gbe_fork/cert/sign_helper.bat

103 lines
2.3 KiB
Batchfile
Raw Normal View History

2024-01-01 01:23:12 +08:00
@echo off
setlocal
set /a exit=0
set "file=%~1"
if not defined file (
set /a exit=1
goto :end_script
)
pushd "%~dp0"
set "OPENSSL_CONF=%cd%\openssl.cnf"
2024-06-02 14:28:52 +08:00
set "filename=%random%"
for %%A in ("%file%") do (
set "filename=%random%-%%~nxA"
)
:re_pvt
call :gen_rnd rr
2024-06-02 14:28:52 +08:00
set "pvt_file=%cd%\prvt-%rr%-%filename%.pem"
:: parallel build can generate same rand number
if exist "%pvt_file%" (
goto :re_pvt
)
2024-06-02 14:28:52 +08:00
:re_cer
call :gen_rnd rr
2024-06-02 14:28:52 +08:00
set "cer_file=%cd%\cert-%rr%-%filename%.pem"
:: parallel build can generate same rand number
if exist "%cer_file%" (
goto :re_cer
)
2024-06-02 14:28:52 +08:00
:re_pfx
call :gen_rnd rr
2024-06-02 14:28:52 +08:00
set "pfx_file=%cd%\cfx-%rr%-%filename%.pfx"
:: parallel build can generate same rand number
if exist "%pfx_file%" (
goto :re_pfx
)
2024-01-01 01:23:12 +08:00
set "openssl_exe=%cd%\openssl.exe"
set "signtool_exe=%cd%\signtool.exe"
popd
call "%openssl_exe%" req -newkey rsa:2048 -nodes -keyout "%pvt_file%" -x509 -days 5525 -out "%cer_file%" ^
2024-03-09 00:30:44 +08:00
-subj "/O=GSE/CN=GSE" ^
2024-01-01 01:23:12 +08:00
-addext "extendedKeyUsage=codeSigning" ^
-addext "basicConstraints=critical,CA:true" ^
2024-03-09 00:30:44 +08:00
-addext "subjectAltName=email:GSE,DNS:GSE,DNS:GSE" ^
2024-01-01 01:23:12 +08:00
-addext "keyUsage=digitalSignature,keyEncipherment" ^
-addext "authorityKeyIdentifier=keyid,issuer:always" ^
2024-03-09 00:30:44 +08:00
-addext "crlDistributionPoints=URI:GSE" ^
2024-01-01 01:23:12 +08:00
-addext "subjectKeyIdentifier=hash" ^
-addext "issuerAltName=issuer:copy" ^
2024-03-09 00:30:44 +08:00
-addext "nsComment=GSE" ^
2024-01-01 01:23:12 +08:00
-extensions v3_req
set /a exit+=%errorlevel%
if %exit% neq 0 (
goto :end_script
)
call "%openssl_exe%" pkcs12 -export -out "%pfx_file%" -inkey "%pvt_file%" -in "%cer_file%" -passout pass:
set /a exit+=%errorlevel%
del /f /q "%cer_file%"
del /f /q "%pvt_file%"
if %exit% neq 0 (
goto :end_script
)
2024-03-09 00:30:44 +08:00
call "%signtool_exe%" sign /d "GSE" /fd sha256 /f "%pfx_file%" /p "" "%~1"
2024-01-01 01:23:12 +08:00
set /a exit+=%errorlevel%
if %exit% neq 0 (
goto :end_script
)
del /f /q "%pfx_file%"
:end_script
endlocal
exit /b %exit%
:: when every project is built in parallel '/MP' with Visual Studio,
:: the regular random variable might be the same, causing racing
:: this will waste some time and hopefully generate a different number
:: 1: (ref) out random number
:gen_rnd
setlocal enabledelayedexpansion
2024-06-02 14:28:52 +08:00
for /l %%A in (1, 1, 10) do (
set "_r=!random!"
)
endlocal & (
set "%~1=%random%"
exit /b
)