Update code signing to support sign with identity on Windows

2025-04-14 22:47:40 +02:00
parent cfc90d1ddf
commit b25881d55e
2 changed files with 25 additions and 8 deletions
--- a/Source/Tools/Flax.Build/Deploy/Deployer.cs
+++ b/Source/Tools/Flax.Build/Deploy/Deployer.cs
@@ -36,15 +36,15 @@ namespace Flax.Build
        public static bool DeployPlatforms;

        /// <summary>
-        /// Certificate file path for binaries signing. Or sign identity for Apple platforms.
+        /// Certificate file path or signer identity for binaries code signing.
        /// </summary>
-        [CommandLine("deployCert", "Certificate file path for binaries signing. Or sign identity for Apple platforms.")]
+        [CommandLine("deployCert", "Certificate file path or signer identity for binaries code signing.")]
        public static string DeployCert;

        /// <summary>
-        /// Certificate file password for binaries signing.
+        /// Certificate password for binaries code signing.
        /// </summary>
-        [CommandLine("deployCertPass", "Certificate file password for binaries signing.")]
+        [CommandLine("deployCertPass", "Certificate password for binaries code signing.")]
        public static string DeployCertPass;

        /// <summary>
--- a/Source/Tools/Flax.Build/Deploy/VCEnvironment.cs
+++ b/Source/Tools/Flax.Build/Deploy/VCEnvironment.cs
@@ -278,12 +278,14 @@ namespace Flax.Deploy
            Utilities.Run(msBuild, cmdLine);
        }

-        internal static void CodeSign(string file, string certificatePath, string certificatePass)
+        internal static void CodeSign(string file, string certificate, string password)
        {
            if (!File.Exists(file))
                throw new FileNotFoundException("Missing file to sign.", file);
-            if (!File.Exists(certificatePath))
-                throw new FileNotFoundException("Missing certificate to sign with.", certificatePath);
+            if (string.IsNullOrEmpty(certificate))
+                throw new Exception("Missing certificate to sign.");
+
+            // Get path to signtool
            var sdks = WindowsPlatformBase.GetSDKs();
            if (sdks.Count == 0)
                throw new Exception("No Windows SDK found. Cannot sign file.");
@@ -306,7 +308,22 @@ namespace Flax.Deploy
                    // Ignore version formatting exception
                }
            }
-            var cmdLine = string.Format("sign /debug /f \"{0}\" /p \"{1}\" /tr http://timestamp.comodoca.com /td sha256 /fd sha256 \"{2}\"", certificatePath, certificatePass, file);
+
+            // Sign code
+            string cmdLine;
+            var time = "/tr http://time.certum.pl /td sha256";
+            if (File.Exists(certificate))
+            {
+                // Sign with certificate from file
+                cmdLine = $"sign /debug /f \"{certificate}\" {time} /fd sha256 \"{file}\"";
+                if (!string.IsNullOrEmpty(password))
+                    cmdLine += $" /p \"{password}\"";
+            }
+            else
+            {
+                // Sign with identity
+                cmdLine = $"sign /debug /n \"{certificate}\" {time} /fd sha256 /v \"{file}\"";
+            }
            Utilities.Run(signtool, cmdLine, null, null, Utilities.RunOptions.Default | Utilities.RunOptions.ThrowExceptionOnError);
        }
    }