Differences

This shows you the differences between two versions of the page.

--- compile_powershell [2024/12/23 20:11] – created kenson
+++ compile_powershell [2025/10/25 23:11] (current) – kenson
@@ Line 2: / Line 2: @@
 Run powershell as administrator, then run
+<code>
 Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass
 Import-Module PS2EXE
 ps2exe -inputfile 'YourScript.ps1' -outputfile 'YourScript.exe'
+</code>
 To add an icon
+<code>
 ps2exe -inputfile 'YourScript.ps1' -outputfile 'YourScript.exe' -iconfile 'YourIcon.ico'
+</code>
 To run as an GUI (no console)
+<code>
 ps2exe -inputfile 'YourScript.ps1' -outputfile 'YourScript.exe' -noConsole
+</code>
-To sign the exe
+To sign the binary, I followed the steps in the following docs:
-https://github.com/koaladsp/KoalaDocs/blob/master/azure-code-signing-for-plugin-developers.md#232-preparing-signtoolexe
+  * [[https://melatonin.dev/blog/code-signing-on-windows-with-azure-trusted-signing/]]
+  * [[https://github.com/koaladsp/KoalaDocs/blob/master/azure-code-signing-for-plugin-developers.md#232-preparing-signtoolexe]]
+Signing Command once everything is set up:
+<code>
 & "C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\x64\signtool.exe" sign /v /debug /fd SHA256 /tr "http://timestamp.acs.microsoft.com" /td SHA256 /dlib "C:\Users\PRIPYAT\Desktop\Sign\Microsoft.Trusted.Signing.Client.1.0.60\bin\x64\Azure.CodeSigning.Dlib.dll" /dmdf "U:\Ken\Embrient\GMS\ESP32C3 Firmware GMS\Holycrapitworks_ST7565_LOX_ESP32C3_copy_20241201\build\esp32.esp32.XIAO_ESP32C3\metadata.json" FlashGMS.exe
+</code>
+The key is to get the following metadata correct and log into azure with the correct credentials
+metadata.json
+<code>
+ {
+ 	"Endpoint": "https://eus.codesigning.azure.net/",
+ 	"CodeSigningAccountName": "Embrient",
+ 	"CertificateProfileName": "EmbrientPT"
+ }
+</code>
+The CodeSigningAccountName is the TrustedSigningAccount in the Azure Dashboard
+{{:codesigningaccountname.png?600|}}
+The CertificateProfileName is the relevant entry in your CertificateProfile
+{{:certificateprofile.png?600|}}
+To set up azure CLI environment for signing, from powershell run:
+<code>
+az login
+</code>
+e.g.
+<code>
+PS C:\WINDOWS\system32> az login
+Select the account you want to log in with. For more information on login with Azure CLI, see https://go.microsoft.com/fwlink/?linkid=2271136
+Retrieving tenants and subscriptions for the selection...
+[Tenant and subscription selection]
+No     Subscription name      Subscription ID                       Tenant
+-----  ---------------------  ------------------------------------  -----------------
+[1] *  Azure subscription 1   xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx  Default Directory
+[2]    Code Signing Embrient  xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx  Default Directory
+The default is marked with an *; the default tenant is 'Default Directory' and subscription is 'Azure subscription 1' (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx).
+Select a subscription and tenant (Type a number or Enter for no changes):</code>
+Next set up for code signing via the command
+<code>
+az ad sp create --id cf2ab426-f71a-4b61-bb8a-9e505b85bc2e
+</code>
+<code>
+az ad app permission grant --id cf2ab426-f71a-4b61-bb8a-9e505b85bc2e --api 00000003-0000-0000-c000-000000000000 --scope User.Read
+</code>
+<kbd>Q</kbd>