DirectoryPath -recurse | where {$_.extension -in ".exe",".dll"} | ForEach-Object {
Sign-File -FilePath $_.FullName
}
}
# Usage: Provide the directory path as an argument to sign files recursively
Sign-FilesRecursively -DirectoryPath $args[0]
# Remove the temporary certificate file
Remove-Item -Path $certificatePath