Index: trunk/native/macosx/macos-jpackage.sh =================================================================== --- trunk/native/macosx/macos-jpackage.sh (revision 18145) +++ trunk/native/macosx/macos-jpackage.sh (revision 18146) @@ -7,5 +7,5 @@ # CERT_MACOS_PW Password for that certificate -set -Eeou pipefail +set -Eeo pipefail # Don't show one time passwords @@ -28,5 +28,5 @@ then echo "CERT_MACOS_P12, CERT_MACOS_PW and APPLE_ID_PW are not set in the environment." - echo "I will create a JOSM.app but I won't attempt to sign and notarize it." + echo "A JOSM.app will be created but not signed nor notarized." SIGNAPP=false else @@ -49,4 +49,6 @@ fi +set -u + if $SIGNAPP; then JPACKAGEOPTIONS="--mac-sign --mac-signing-keychain $KEYCHAINPATH" @@ -56,5 +58,5 @@ echo "Building and signing app" - jpackage $JPACKAGEOPTIONS -n "JOSM" --input dist --main-jar josm-custom.jar \ +jpackage $JPACKAGEOPTIONS -n "JOSM" --input dist --main-jar josm-custom.jar \ --main-class org.openstreetmap.josm.gui.MainApplication \ --icon ./native/macosx/JOSM.icns --type app-image --dest app \ Index: trunk/native/windows/win-jpackage.sh =================================================================== --- trunk/native/windows/win-jpackage.sh (revision 18145) +++ trunk/native/windows/win-jpackage.sh (revision 18146) @@ -1,5 +1,11 @@ #!/bin/bash -set -Eeou pipefail +## Expected environment, passed from GitHub secrets: +# https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets +# SIGN_CERT PKCS12 certificate keystore used for code signing, base64 encoded +# SIGN_STOREPASS Password for that keystore +# SIGN_TSA URL of Time Stamping Authority to use + +set -Eeo pipefail # Don't show one time passwords @@ -16,8 +22,19 @@ mkdir app +if [ -z "$SIGN_CERT" ] || [ -z "$SIGN_STOREPASS" ] || [ -z "$SIGN_TSA" ] +then + echo "SIGN_CERT, SIGN_STOREPASS and SIGN_TSA are not set in the environment." + echo "A JOSM.msi will be created but not signed." + SIGNAPP=false +else + SIGNAPP=true +fi + +set -u + JPACKAGEOPTIONS="" -echo "Building app" - jpackage $JPACKAGEOPTIONS -n "JOSM" --input dist --main-jar josm-custom.jar \ +echo "Building MSI" +jpackage $JPACKAGEOPTIONS -n "JOSM" --input dist --main-jar josm-custom.jar \ --main-class org.openstreetmap.josm.gui.MainApplication \ --icon ./native/windows/logo.ico --type msi --dest app \ @@ -48,2 +65,9 @@ echo "Building done." + +if $SIGNAPP; then + CERTIFICATE_P12=certificate.p12 + echo "$SIGN_CERT" | base64 --decode > $CERTIFICATE_P12 + signtool sign //f $CERTIFICATE_P12 //d "Java OpenStreetMap Editor" //du "https://josm.openstreetmap.de" //p "$SIGN_STOREPASS" //v //fd SHA256 //tr "$SIGN_TSA" //td SHA256 "app/JOSM.msi" + rm $CERTIFICATE_P12 +fi