fergalmoran/picard
1
0
Fork 0
mirror of https://github.com/fergalmoran/picard.git synced 2026-01-16 05:26:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
40ad4e2ff24dd0eab5fc15b80965dfd4ee4380c7
picard/scripts/package/win-common.ps1
Philipp Wolfer 5e47d907b8 Update to PyInstaller 6.1
2023-10-31 10:11:41 +01:00

63 lines
2.0 KiB
PowerShell
Raw Blame History

# Common functions for Windows packaging scripts
Param(
[ValidateScript({ (Test-Path $_ -PathType Leaf) -or (-not $_) })]
[String]
$CertificateFile,
[SecureString]
$CertificatePassword
)
# RFC 3161 timestamp server for code signing
$TimeStampServer = 'http://ts.ssl.com'
Function CodeSignBinary {
Param(
[ValidateScript({Test-Path $_ -PathType Leaf})]
[String]
$BinaryPath
)
If ($CertificateFile) {
SignTool sign /v /fd SHA256 /tr "$TimeStampServer" /td sha256 `
/f "$CertificateFile" /p (ConvertFrom-SecureString -AsPlainText $CertificatePassword) `
$BinaryPath
ThrowOnExeError "SignTool failed"
} Else {
Write-Output "Skip signing $BinaryPath"
}
}
Function ThrowOnExeError {
Param( [String]$Message )
If ($LastExitCode -ne 0) {
Throw $Message
}
}
Function FinalizePackage {
Param(
[ValidateScript({Test-Path $_ -PathType Container})]
[String]
$Path
)
$InternalPath = (Join-Path -Path $Path -ChildPath _internal)
CodeSignBinary -BinaryPath (Join-Path -Path $Path -ChildPath picard.exe) -ErrorAction Stop
CodeSignBinary -BinaryPath (Join-Path -Path $InternalPath -ChildPath fpcalc.exe) -ErrorAction Stop
CodeSignBinary -BinaryPath (Join-Path -Path $InternalPath -ChildPath discid.dll) -ErrorAction Stop
# Move all Qt6 DLLs into the main folder to avoid conflicts with system wide
# versions of those dependencies. Since some version PyInstaller tries to
# maintain the file hierarchy of imported modules, but this easily breaks
# DLL loading on Windows.
# Workaround for https://tickets.metabrainz.org/browse/PICARD-2736
$Qt6Dir = (Join-Path -Path $InternalPath -ChildPath PyQt6\Qt6)
Move-Item -Path (Join-Path -Path $Qt6Dir -ChildPath bin\*.dll) -Destination $Path -Force
Remove-Item -Path (Join-Path -Path $Qt6Dir -ChildPath bin)
# Mitigate libwebp vulnerability allowing for arbitrary code execution (CVE-2023-4863).
# Disable the Qt webp imageformat plugin.
Remove-Item -Path (Join-Path -Path $Qt6Dir -ChildPath plugins\imageformats\qwebp.dll)
}
Reference in New Issue View Git Blame Copy Permalink