Skip to content
No description, website, or topics provided.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.settings
gradle/wrapper
infrastructure
src
.classpath
.gitignore
.project
Jenkinsfile
LICENSE
README.md
bonita-base.properties
build.gradle
gradlew
gradlew.bat
settings.gradle

README.md

bonita-codesign

Provide a REST endpoint used by our CI to sign MacOs and windows binaries with our EV Certificates

Windows - How to setup the service

Prerequisites

  • Up to date Windows OS
  • Disable the screen saver and sleep mode !
  • Install the Windows SDK
  • Install a JDK 8 and configure your Path environment variable
  • Install SafeNetAuthenticationClient
  • Ensure that C:\Program Files (x86)\Windows Kits\10\App Certification Kit\ is in the Path environment variable (you should be able to run the command signtool in powershell)
  • Connect the DigiCert token (USB drive) to the host. WARNING: when you connect the USB drive, if the system tries to install it, CANCEL THE INSTALLATION. Else the USB drive will be reconized as a smart card, and you won't be able to use the single logon feature.
  • The host should be named codesign-win.rd.lan

Login to the token

Retrieve and start the latest version

  • Go to our Artifactory to retrieve the latest tag (zip archive)
  • Extract the bonita-codesign-windows jar
  • Start the service using cmd : java -jar path/to/bonita-codesign-windows-<version>.jar
  • Make sure the service is started on 8080 port as the URL on the CI are configured on this port.
  • The endpoint should available at http://codesign-win.rd.lan:8080/sign, it accepts POST method with a parameter exeFile

Install the codesign application as a windows service

  • Go to our Artifactory to retrieve the latest tag (zip archive)
  • Unzip it, and follow the instructions in the provided readme

MacOs - How to setup the service

Prerequisites

  • Root access on an up to date MacOs
  • Credentials of the Bonitasoft apple developer account
  • JDK 8
  • Xcode (used to generate certificates)
  • The host should be named codesign.rd.lan-mac
  • Disable sleep mode -> Open a terminal and type the following cmd: pmset noidle (Leave it alive, do not exit)

Install certificates

You can skip the Xcode part if you have already generated valid certificates. If so, just download import them in the keychain access (Applications -> Utilities).

  • Launch Xcode
  • Xcode -> preference -> Manage certificates
  • Add certificates for Application and Installer
  • Close Xcode
  • Open the KeyChain access (Applications -> Utilities)
  • Your certificates must be in the keychain system. You can drag and drop a certificat in a given keychain to change its scope (password will be asked a couple of times)

Retrieve and start the latest version

  • Go to our Artifactory to retrieve the latest tag (zip archive)
  • Extract the bonita-codesign-windows jar
  • You must start the service as the root user -> sudo su (careful now!)
  • Start the service using cmd : java -jar path/to/bonita-codesign-windows-<version>.jar
  • Make sure the service is started on 8080 port as the URL on the CI are configured on this port.
  • The endpoints are available at http://codesign-mac.rd.lan:8080/sign and http://codesign-mac.rd.lan:8080/buildAndSignMacInstaller, both accept POST method with a parameter exeFile
  • The first endpoint is used to sign the product: the .app must be sent in a zip file and will be returned in a zip file
  • The second endpoint is used to build and sign the dmg: the .app of the installer must be sent in a zip file, and the dmg will be returned in a zip file
You can’t perform that action at this time.