diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index 3103abe..fb8f6bb 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -3,33 +3,25 @@ jobs: test-scream: runs-on: windows-latest steps: - - run: net start audiosrv - - shell: powershell - run: Invoke-WebRequest https://github.com/duncanthrax/scream/releases/download/4.0/Scream4.0.zip -OutFile Scream4.0.zip - - shell: powershell - run: Expand-Archive -Path Scream4.0.zip -DestinationPath Scream - - run: cat "C:\Program Files\Common Files\SSL/openssl.cnf" - - run: openssl req -batch -verbose -x509 -newkey rsa -keyout ScreamCertificate.pvk -out ScreamCertificate.cer -nodes -extensions v3_req -addext extendedKeyUsage=codeSigning - - run: openssl x509 -in ScreamCertificate.cer -text + - run: 'net start audiosrv' + - run: 'Invoke-WebRequest https://github.com/duncanthrax/scream/releases/download/4.0/Scream4.0.zip -OutFile Scream4.0.zip' + - run: 'Expand-Archive -Path Scream4.0.zip -DestinationPath Scream' + # To work around https://github.com/duncanthrax/scream/issues/215, create our own self-signed certificate for the Scream driver. + # makecert.exe insists on interactively asking the user for a password (sigh...), so use OpenSSL instead. + # `-extensions v3_req` is a trick to make sure the resulting cert has basic constraint CA:FALSE (the default is CA:TRUE which is problematic here) without having to create an OpenSSL config file. + - run: 'openssl req -batch -verbose -x509 -newkey rsa -keyout ScreamCertificate.pvk -out ScreamCertificate.cer -nodes -extensions v3_req -addext extendedKeyUsage=codeSigning' - run: 'openssl pkcs12 -export -nodes -in ScreamCertificate.cer -inkey ScreamCertificate.pvk -out ScreamCertificate.pfx -passout pass:' - - uses: ilammy/msvc-dev-cmd@v1 - - run: signtool sign /v /fd SHA256 /f ScreamCertificate.pfx Scream\Install\driver\x64\Scream.sys + # Sign the driver with the self-signed certificate we just made. + - run: '& "C:\Program Files (x86)\Windows Kits\10\bin\x86\signtool.exe" sign /v /fd SHA256 /f ScreamCertificate.pfx Scream\Install\driver\x64\Scream.sys' - run: '& "C:\Program Files (x86)\Windows Kits\10\bin\x86\Inf2Cat.exe" /driver:Scream\Install\driver\x64\ /os:ServerFE_X64' - - run: signtool sign /v /fd SHA256 /f ScreamCertificate.pfx Scream\Install\driver\x64\Scream.cat - - run: (Get-AuthenticodeSignature Scream\Install\driver\x64\Scream.cat).SignerCertificate | Export-Certificate -FilePath cert.cer - shell: powershell - - run: Import-Certificate -FilePath cert.cer -CertStoreLocation Cert:\LocalMachine\root - shell: powershell - - run: Import-Certificate -FilePath cert.cer -CertStoreLocation Cert:\LocalMachine\TrustedPublisher - shell: powershell - - shell: powershell - run: Install-Module -Name PShot -AcceptLicense -Force - - shell: powershell - run: | - Import-Module -Name PShot - Start-Job { Get-PShot -Directory . -Delay 30 } - Scream\Install\helpers\devcon-x64.exe install Scream\Install\driver\x64\Scream.inf *Scream + - run: '& "C:\Program Files (x86)\Windows Kits\10\bin\x86\signtool.exe" sign /v /fd SHA256 /f ScreamCertificate.pfx Scream\Install\driver\x64\Scream.cat' + # Tell Windows to trust the self-signed certificate we just made. + - run: Import-Certificate -FilePath ScreamCertificate.cer -CertStoreLocation Cert:\LocalMachine\root + - run: Import-Certificate -FilePath ScreamCertificate.cer -CertStoreLocation Cert:\LocalMachine\TrustedPublisher + # Finally, install the driver. + - run: Scream\Install\helpers\devcon-x64.exe install Scream\Install\driver\x64\Scream.inf *Scream continue-on-error: true + # For convenience, make sure we fail fast if for whatever reason the install gets blocked on some GUI prompt. timeout-minutes: 1 - uses: actions/upload-artifact@v2 with: