diff --git a/appveyor.yml b/appveyor.yml index c2beb58a80..4ec9361b08 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -1,12 +1,27 @@ version: 0.0.4.{build} -os: Previous Visual Studio 2015 +os: Visual Studio 2015 +environment: + ENCKEY: + secure: saYAIpqXzpq0U+JH+MNi/isRQ6Y51PZhm4BrnePDiAPptFO5htxFOLegrYqxdy67 + CODE-SIGN-KEY-OPENRCT2.ORG.PFX.PASSWORD: + secure: bzYmf0ElxisSGyZnIjUOYQ== +install: +- nuget install secure-file -ExcludeVersion +- secure-file\tools\secure-file -decrypt distribution\windows\code-sign-key-openrct2.org.pfx.enc -secret %enckey% +- cinst nsis.portable -pre +- ps: >- + curl "http://nsis.sourceforge.net/mediawiki/images/5/53/KillProcDll%26FindProcDll.zip" -OutFile nsisxtra.zip + + 7z x nsisxtra.zip + + cp FindProcDLL.dll "C:\ProgramData\chocolatey\lib\nsis.portable\tools\nsis-3.0b1\Plugins\x86-ansi" build_script: - ps: >- .\setenv.ps1 - install - - publish -Server AppVeyor -BuildNumber $env:APPVEYOR_BUILD_NUMBER -GitBranch $env:APPVEYOR_REPO_BRANCH + appveyor_run artifacts: - path: .\artifacts\openrct2.zip - name: OpenRCT2 + name: OpenRCT2-portable +- path: .\artifacts\*.exe + name: OpenRCT2-installer diff --git a/distribution/windows/build.ps1 b/distribution/windows/build.ps1 index 21d0d383e5..2dd5770727 100644 --- a/distribution/windows/build.ps1 +++ b/distribution/windows/build.ps1 @@ -1,9 +1,11 @@ param ( [Parameter(Position = 1)] - [string]$BuildNumber = "", - [string]$GitBranch = "" + [string]$VersionExtra = "" ) $path = Split-Path $Script:MyInvocation.MyCommand.Path Write-Host "Building Windows Installer (NSIS script)"; -makensis /DAPPV_BUILD=$BuildNumber /DAPPV_EXTRA=-$GitBranch-b$BuildNumber /DVERSION_INCLUDE=$path\win32.txt $path\install.nsi > $path\win32.log; +Write-Host " $VersionExtra"; +makensis /DAPPV_EXTRA=-$VersionExtra ` + /DVERSION_INCLUDE=$path\win32.txt ` + $path\install.nsi > $path\win32.log; diff --git a/distribution/windows/code-sign-key-openrct2.org.pfx.enc b/distribution/windows/code-sign-key-openrct2.org.pfx.enc new file mode 100644 index 0000000000..99f16381c5 Binary files /dev/null and b/distribution/windows/code-sign-key-openrct2.org.pfx.enc differ diff --git a/scripts/ps/appveyor_run.ps1 b/scripts/ps/appveyor_run.ps1 new file mode 100644 index 0000000000..97724a7197 --- /dev/null +++ b/scripts/ps/appveyor_run.ps1 @@ -0,0 +1,32 @@ +######################################################### +# Script to build OpenRCT2 on AppVeyor +######################################################### + +# Install dependencies +install -Quiet + +# Build OpenRCT2 +publish build ` + -Server AppVeyor ` + -BuildNumber $env:APPVEYOR_BUILD_NUMBER ` + -GitBranch $env:APPVEYOR_REPO_BRANCH ` + -CodeSign + +if ($LASTEXITCODE -ne 0) +{ + exit 1 +} + +# Create a Portable ZIP +publish package ` + -Server AppVeyor ` + -BuildNumber $env:APPVEYOR_BUILD_NUMBER ` + -GitBranch $env:APPVEYOR_REPO_BRANCH + +# Create an Installer +publish package ` + -Installer ` + -Server AppVeyor ` + -BuildNumber $env:APPVEYOR_BUILD_NUMBER ` + -GitBranch $env:APPVEYOR_REPO_BRANCH ` + -CodeSign diff --git a/scripts/ps/publish.ps1 b/scripts/ps/publish.ps1 index 4e83208408..ce77846642 100644 --- a/scripts/ps/publish.ps1 +++ b/scripts/ps/publish.ps1 @@ -11,7 +11,8 @@ param ( [string]$Server = "", [string]$BuildNumber = "", [string]$GitBranch = "", - [switch]$Installer = $false + [switch]$Installer = $false, + [switch]$CodeSign = $false ) # Setup @@ -59,7 +60,23 @@ function Do-Build() { Write-Host "Building OpenRCT2..." -ForegroundColor Cyan & "$scriptsPath\build.ps1" all -Rebuild - return $LASTEXITCODE + if ($LASTEXITCODE -ne 0) + { + Write-Host "Failed to build OpenRCT2" -ForegroundColor Red + return 1 + } + + if ($CodeSign) + { + $releaseDir = "$rootPath\bin" + $exePath = "$releaseDir\openrct2.exe" + $dllPath = "$releaseDir\openrct2.dll" + + if (-not (Sign-Binary($exePath))) { return 1 } + if (-not (Sign-Binary($dllPath))) { return 1 } + } + + return 0 } # Package @@ -121,7 +138,9 @@ function Do-Installer() New-Item -Force -ItemType Directory $artifactsDir > $null # Create installer - & "$installerDir\build.ps1" -BuildNumber $BuildNumber -GitBranch $GitBranch + $GitCommitSha1Short = (git rev-parse --short HEAD) + $VersionExtra = "$GitBranch-$GitCommitSha1Short" + & "$installerDir\build.ps1" -VersionExtra $VersionExtra if ($LASTEXITCODE -ne 0) { Write-Host "Failed to create installer." -ForegroundColor Red @@ -139,7 +158,14 @@ function Do-Installer() return 1 } - Move-Item $binaries[0].FullName $artifactsDir + $installerPath = $binaries[0].FullName + + if ($CodeSign) + { + if (-not (Sign-Binary($installerPath))) { return 1 } + } + + Move-Item -Force $installerPath $artifactsDir return 0 } @@ -170,6 +196,47 @@ function Do-Task-All() return 0 } +function Sign-Binary($binaryPath) +{ + $pfxPath = "$rootPath\distribution\windows\code-sign-key-openrct2.org.pfx" + $pfxPassword = ${env:CODE-SIGN-KEY-OPENRCT2.ORG.PFX.PASSWORD} + $timestampUrl = "http://timestamp.comodoca.com/authenticode" + + if (-not (Test-Path -PathType Leaf $pfxPath)) + { + Write-Host "Unable to sign, code signature key was not found." -ForegroundColor Red + return 1 + } + + if ($pfxPassword -eq $null) + { + Write-Host "Unable to sign, %CODE-SIGN-KEY-OPENRCT2.ORG.PFX.PASSWORD% was not set." -ForegroundColor Red + return 1 + } + + # Resolve signtool path + $signtoolcmd = "signtool" + if (-not (AppExists($signtoolcmd))) + { + $signtoolcmd = "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\SignTool.exe" + if (-not (AppExists($signtoolcmd))) + { + Write-Host "Publish script requires signtool to be in PATH" -ForegroundColor Red + return 1 + } + } + + # Sign the binary + & $signtoolcmd sign /f $pfxPath /p $pfxPassword /t $timestampUrl $binaryPath + if ($LASTEXITCODE -ne 0) + { + Write-Host "Failed to sign binary." -ForegroundColor Red + return 1 + } + + return 0 +} + # Script entry point switch ($Task) {