Helper utilities to showcase windows authenticode signing (#11780)

This relates to #11013 Helper utilities to showcase Windows Authenticode signing. The fleetdm.pfx certificate file is a self-signed test certificate
2026-05-23 08:58:41 +00:00 · 2023-05-18 16:47:33 -03:00 · 2023-05-18 16:47:33 -03:00 · bc223af05d
commit bc223af05d
parent 0c13d8f2a9
2 changed files with 37 additions and 0 deletions
--- a/orbit/tools/build/fleetdm.pfx
+++ b/orbit/tools/build/fleetdm.pfx
--- a/orbit/tools/build/sign-windows.sh
+++ b/orbit/tools/build/sign-windows.sh
@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+set -eo pipefail
+
+input_file=$1
+
+if [ ! -f "$input_file" ]
+then
+    echo 'First argument must be path to binary'
+    exit 1
+fi
+
+# Skip if not a windows PE executable
+if ! ( file "$input_file" | grep -q PE )
+then
+    echo 'Skip windows signing'
+    exit 0
+fi
+
+if ! command -v osslsigncode >/dev/null 2>&1 ; then
+    echo "Osslsigncode utility is not present. Binary cannot be signed."
+    exit 1
+fi
+
+work_file="${input_file}_old"
+
+mv "$input_file" "$work_file"
+
+osslsigncode sign -pkcs12 "./orbit/tools/build/fleetdm.pfx" -pass "fleetdm" -n "Fleet Osquery" -i "https://www.fleetdm.com" -t "http://timestamp.comodoca.com/authenticode" -in "$work_file" -out "$input_file"
+
+retVal=$?
+if [ $retVal -ne 0 ]; then
+    echo "There was an error when signing."
+else
+    echo "Binary $input_file was successfully signed."
+    rm $work_file
+fi
+exit $retVal