Meh Belly Lint Collection

That awful moment when you realize,
THIS is YOUR circus and THOSE are YOUR monkeys.

User Tools

Site Tools


compile_powershell

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
compile_powershell [2024/12/23 20:11] – created kensoncompile_powershell [2025/10/25 23:11] (current) kenson
Line 2: Line 2:
  
 Run powershell as administrator, then run Run powershell as administrator, then run
 +<code>
 Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass
 Import-Module PS2EXE Import-Module PS2EXE
 ps2exe -inputfile 'YourScript.ps1' -outputfile 'YourScript.exe' ps2exe -inputfile 'YourScript.ps1' -outputfile 'YourScript.exe'
 +</code>
 To add an icon To add an icon
 +<code>
 ps2exe -inputfile 'YourScript.ps1' -outputfile 'YourScript.exe' -iconfile 'YourIcon.ico' ps2exe -inputfile 'YourScript.ps1' -outputfile 'YourScript.exe' -iconfile 'YourIcon.ico'
 +</code>
 To run as an GUI (no console) To run as an GUI (no console)
 +<code>
 ps2exe -inputfile 'YourScript.ps1' -outputfile 'YourScript.exe' -noConsole ps2exe -inputfile 'YourScript.ps1' -outputfile 'YourScript.exe' -noConsole
 +</code>
  
-To sign the exe +To sign the binary, I followed the steps in the following docs: 
-https://github.com/koaladsp/KoalaDocs/blob/master/azure-code-signing-for-plugin-developers.md#232-preparing-signtoolexe+  * [[https://melatonin.dev/blog/code-signing-on-windows-with-azure-trusted-signing/]] 
 +  * [[https://github.com/koaladsp/KoalaDocs/blob/master/azure-code-signing-for-plugin-developers.md#232-preparing-signtoolexe]]
  
 +Signing Command once everything is set up:
 +<code>
 & "C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\x64\signtool.exe" sign /v /debug /fd SHA256 /tr "http://timestamp.acs.microsoft.com" /td SHA256 /dlib "C:\Users\PRIPYAT\Desktop\Sign\Microsoft.Trusted.Signing.Client.1.0.60\bin\x64\Azure.CodeSigning.Dlib.dll" /dmdf "U:\Ken\Embrient\GMS\ESP32C3 Firmware GMS\Holycrapitworks_ST7565_LOX_ESP32C3_copy_20241201\build\esp32.esp32.XIAO_ESP32C3\metadata.json" FlashGMS.exe & "C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\x64\signtool.exe" sign /v /debug /fd SHA256 /tr "http://timestamp.acs.microsoft.com" /td SHA256 /dlib "C:\Users\PRIPYAT\Desktop\Sign\Microsoft.Trusted.Signing.Client.1.0.60\bin\x64\Azure.CodeSigning.Dlib.dll" /dmdf "U:\Ken\Embrient\GMS\ESP32C3 Firmware GMS\Holycrapitworks_ST7565_LOX_ESP32C3_copy_20241201\build\esp32.esp32.XIAO_ESP32C3\metadata.json" FlashGMS.exe
 +</code>
 +
 +The key is to get the following metadata correct and log into azure with the correct credentials
 +
 +metadata.json
 +<code>
 + {
 +  "Endpoint": "https://eus.codesigning.azure.net/", 
 +  "CodeSigningAccountName": "Embrient", 
 +  "CertificateProfileName": "EmbrientPT"
 + 
 +</code>
 +
 +The CodeSigningAccountName is the TrustedSigningAccount in the Azure Dashboard
 +
 +{{:codesigningaccountname.png?600|}}
 +
 +The CertificateProfileName is the relevant entry in your CertificateProfile
 +
 +{{:certificateprofile.png?600|}}
 +
 +To set up azure CLI environment for signing, from powershell run:
 +<code>
 +az login
 +</code>
 +
 +e.g.
 +
 +<code>
 +PS C:\WINDOWS\system32> az login
 +Select the account you want to log in with. For more information on login with Azure CLI, see https://go.microsoft.com/fwlink/?linkid=2271136
 +
 +Retrieving tenants and subscriptions for the selection...
 +
 +[Tenant and subscription selection]
 +
 +No     Subscription name      Subscription ID                       Tenant
 +-----  ---------------------  ------------------------------------  -----------------
 +[1] *  Azure subscription 1   xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx  Default Directory
 +[2]    Code Signing Embrient  xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx  Default Directory
 +
 +The default is marked with an *; the default tenant is 'Default Directory' and subscription is 'Azure subscription 1' (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx).
 +
 +Select a subscription and tenant (Type a number or Enter for no changes):</code>
 +
 +
 +Next set up for code signing via the command
 +
 +<code>
 +az ad sp create --id cf2ab426-f71a-4b61-bb8a-9e505b85bc2e
 +</code>
 +<code>
 +az ad app permission grant --id cf2ab426-f71a-4b61-bb8a-9e505b85bc2e --api 00000003-0000-0000-c000-000000000000 --scope User.Read
 +</code>
 +
 +<kbd>Q</kbd>
  
compile_powershell.1734984717.txt.gz · Last modified: 2024/12/23 20:11 by kenson

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki