2024-01-01 01:23:12 +08:00
|
|
|
@echo off
|
|
|
|
|
|
|
|
setlocal
|
|
|
|
|
|
|
|
set /a exit=0
|
|
|
|
|
|
|
|
set "file=%~1"
|
|
|
|
if not defined file (
|
|
|
|
set /a exit=1
|
|
|
|
goto :end_script
|
|
|
|
)
|
|
|
|
|
|
|
|
pushd "%~dp0"
|
|
|
|
set "OPENSSL_CONF=%cd%\openssl.cnf"
|
|
|
|
|
2024-06-02 14:28:52 +08:00
|
|
|
set "filename=%random%"
|
|
|
|
for %%A in ("%file%") do (
|
|
|
|
set "filename=%random%-%%~nxA"
|
|
|
|
)
|
|
|
|
|
|
|
|
:re_pvt
|
2024-05-22 03:53:38 +08:00
|
|
|
call :gen_rnd rr
|
2024-06-02 14:28:52 +08:00
|
|
|
set "pvt_file=%cd%\prvt-%rr%-%filename%.pem"
|
|
|
|
:: parallel build can generate same rand number
|
|
|
|
if exist "%pvt_file%" (
|
|
|
|
goto :re_pvt
|
|
|
|
)
|
2024-05-22 03:53:38 +08:00
|
|
|
|
2024-06-02 14:28:52 +08:00
|
|
|
:re_cer
|
2024-05-22 03:53:38 +08:00
|
|
|
call :gen_rnd rr
|
2024-06-02 14:28:52 +08:00
|
|
|
set "cer_file=%cd%\cert-%rr%-%filename%.pem"
|
|
|
|
:: parallel build can generate same rand number
|
|
|
|
if exist "%cer_file%" (
|
|
|
|
goto :re_cer
|
|
|
|
)
|
2024-05-22 03:53:38 +08:00
|
|
|
|
2024-06-02 14:28:52 +08:00
|
|
|
:re_pfx
|
2024-05-22 03:53:38 +08:00
|
|
|
call :gen_rnd rr
|
2024-06-02 14:28:52 +08:00
|
|
|
set "pfx_file=%cd%\cfx-%rr%-%filename%.pfx"
|
|
|
|
:: parallel build can generate same rand number
|
|
|
|
if exist "%pfx_file%" (
|
|
|
|
goto :re_pfx
|
|
|
|
)
|
2024-01-01 01:23:12 +08:00
|
|
|
|
|
|
|
set "openssl_exe=%cd%\openssl.exe"
|
|
|
|
set "signtool_exe=%cd%\signtool.exe"
|
|
|
|
|
|
|
|
popd
|
|
|
|
|
|
|
|
call "%openssl_exe%" req -newkey rsa:2048 -nodes -keyout "%pvt_file%" -x509 -days 5525 -out "%cer_file%" ^
|
2024-03-09 00:30:44 +08:00
|
|
|
-subj "/O=GSE/CN=GSE" ^
|
2024-01-01 01:23:12 +08:00
|
|
|
-addext "extendedKeyUsage=codeSigning" ^
|
|
|
|
-addext "basicConstraints=critical,CA:true" ^
|
2024-03-09 00:30:44 +08:00
|
|
|
-addext "subjectAltName=email:GSE,DNS:GSE,DNS:GSE" ^
|
2024-01-01 01:23:12 +08:00
|
|
|
-addext "keyUsage=digitalSignature,keyEncipherment" ^
|
|
|
|
-addext "authorityKeyIdentifier=keyid,issuer:always" ^
|
2024-03-09 00:30:44 +08:00
|
|
|
-addext "crlDistributionPoints=URI:GSE" ^
|
2024-01-01 01:23:12 +08:00
|
|
|
-addext "subjectKeyIdentifier=hash" ^
|
|
|
|
-addext "issuerAltName=issuer:copy" ^
|
2024-03-09 00:30:44 +08:00
|
|
|
-addext "nsComment=GSE" ^
|
2024-01-01 01:23:12 +08:00
|
|
|
-extensions v3_req
|
|
|
|
set /a exit+=%errorlevel%
|
|
|
|
if %exit% neq 0 (
|
|
|
|
goto :end_script
|
|
|
|
)
|
|
|
|
|
|
|
|
call "%openssl_exe%" pkcs12 -export -out "%pfx_file%" -inkey "%pvt_file%" -in "%cer_file%" -passout pass:
|
|
|
|
set /a exit+=%errorlevel%
|
|
|
|
|
|
|
|
del /f /q "%cer_file%"
|
|
|
|
del /f /q "%pvt_file%"
|
|
|
|
|
2024-05-22 03:53:38 +08:00
|
|
|
if %exit% neq 0 (
|
|
|
|
goto :end_script
|
|
|
|
)
|
|
|
|
|
2024-03-09 00:30:44 +08:00
|
|
|
call "%signtool_exe%" sign /d "GSE" /fd sha256 /f "%pfx_file%" /p "" "%~1"
|
2024-01-01 01:23:12 +08:00
|
|
|
set /a exit+=%errorlevel%
|
|
|
|
if %exit% neq 0 (
|
|
|
|
goto :end_script
|
|
|
|
)
|
|
|
|
|
|
|
|
del /f /q "%pfx_file%"
|
|
|
|
|
|
|
|
:end_script
|
|
|
|
endlocal
|
|
|
|
exit /b %exit%
|
2024-05-22 03:53:38 +08:00
|
|
|
|
|
|
|
|
|
|
|
:: when every project is built in parallel '/MP' with Visual Studio,
|
|
|
|
:: the regular random variable might be the same, causing racing
|
|
|
|
:: this will waste some time and hopefully generate a different number
|
|
|
|
:: 1: (ref) out random number
|
|
|
|
:gen_rnd
|
|
|
|
setlocal enabledelayedexpansion
|
2024-06-02 14:28:52 +08:00
|
|
|
for /l %%A in (1, 1, 10) do (
|
2024-05-22 03:53:38 +08:00
|
|
|
set "_r=!random!"
|
|
|
|
)
|
|
|
|
endlocal & (
|
|
|
|
set "%~1=%random%"
|
|
|
|
exit /b
|
|
|
|
)
|