Only sign the cat, not the driver #105
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: [push, pull_request] | |
jobs: | |
test-scream: | |
runs-on: windows-latest | |
steps: | |
- run: 'Invoke-WebRequest https://github.com/duncanthrax/scream/releases/download/4.0/Scream4.0.zip -OutFile Scream4.0.zip' | |
- run: 'Expand-Archive -Path Scream4.0.zip -DestinationPath Scream' | |
# To work around https://github.com/duncanthrax/scream/issues/215, create our own self-signed certificate for the Scream driver. | |
# makecert.exe insists on interactively asking the user for a password (sigh...), so use OpenSSL instead. | |
# `-extensions v3_req` is a trick to make sure the resulting cert has basic constraint CA:FALSE (the default is CA:TRUE which is problematic here) without having to create an OpenSSL config file. | |
- run: 'openssl req -batch -verbose -x509 -newkey rsa -keyout ScreamCertificate.pvk -out ScreamCertificate.cer -nodes -extensions v3_req -addext extendedKeyUsage=codeSigning' | |
- run: 'openssl pkcs12 -export -nodes -in ScreamCertificate.cer -inkey ScreamCertificate.pvk -out ScreamCertificate.pfx -passout pass:' | |
# This is just to make sure signtool.exe is in the PATH | |
- uses: ilammy/msvc-dev-cmd@v1 | |
# Sign the driver with the self-signed certificate we just made. | |
- run: 'signtool sign /v /fd SHA256 /f ScreamCertificate.pfx Scream\Install\driver\x64\Scream.cat' | |
# Tell Windows to trust the self-signed certificate we just made. | |
- run: 'Import-Certificate -FilePath ScreamCertificate.cer -CertStoreLocation Cert:\LocalMachine\root' | |
- run: 'Import-Certificate -FilePath ScreamCertificate.cer -CertStoreLocation Cert:\LocalMachine\TrustedPublisher' | |
# Finally, install the driver. | |
- run: 'Scream\Install\helpers\devcon-x64.exe install Scream\Install\driver\x64\Scream.inf *Scream' | |
continue-on-error: true | |
# For convenience, make sure we fail fast if for whatever reason the install gets blocked on some GUI prompt. | |
timeout-minutes: 1 | |
- uses: actions/upload-artifact@v2 | |
with: | |
path: . |