beenull/sftpgo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

CI: sign windows installer and executable

Browse source
This commit is contained in:
Nicola Murino 2021-11-19 22:44:50 +01:00
parent 46157ebbb6
commit c41319bb7a
No known key found for this signature in database
GPG key ID: 2F1FB59433D5A8CB
4 changed files with 38 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
.github/workflows/development.yml vendored
View file

@ -123,7 +123,7 @@ jobs:
path: output path: output
- name: Prepare Windows installer - name: Prepare Windows installer
if: startsWith(matrix.os, 'windows-') if: ${{ startsWith(matrix.os, 'windows-') && github.event_name != 'pull_request' }}
run: | run: |
Remove-Item -LiteralPath "output" -Force -Recurse -ErrorAction Ignore Remove-Item -LiteralPath "output" -Force -Recurse -ErrorAction Ignore
mkdir output mkdir output
@ -139,10 +139,19 @@ jobs:
$REV_LIST=$LATEST_TAG+"..HEAD" $REV_LIST=$LATEST_TAG+"..HEAD"
$COMMITS_FROM_TAG= ((git rev-list $REV_LIST --count) | Out-String).Trim() $COMMITS_FROM_TAG= ((git rev-list $REV_LIST --count) | Out-String).Trim()
$Env:SFTPGO_ISS_DEV_VERSION = $LATEST_TAG + "." + $COMMITS_FROM_TAG $Env:SFTPGO_ISS_DEV_VERSION = $LATEST_TAG + "." + $COMMITS_FROM_TAG
iscc windows-installer\sftpgo.iss $CERT_PATH=(Get-Location -PSProvider FileSystem).ProviderPath + "\cert.pfx"
[IO.File]::WriteAllBytes($CERT_PATH,[System.Convert]::FromBase64String($Env:CERT_DATA))
certutil -f -p "$Env:CERT_PASS" -importpfx MY "$CERT_PATH"
rm "$CERT_PATH"
$INNO_S='/Ssigntool=$qC:/Program Files (x86)/Windows Kits/10/bin/10.0.17763.0/x86/signtool.exe$q sign /sm /tr http://timestamp.sectigo.com /td sha256 /fd sha256 /n $qNicola Murino$q /d $qSFTPGo$q $f'
iscc "$INNO_S" windows-installer\sftpgo.iss
certutil -delstore MY "Nicola Murino"
env:
CERT_DATA: ${{ secrets.CERT_DATA }}
CERT_PASS: ${{ secrets.CERT_PASS }}
- name: Upload Windows installer artifact - name: Upload Windows installer artifact
if: startsWith(matrix.os, 'windows-') if: ${{ startsWith(matrix.os, 'windows-') && github.event_name != 'pull_request' }}
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2
with: with:
name: sftpgo_windows_installer_x86_64 name: sftpgo_windows_installer_x86_64

35
.github/workflows/release.yml vendored
View file

@ -5,7 +5,7 @@ on:
tags: 'v*' tags: 'v*'
env: env:
GO_VERSION: 1.17.1 GO_VERSION: 1.17.3
jobs: jobs:
prepare-sources-with-deps: prepare-sources-with-deps:
@ -51,6 +51,11 @@ jobs:
with: with:
go-version: ${{ env.GO_VERSION }} go-version: ${{ env.GO_VERSION }}
- name: Get SFTPGo version
id: get_version
run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\//}
shell: bash
- name: Build for macOS x86_64 - name: Build for macOS x86_64
if: startsWith(matrix.os, 'windows-') != true if: startsWith(matrix.os, 'windows-') != true
run: go build -trimpath -ldflags "-s -w -X github.com/drakkan/sftpgo/v2/version.commit=`git describe --always --dirty` -X github.com/drakkan/sftpgo/v2/version.date=`date -u +%FT%TZ`" -o sftpgo run: go build -trimpath -ldflags "-s -w -X github.com/drakkan/sftpgo/v2/version.commit=`git describe --always --dirty` -X github.com/drakkan/sftpgo/v2/version.date=`date -u +%FT%TZ`" -o sftpgo
@ -75,11 +80,6 @@ jobs:
run: ./sftpgo initprovider run: ./sftpgo initprovider
shell: bash shell: bash
- name: Get SFTPGo version
id: get_version
run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\//}
shell: bash
- name: Get OS name - name: Get OS name
id: get_os_name id: get_os_name
run: | run: |
@ -134,14 +134,13 @@ jobs:
xcopy .\templates .\output\templates\ /E xcopy .\templates .\output\templates\ /E
mkdir output\static mkdir output\static
xcopy .\static .\output\static\ /E xcopy .\static .\output\static\ /E
iscc windows-installer\sftpgo.iss $CERT_PATH=(Get-Location -PSProvider FileSystem).ProviderPath + "\cert.pfx"
env: [IO.File]::WriteAllBytes($CERT_PATH,[System.Convert]::FromBase64String($Env:CERT_DATA))
SFTPGO_ISS_VERSION: ${{ steps.get_version.outputs.VERSION }} certutil -f -p "$Env:CERT_PASS" -importpfx MY "$CERT_PATH"
SFTPGO_ISS_DOC_URL: https://github.com/drakkan/sftpgo/blob/${{ steps.get_version.outputs.VERSION }}/README.md rm "$CERT_PATH"
$INNO_S='/Ssigntool=$qC:/Program Files (x86)/Windows Kits/10/bin/10.0.17763.0/x86/signtool.exe$q sign /sm /tr http://timestamp.sectigo.com /td sha256 /fd sha256 /n $qNicola Murino$q /d $qSFTPGo$q $f'
iscc "$INNO_S" windows-installer\sftpgo.iss
- name: Prepare Portable Release for Windows
if: startsWith(matrix.os, 'windows-')
run: |
mkdir win-portable mkdir win-portable
copy .\sftpgo.exe .\win-portable copy .\sftpgo.exe .\win-portable
copy .\sftpgo.json .\win-portable copy .\sftpgo.json .\win-portable
@ -151,10 +150,16 @@ jobs:
xcopy .\templates .\win-portable\templates\ /E xcopy .\templates .\win-portable\templates\ /E
mkdir win-portable\static mkdir win-portable\static
xcopy .\static .\win-portable\static\ /E xcopy .\static .\win-portable\static\ /E
& 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.17763.0/x86/signtool.exe' sign /sm /tr http://timestamp.sectigo.com /td sha256 /fd sha256 /n "Nicola Murino" /d "SFTPGo" .\win-portable\sftpgo.exe
Compress-Archive .\win-portable\* sftpgo_portable_x86_64.zip Compress-Archive .\win-portable\* sftpgo_portable_x86_64.zip
& 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.17763.0/x86/signtool.exe' sign /sm /tr http://timestamp.sectigo.com /td sha256 /fd sha256 /n "Nicola Murino" /d "SFTPGo Portable" sftpgo_portable_x86_64.zip
certutil -delstore MY "Nicola Murino"
env: env:
SFTPGO_VERSION: ${{ steps.get_version.outputs.VERSION }} SFTPGO_ISS_VERSION: ${{ steps.get_version.outputs.VERSION }}
OS: ${{ steps.get_os_name.outputs.OS }} SFTPGO_ISS_DOC_URL: https://github.com/drakkan/sftpgo/blob/${{ steps.get_version.outputs.VERSION }}/README.md
CERT_DATA: ${{ secrets.CERT_DATA }}
CERT_PASS: ${{ secrets.CERT_PASS }}
- name: Upload macOS x86_64 artifact - name: Upload macOS x86_64 artifact
if: startsWith(matrix.os, 'macos-') if: startsWith(matrix.os, 'macos-')

6
util/util.go
View file

@ -554,10 +554,10 @@ func GetSSHPublicKeyAsString(pubKey []byte) (string, error) {
func GetRealIP(r *http.Request) string { func GetRealIP(r *http.Request) string {
var ip string var ip string
if xrip := r.Header.Get(xRealIP); xrip != "" { if clientIP := r.Header.Get(trueClientIP); clientIP != "" {
ip = xrip
} else if clientIP := r.Header.Get(trueClientIP); clientIP != "" {
ip = clientIP ip = clientIP
} else if xrip := r.Header.Get(xRealIP); xrip != "" {
ip = xrip
} else if clientIP := r.Header.Get(cfConnectingIP); clientIP != "" { } else if clientIP := r.Header.Get(cfConnectingIP); clientIP != "" {
ip = clientIP ip = clientIP
} else if xff := r.Header.Get(xForwardedFor); xff != "" { } else if xff := r.Header.Get(xForwardedFor); xff != "" {

4
windows-installer/sftpgo.iss
View file

@ -39,12 +39,14 @@ ArchitecturesAllowed=x64
MinVersion=6.1sp1 MinVersion=6.1sp1
VersionInfoVersion={#MyVersionInfo} VersionInfoVersion={#MyVersionInfo}
VersionInfoCopyright=AGPL-3.0 VersionInfoCopyright=AGPL-3.0
SignTool=signtool
SignedUninstaller=yes
[Languages] [Languages]
Name: "english"; MessagesFile: "compiler:Default.isl" Name: "english"; MessagesFile: "compiler:Default.isl"
[Files] [Files]
Source: "{#MyAppDir}\sftpgo.exe"; DestDir: "{app}"; Flags: ignoreversion Source: "{#MyAppDir}\sftpgo.exe"; DestDir: "{app}"; Flags: ignoreversion signonce
Source: "{#MyAppDir}\sftpgo.db"; DestDir: "{commonappdata}\{#MyAppName}"; Flags: onlyifdoesntexist uninsneveruninstall Source: "{#MyAppDir}\sftpgo.db"; DestDir: "{commonappdata}\{#MyAppName}"; Flags: onlyifdoesntexist uninsneveruninstall
Source: "{#MyAppDir}\LICENSE.txt"; DestDir: "{app}"; Flags: ignoreversion Source: "{#MyAppDir}\LICENSE.txt"; DestDir: "{app}"; Flags: ignoreversion
Source: "{#MyAppDir}\sftpgo.json"; DestDir: "{commonappdata}\{#MyAppName}"; Flags: onlyifdoesntexist uninsneveruninstall Source: "{#MyAppDir}\sftpgo.json"; DestDir: "{commonappdata}\{#MyAppName}"; Flags: onlyifdoesntexist uninsneveruninstall