Sign DLLs

Add public cert to build
2026-06-13 11:00:11 +08:00 · 2026-06-03 11:00:47 +03:00 · 2026-06-03 10:34:38 +03:00
3 changed files with 33 additions and 6 deletions
--- a/.github/workflows/build-win32.yml
+++ b/.github/workflows/build-win32.yml
@ -47,12 +47,20 @@ jobs:
      run: |
       $pfx_cert_byte = [System.Convert]::FromBase64String("${{ secrets.WINDOWS_CERTIFICATE }}")
       [System.IO.File]::WriteAllBytes("${{ github.workspace }}\cert.pfx", $pfx_cert_byte)
+    - name: Extract public certificate
+      shell: pwsh
+      env:
+       CERT_PASSWORD: ${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}
+      run: |
+       $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("${{ github.workspace }}\cert.pfx", "$env:CERT_PASSWORD")
+       [System.IO.File]::WriteAllBytes("${{ github.workspace }}\3proxy.crt", $cert.Export("Cert"))
    - name: Sign
      shell: pwsh
+      env:
+       CERT_PASSWORD: ${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}
      run: |
       $signtool = (Get-ChildItem "C:\Program Files (x86)\Windows Kits\10\bin\*\x64\signtool.exe" | Sort-Object { [version]$_.Directory.Parent.Name } -Descending | Select-Object -First 1).FullName
-       & $signtool sign /f "${{ github.workspace }}\cert.pfx" /p "${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}" /tr http://timestamp.digicert.com /td sha256 /fd sha256 "bin\3proxy.exe"
-       & $signtool sign /f "${{ github.workspace }}\cert.pfx" /p "${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}" /tr http://timestamp.digicert.com /td sha256 /fd sha256 "bin\3proxy_crypt.exe"
+       Get-ChildItem bin\*.exe, bin\*.dll | ForEach-Object { & $signtool sign /f "${{ github.workspace }}\cert.pfx" /p "$env:CERT_PASSWORD" /tr http://timestamp.digicert.com /td sha256 /fd sha256 $_.FullName }
    - name: make dist dir
      shell: cmd
      run: |
@ -83,6 +91,7 @@ jobs:
       copy authors dist\3proxy\
       copy README.md dist\3proxy\
       copy rus.3ps dist\3proxy\
+       copy 3proxy.crt dist\3proxy\
    - name: Get artifact
      uses: actions/upload-artifact@v7
      with:
--- a/.github/workflows/build-win64.yml
+++ b/.github/workflows/build-win64.yml
@ -48,12 +48,20 @@ jobs:
      run: |
       $pfx_cert_byte = [System.Convert]::FromBase64String("${{ secrets.WINDOWS_CERTIFICATE }}")
       [System.IO.File]::WriteAllBytes("${{ github.workspace }}\cert.pfx", $pfx_cert_byte)
+    - name: Extract public certificate
+      shell: pwsh
+      env:
+       CERT_PASSWORD: ${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}
+      run: |
+       $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("${{ github.workspace }}\cert.pfx", "$env:CERT_PASSWORD")
+       [System.IO.File]::WriteAllBytes("${{ github.workspace }}\3proxy.crt", $cert.Export("Cert"))
    - name: Sign
      shell: pwsh
+      env:
+       CERT_PASSWORD: ${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}
      run: |
       $signtool = (Get-ChildItem "C:\Program Files (x86)\Windows Kits\10\bin\*\x64\signtool.exe" | Sort-Object { [version]$_.Directory.Parent.Name } -Descending | Select-Object -First 1).FullName
-       & $signtool sign /f "${{ github.workspace }}\cert.pfx" /p "${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}" /tr http://timestamp.digicert.com /td sha256 /fd sha256 "bin\3proxy.exe"
-       & $signtool sign /f "${{ github.workspace }}\cert.pfx" /p "${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}" /tr http://timestamp.digicert.com /td sha256 /fd sha256 "bin\3proxy_crypt.exe"
+       Get-ChildItem bin\*.exe, bin\*.dll | ForEach-Object { & $signtool sign /f "${{ github.workspace }}\cert.pfx" /p "$env:CERT_PASSWORD" /tr http://timestamp.digicert.com /td sha256 /fd sha256 $_.FullName }
    - name: make dist dir
      shell: cmd
      run: |
@ -84,6 +92,7 @@ jobs:
       copy authors dist\3proxy\
       copy README.md dist\3proxy\
       copy rus.3ps dist\3proxy\
+       copy 3proxy.crt dist\3proxy\
    - name: Get artifact
      uses: actions/upload-artifact@v7
      with:
--- a/.github/workflows/build-winarm64.yml
+++ b/.github/workflows/build-winarm64.yml
@ -47,12 +47,20 @@ jobs:
      run: |
       $pfx_cert_byte = [System.Convert]::FromBase64String("${{ secrets.WINDOWS_CERTIFICATE }}")
       [System.IO.File]::WriteAllBytes("${{ github.workspace }}\cert.pfx", $pfx_cert_byte)
+    - name: Extract public certificate
+      shell: pwsh
+      env:
+       CERT_PASSWORD: ${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}
+      run: |
+       $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("${{ github.workspace }}\cert.pfx", "$env:CERT_PASSWORD")
+       [System.IO.File]::WriteAllBytes("${{ github.workspace }}\3proxy.crt", $cert.Export("Cert"))
    - name: Sign
      shell: pwsh
+      env:
+       CERT_PASSWORD: ${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}
      run: |
       $signtool = (Get-ChildItem "C:\Program Files (x86)\Windows Kits\10\bin\*\x64\signtool.exe" | Sort-Object { [version]$_.Directory.Parent.Name } -Descending | Select-Object -First 1).FullName
-       & $signtool sign /f "${{ github.workspace }}\cert.pfx" /p "${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}" /tr http://timestamp.digicert.com /td sha256 /fd sha256 "bin\3proxy.exe"
-       & $signtool sign /f "${{ github.workspace }}\cert.pfx" /p "${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}" /tr http://timestamp.digicert.com /td sha256 /fd sha256 "bin\3proxy_crypt.exe"
+       Get-ChildItem bin\*.exe, bin\*.dll | ForEach-Object { & $signtool sign /f "${{ github.workspace }}\cert.pfx" /p "$env:CERT_PASSWORD" /tr http://timestamp.digicert.com /td sha256 /fd sha256 $_.FullName }
    - name: make dist dir
      shell: cmd
      run: |
@ -83,6 +91,7 @@ jobs:
       copy authors dist\3proxy\
       copy README.md dist\3proxy\
       copy rus.3ps dist\3proxy\
+       copy 3proxy.crt dist\3proxy\
    - name: Get artifact
      uses: actions/upload-artifact@v7
      with:
Author	SHA1	Message	Date
Vladimir Dubrovin	1dfe9e718b	Sign DLLs	2026-06-03 11:00:47 +03:00
Vladimir Dubrovin	84879cc0ba	Add public cert to build	2026-06-03 10:34:38 +03:00