Add support for using automated codesign for binaries in deployment

2021-03-24 19:31:22 +01:00
parent c0d0083cc2
commit 3dbbcc3a8c
4 changed files with 61 additions and 0 deletions
--- a/Source/Tools/Flax.Build/Deploy/Configuration.cs
+++ b/Source/Tools/Flax.Build/Deploy/Configuration.cs
@@ -15,5 +15,17 @@ namespace Flax.Build
        /// </summary>
        [CommandLine("deployPlatforms", "Builds and packages the platforms data.")]
        public static bool DeployPlatforms;
+
+        /// <summary>
+        /// Certificate file path for binaries signing.
+        /// </summary>
+        [CommandLine("deployCert", "Certificate file path for binaries signing.")]
+        public static string DeployCert;
+
+        /// <summary>
+        /// Certificate file password for binaries signing.
+        /// </summary>
+        [CommandLine("deployCertPass", "Certificate file password for binaries signing.")]
+        public static string DeployCertPass;
    }
 }
--- a/Source/Tools/Flax.Build/Deploy/Deployment.Editor.cs
+++ b/Source/Tools/Flax.Build/Deploy/Deployment.Editor.cs
@@ -12,6 +12,18 @@ namespace Flax.Deploy
 {
    partial class Deployment
    {
+        private static void CodeSign(string file)
+        {
+            if (string.IsNullOrEmpty(Configuration.DeployCert))
+                return;
+            switch (Platform.BuildTargetPlatform)
+            {
+            case TargetPlatform.Windows:
+                VCEnvironment.CodeSign(file, Configuration.DeployCert, Configuration.DeployCertPass);
+                break;
+            }
+        }
+
        public class Editor
        {
            private static string RootPath;
@@ -37,6 +49,7 @@ namespace Flax.Deploy
                    var dst = Path.Combine(OutputPath, binariesSubDir);

                    DeployFile(src, dst, "Flax.Build.exe");
+                    CodeSign(Path.Combine(dst, "Flax.Build.exe"));
                    DeployFile(src, dst, "Flax.Build.xml");
                    DeployFile(src, dst, "Ionic.Zip.Reduced.dll");
                    DeployFile(src, dst, "Newtonsoft.Json.dll");
@@ -166,12 +179,14 @@ namespace Flax.Deploy

                    // Deploy binaries
                    DeployFile(src, dst, editorExeName);
+                    CodeSign(Path.Combine(dst, editorExeName));
                    DeployFile(src, dst, "FlaxEditor.Build.json");
                    DeployFile(src, dst, "FlaxEditor.lib");
                    DeployFile(src, dst, "FlaxEngine.CSharp.pdb");
                    DeployFile(src, dst, "FlaxEngine.CSharp.xml");
                    DeployFile(src, dst, "Newtonsoft.Json.pdb");
                    DeployFiles(src, dst, "*.dll");
+                    CodeSign(Path.Combine(dst, "FlaxEngine.CSharp.dll"));

                    // Deploy debug symbols files
                    DeployFiles(src, dstDebug, "*.pdb");
--- a/Source/Tools/Flax.Build/Deploy/Deployment.Platforms.cs
+++ b/Source/Tools/Flax.Build/Deploy/Deployment.Platforms.cs
@@ -37,6 +37,22 @@ namespace Flax.Deploy
                        File.Delete(Path.Combine(dst, "Binaries", "Game", "x64", "Release", "FlaxGame.a"));
                    }

+                    // Sign binaries
+                    if (platform == TargetPlatform.Windows && !string.IsNullOrEmpty(Configuration.DeployCert))
+                    {
+                        var binaries = Path.Combine(dst, "Binaries", "Game", "x64", "Debug");
+                        CodeSign(Path.Combine(binaries, "FlaxGame.exe"));
+                        CodeSign(Path.Combine(binaries, "FlaxEngine.CSharp.dll"));
+
+                        binaries = Path.Combine(dst, "Binaries", "Game", "x64", "Development");
+                        CodeSign(Path.Combine(binaries, "FlaxGame.exe"));
+                        CodeSign(Path.Combine(binaries, "FlaxEngine.CSharp.dll"));
+
+                        binaries = Path.Combine(dst, "Binaries", "Game", "x64", "Release");
+                        CodeSign(Path.Combine(binaries, "FlaxGame.exe"));
+                        CodeSign(Path.Combine(binaries, "FlaxEngine.CSharp.dll"));
+                    }
+
                    // Don't distribute engine deps
                    Utilities.DirectoryDelete(Path.Combine(dst, "Binaries", "ThirdParty"));

--- a/Source/Tools/Flax.Build/Deploy/VCEnvironment.cs
+++ b/Source/Tools/Flax.Build/Deploy/VCEnvironment.cs
@@ -2,6 +2,7 @@

 using System;
 using System.IO;
+using System.Linq;
 using Flax.Build;
 using Flax.Build.Platforms;
 using Flax.Build.Projects.VisualStudio;
@@ -255,5 +256,22 @@ namespace Flax.Deploy
            string cmdLine = string.Format("\"{0}\" /t:Clean /verbosity:minimal /nologo", solutionFile);
            Utilities.Run(msBuild, cmdLine);
        }
+
+        internal static void CodeSign(string file, string certificatePath, string certificatePass)
+        {
+            if (!File.Exists(file))
+                throw new FileNotFoundException("Missing file to sign.", file);
+            if (!File.Exists(certificatePath))
+                throw new FileNotFoundException("Missing certificate to sign with.", certificatePath);
+            var sdks = WindowsPlatformBase.GetSDKs();
+            if (sdks.Count == 0)
+                throw new Exception("No Windows SDK found. Cannot sign file.");
+            var sdkKeys = sdks.Keys.ToList();
+            sdkKeys.Sort();
+            var sdk = sdks[sdkKeys.Last()];
+            var signtool = Path.Combine(sdk, "bin", "x64", "signtool.exe");
+            var cmdLine = string.Format("sign /debug /f \"{0}\" /p \"{1}\" /tr http://timestamp.comodoca.com /td sha256 /fd sha256 \"{2}\"", certificatePath, certificatePass, file);
+            Utilities.Run(signtool, cmdLine);
+        }
    }
 }