df57754baf
The installer, uninstaller, and the Zed binary files are all signed using Microsoft’s newly launched Trusted Signing service. For demonstration purposes, I have used my own account for the signing process. For more information about Trusted Signing, you can refer to the following links: - [Microsoft Security Blog: Trusted Signing is in Public Preview](https://techcommunity.microsoft.com/blog/microsoft-security-blog/trusted-signing-is-in-public-preview/4103457) - [Overview of Azure Trusted Signing](https://learn.microsoft.com/en-us/azure/trusted-signing/overview) **TODO:** - [x] `InnoSetup` script to setup an installer - [x] Signing process - [x] `Open with Zed` in right click context menu (by using sparse package) - [x] Integrate with `cli` - [x] Implement `cli` (#25412) - [x] Pack `cli.exe` into installer - [x] Implement auto updating (#25734) - [x] Pack autoupdater helper into installer - [x] Implement dock menus - [x] Add `Recent Documents` entries (#26369) - [x] Make `zed.exe` aware of sigle instance (#25412) - [x] Properly handle dock menu events (#26010) - [x] Handle `zed://***` uri **Materials needed:** - [ ] Icons - [ ] App icon for all channels (#9571) - [ ] Associated file icons, at minimum a default icon ([example](https://github.com/microsoft/vscode/tree/main/resources/win32)) - [ ] Logos for installer wizard - [ ] Icons for appx - [x] Code signing - [x] Secrets: AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, ACCOUNT_NAME, CERT_PROFILE_NAME - [x] Other constants: ENDPOINT, Identity Signature (i.e. `CN=Junkui Zhang, O=Junkui Zhang, L=Wuhan, S=Hubei, C=CN`)  https://github.com/user-attachments/assets/4f1092b4-90fc-4a47-a868-8f2f1a5d8ad8 Release Notes: - N/A --------- Co-authored-by: Kate <kate@zed.dev> Co-authored-by: localcc <work@localcc.cc> Co-authored-by: Peter Tripp <peter@zed.dev> Co-authored-by: Max Brunsfeld <maxbrunsfeld@gmail.com>
53 lines
1.4 KiB
PowerShell
53 lines
1.4 KiB
PowerShell
param (
|
|
[Parameter(Mandatory = $true)]
|
|
[string]$filePath
|
|
)
|
|
|
|
$params = @{}
|
|
|
|
$endpoint = $ENV:ENDPOINT
|
|
if ([string]::IsNullOrWhiteSpace($endpoint)) {
|
|
throw "The 'ENDPOINT' env is required."
|
|
}
|
|
$params["Endpoint"] = $endpoint
|
|
|
|
$trustedSigningAccountName = $ENV:ACCOUNT_NAME
|
|
if ([string]::IsNullOrWhiteSpace($trustedSigningAccountName)) {
|
|
throw "The 'ACCOUNT_NAME' env is required."
|
|
}
|
|
$params["CodeSigningAccountName"] = $trustedSigningAccountName
|
|
|
|
$certificateProfileName = $ENV:CERT_PROFILE_NAME
|
|
if ([string]::IsNullOrWhiteSpace($certificateProfileName)) {
|
|
throw "The 'CERT_PROFILE_NAME' env is required."
|
|
}
|
|
$params["CertificateProfileName"] = $certificateProfileName
|
|
|
|
$fileDigest = $ENV:FILE_DIGEST
|
|
if ([string]::IsNullOrWhiteSpace($fileDigest)) {
|
|
throw "The 'FILE_DIGEST' env is required."
|
|
}
|
|
$params["FileDigest"] = $fileDigest
|
|
|
|
$timeStampDigest = $ENV:TIMESTAMP_DIGEST
|
|
if ([string]::IsNullOrWhiteSpace($timeStampDigest)) {
|
|
throw "The 'TIMESTAMP_DIGEST' env is required."
|
|
}
|
|
$params["TimestampDigest"] = $timeStampDigest
|
|
|
|
$timeStampServer = $ENV:TIMESTAMP_SERVER
|
|
if ([string]::IsNullOrWhiteSpace($timeStampServer)) {
|
|
throw "The 'TIMESTAMP_SERVER' env is required."
|
|
}
|
|
$params["TimestampRfc3161"] = $timeStampServer
|
|
|
|
$params["Files"] = $filePath
|
|
|
|
$trace = $ENV:TRACE
|
|
if (-Not [string]::IsNullOrWhiteSpace($trace)) {
|
|
if ([System.Convert]::ToBoolean($trace)) {
|
|
Set-PSDebug -Trace 2
|
|
}
|
|
}
|
|
|
|
Invoke-TrustedSigning @params
|