Skip to content

Only sign the cat, not the driver #105

Only sign the cat, not the driver

Only sign the cat, not the driver #105

on: [push, pull_request]
jobs:
test-scream:
runs-on: windows-latest
steps:
- run: 'Invoke-WebRequest https://github.com/duncanthrax/scream/releases/download/4.0/Scream4.0.zip -OutFile Scream4.0.zip'
- run: 'Expand-Archive -Path Scream4.0.zip -DestinationPath Scream'
# To work around https://github.com/duncanthrax/scream/issues/215, create our own self-signed certificate for the Scream driver.
# makecert.exe insists on interactively asking the user for a password (sigh...), so use OpenSSL instead.
# `-extensions v3_req` is a trick to make sure the resulting cert has basic constraint CA:FALSE (the default is CA:TRUE which is problematic here) without having to create an OpenSSL config file.
- run: 'openssl req -batch -verbose -x509 -newkey rsa -keyout ScreamCertificate.pvk -out ScreamCertificate.cer -nodes -extensions v3_req -addext extendedKeyUsage=codeSigning'
- run: 'openssl pkcs12 -export -nodes -in ScreamCertificate.cer -inkey ScreamCertificate.pvk -out ScreamCertificate.pfx -passout pass:'
# This is just to make sure signtool.exe is in the PATH
- uses: ilammy/msvc-dev-cmd@v1
# Sign the driver with the self-signed certificate we just made.
- run: 'signtool sign /v /fd SHA256 /f ScreamCertificate.pfx Scream\Install\driver\x64\Scream.cat'
# Tell Windows to trust the self-signed certificate we just made.
- run: 'Import-Certificate -FilePath ScreamCertificate.cer -CertStoreLocation Cert:\LocalMachine\root'
- run: 'Import-Certificate -FilePath ScreamCertificate.cer -CertStoreLocation Cert:\LocalMachine\TrustedPublisher'
# Finally, install the driver.
- run: 'Scream\Install\helpers\devcon-x64.exe install Scream\Install\driver\x64\Scream.inf *Scream'
continue-on-error: true
# For convenience, make sure we fail fast if for whatever reason the install gets blocked on some GUI prompt.
timeout-minutes: 1
- uses: actions/upload-artifact@v2
with:
path: .