From 1dfe9e718b0de30ed1c80d7f123cb742839e26bd Mon Sep 17 00:00:00 2001 From: Vladimir Dubrovin <3proxy@3proxy.ru> Date: Wed, 3 Jun 2026 11:00:47 +0300 Subject: [PATCH] Sign DLLs --- .github/workflows/build-win32.yml | 5 +++-- .github/workflows/build-win64.yml | 5 +++-- .github/workflows/build-winarm64.yml | 5 +++-- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build-win32.yml b/.github/workflows/build-win32.yml index 22ad121..ee9f54e 100644 --- a/.github/workflows/build-win32.yml +++ b/.github/workflows/build-win32.yml @@ -56,10 +56,11 @@ jobs: [System.IO.File]::WriteAllBytes("${{ github.workspace }}\3proxy.crt", $cert.Export("Cert")) - name: Sign shell: pwsh + env: + CERT_PASSWORD: ${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }} run: | $signtool = (Get-ChildItem "C:\Program Files (x86)\Windows Kits\10\bin\*\x64\signtool.exe" | Sort-Object { [version]$_.Directory.Parent.Name } -Descending | Select-Object -First 1).FullName - & $signtool sign /f "${{ github.workspace }}\cert.pfx" /p "${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}" /tr http://timestamp.digicert.com /td sha256 /fd sha256 "bin\3proxy.exe" - & $signtool sign /f "${{ github.workspace }}\cert.pfx" /p "${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}" /tr http://timestamp.digicert.com /td sha256 /fd sha256 "bin\3proxy_crypt.exe" + Get-ChildItem bin\*.exe, bin\*.dll | ForEach-Object { & $signtool sign /f "${{ github.workspace }}\cert.pfx" /p "$env:CERT_PASSWORD" /tr http://timestamp.digicert.com /td sha256 /fd sha256 $_.FullName } - name: make dist dir shell: cmd run: | diff --git a/.github/workflows/build-win64.yml b/.github/workflows/build-win64.yml index 84ee682..c75769f 100644 --- a/.github/workflows/build-win64.yml +++ b/.github/workflows/build-win64.yml @@ -57,10 +57,11 @@ jobs: [System.IO.File]::WriteAllBytes("${{ github.workspace }}\3proxy.crt", $cert.Export("Cert")) - name: Sign shell: pwsh + env: + CERT_PASSWORD: ${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }} run: | $signtool = (Get-ChildItem "C:\Program Files (x86)\Windows Kits\10\bin\*\x64\signtool.exe" | Sort-Object { [version]$_.Directory.Parent.Name } -Descending | Select-Object -First 1).FullName - & $signtool sign /f "${{ github.workspace }}\cert.pfx" /p "${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}" /tr http://timestamp.digicert.com /td sha256 /fd sha256 "bin\3proxy.exe" - & $signtool sign /f "${{ github.workspace }}\cert.pfx" /p "${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}" /tr http://timestamp.digicert.com /td sha256 /fd sha256 "bin\3proxy_crypt.exe" + Get-ChildItem bin\*.exe, bin\*.dll | ForEach-Object { & $signtool sign /f "${{ github.workspace }}\cert.pfx" /p "$env:CERT_PASSWORD" /tr http://timestamp.digicert.com /td sha256 /fd sha256 $_.FullName } - name: make dist dir shell: cmd run: | diff --git a/.github/workflows/build-winarm64.yml b/.github/workflows/build-winarm64.yml index e5a940d..e163c09 100644 --- a/.github/workflows/build-winarm64.yml +++ b/.github/workflows/build-winarm64.yml @@ -56,10 +56,11 @@ jobs: [System.IO.File]::WriteAllBytes("${{ github.workspace }}\3proxy.crt", $cert.Export("Cert")) - name: Sign shell: pwsh + env: + CERT_PASSWORD: ${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }} run: | $signtool = (Get-ChildItem "C:\Program Files (x86)\Windows Kits\10\bin\*\x64\signtool.exe" | Sort-Object { [version]$_.Directory.Parent.Name } -Descending | Select-Object -First 1).FullName - & $signtool sign /f "${{ github.workspace }}\cert.pfx" /p "${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}" /tr http://timestamp.digicert.com /td sha256 /fd sha256 "bin\3proxy.exe" - & $signtool sign /f "${{ github.workspace }}\cert.pfx" /p "${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}" /tr http://timestamp.digicert.com /td sha256 /fd sha256 "bin\3proxy_crypt.exe" + Get-ChildItem bin\*.exe, bin\*.dll | ForEach-Object { & $signtool sign /f "${{ github.workspace }}\cert.pfx" /p "$env:CERT_PASSWORD" /tr http://timestamp.digicert.com /td sha256 /fd sha256 $_.FullName } - name: make dist dir shell: cmd run: |