chore: test extracting and repackaging the cabinet files

nb-ccd · nb-ccd · commit 1f2769a1bb4a · 2025-07-07T18:27:06.000+01:00
diff --git a/.github/workflows/test-windows-code-signing.yaml b/.github/workflows/test-windows-code-signing.yaml
@@ -79,7 +79,7 @@ jobs:
 
   node-windows:
     runs-on: windows-latest  
-    environment: release # This step needs to use the release context to access credentials for code signing.
+    # environment: release # This step needs to use the release context to access credentials for code signing.
     needs: [validate-preconditions]
     if: contains(fromJSON('["rc", "alpha", "node-windows"]'), needs.validate-preconditions.outputs.release_type)
     defaults:
@@ -101,94 +101,162 @@ jobs:
         id: digicert_client
         uses: digicert/ssm-code-signing@v1.0.0
 
-      - name: Import Windows certificate (Windows only)
-        id: windows_certificate
-        env:
-          # Base64 encoding of the pfx/p12 certificate for Windows code signing.
-          SM_CLIENT_CERT_FILE_B64: ${{ secrets.WINDOWS_SM_CLIENT_CERT_FILE_B64 }}
+# Disabling these to test the windows-y commandline file manipulation stuff.
+#       - name: Import Windows certificate (Windows only)
+#         id: windows_certificate
+#         env:
+#           # Base64 encoding of the pfx/p12 certificate for Windows code signing.
+#           SM_CLIENT_CERT_FILE_B64: ${{ secrets.WINDOWS_SM_CLIENT_CERT_FILE_B64 }}
+#         run: |
+#           $CERTIFICATE_PATH_BASE64="$env:RUNNER_TEMP\cert-b64.txt"
+#           $CERTIFICATE_PATH="$env:RUNNER_TEMP\cert.pfx"
+
+#           Set-Content -Path $CERTIFICATE_PATH_BASE64 -Value $env:SM_CLIENT_CERT_FILE_B64
+#           certutil -decode $CERTIFICATE_PATH_BASE64 $CERTIFICATE_PATH
+#           echo "CERTIFICATE_PATH=$CERTIFICATE_PATH" >> $env:GITHUB_OUTPUT
+
+#       - name: Run smctl healthcheck to confirm if the tool is configured properly.
+#         working-directory: ${{steps.build.outputs.bin_dir}}
+#         env:
+#           # windows signing
+#           # FILE_TO_SIGN: ${{ steps.build.outputs.FILE_TO_SIGN }}
+#           WINDOWS_PKCS11_CONFIG: ${{ steps.digicert_client.outputs.PKCS11_CONFIG }}
+#           WINDOWS_SM_KEYPAIR_ALIAS: ${{ secrets.WINDOWS_SM_KEYPAIR_ALIAS }}
+#           SM_HOST: ${{ vars.WINDOWS_SM_HOST }}
+#           SM_API_KEY: ${{ secrets.WINDOWS_SM_API_KEY }}
+#           SM_CLIENT_CERT_FILE: ${{ steps.windows_certificate.outputs.CERTIFICATE_PATH }}
+#           SM_CLIENT_CERT_PASSWORD: ${{ secrets.WINDOWS_SM_CLIENT_CERT_PASSWORD }}
+#         run: |
+#           smctl healthcheck --all
+# #           smctl sign --verbose --keypair-alias ${{ env.WINDOWS_SM_KEYPAIR_ALIAS }} --input ${{ env.FILE_TO_SIGN }} --config-file ${{ env.WINDOWS_PKCS11_CONFIG }} --verbose --exit-non-zero-on-fail --failfast
+#         shell: cmd
+
+      - name: Install dependencies
         run: |
-          $CERTIFICATE_PATH_BASE64="$env:RUNNER_TEMP\cert-b64.txt"
-          $CERTIFICATE_PATH="$env:RUNNER_TEMP\cert.pfx"
-
-          Set-Content -Path $CERTIFICATE_PATH_BASE64 -Value $env:SM_CLIENT_CERT_FILE_B64
-          certutil -decode $CERTIFICATE_PATH_BASE64 $CERTIFICATE_PATH
-          echo "CERTIFICATE_PATH=$CERTIFICATE_PATH" >> $env:GITHUB_OUTPUT
-
-      - name: Run smctl healthcheck to confirm if the tool is configured properly.
-        working-directory: ${{steps.build.outputs.bin_dir}}
-        env:
-          # windows signing
-          # FILE_TO_SIGN: ${{ steps.build.outputs.FILE_TO_SIGN }}
-          WINDOWS_PKCS11_CONFIG: ${{ steps.digicert_client.outputs.PKCS11_CONFIG }}
-          WINDOWS_SM_KEYPAIR_ALIAS: ${{ secrets.WINDOWS_SM_KEYPAIR_ALIAS }}
-          SM_HOST: ${{ vars.WINDOWS_SM_HOST }}
-          SM_API_KEY: ${{ secrets.WINDOWS_SM_API_KEY }}
-          SM_CLIENT_CERT_FILE: ${{ steps.windows_certificate.outputs.CERTIFICATE_PATH }}
-          SM_CLIENT_CERT_PASSWORD: ${{ secrets.WINDOWS_SM_CLIENT_CERT_PASSWORD }}
+          choco install yq jq -y
+        shell: bash
+
+      - name: Install Rust
+        uses: actions-rust-lang/setup-rust-toolchain@v1
+        with:
+          toolchain: ${{ env.RUST_VERSION }}-x86_64-pc-windows-msvc
+
+      - name: Install Rust
+        uses: actions-rust-lang/setup-rust-toolchain@v1
+        with:
+          toolchain: ${{ env.RUST_VERSION }}-x86_64-pc-windows-gnu
+
+      - name: Setup node folder
         run: |
-          smctl healthcheck --all
-#           smctl sign --verbose --keypair-alias ${{ env.WINDOWS_SM_KEYPAIR_ALIAS }} --input ${{ env.FILE_TO_SIGN }} --config-file ${{ env.WINDOWS_PKCS11_CONFIG }} --verbose --exit-non-zero-on-fail --failfast
-        shell: cmd
+          mkdir -p "C:/Program Files/node/include"
+          Add-Content -Path $env:GITHUB_PATH -Value "C:/Program Files/node"
 
-      # - name: Install dependencies
-      #   run: |
-      #     choco install yq jq -y
-      #   shell: bash
+      - name: Install flatbuffers
+        run: |
+          curl -L -O https://github.com/google/flatbuffers/releases/download/v${{ env.FLATBUFFERS_VERSION }}/Windows.flatc.binary.zip
+          unzip Windows.flatc.binary.zip
+          mv flatc.exe "C:/Program Files/node/"
 
-      # - name: Install Rust
-      #   uses: actions-rust-lang/setup-rust-toolchain@v1
-      #   with:
-      #     toolchain: ${{ env.RUST_VERSION }}-x86_64-pc-windows-msvc
+      - name: Install protobuf (protoc)
+        run: |
+          curl -L -O https://github.com/protocolbuffers/protobuf/releases/download/v${{ env.PROTOC_VERSION }}/protoc-${{ env.PROTOC_VERSION }}-win64.zip
+          unzip protoc-${{ env.PROTOC_VERSION }}-win64.zip
+          mv bin/protoc.exe "C:/Program Files/node/"
+          mv include/* "C:/Program Files/node/include"
 
-      # - name: Install Rust
-      #   uses: actions-rust-lang/setup-rust-toolchain@v1
-      #   with:
-      #     toolchain: ${{ env.RUST_VERSION }}-x86_64-pc-windows-gnu
+      - name: Setup Haskell
+        uses: haskell-actions/setup@v2
+        with:
+          ghc-version: ${{ env.GHC_VERSION }}
+          enable-stack: true
+          stack-version: ${{ env.STACK_VERSION }}
 
-      # - name: Setup node folder
-      #   run: |
-      #     mkdir -p "C:/Program Files/node/include"
-      #     Add-Content -Path $env:GITHUB_PATH -Value "C:/Program Files/node"
+      - uses: milliewalky/setup-7-zip@v1
 
-      # - name: Install flatbuffers
-      #   run: |
-      #     curl -L -O https://github.com/google/flatbuffers/releases/download/v${{ env.FLATBUFFERS_VERSION }}/Windows.flatc.binary.zip
-      #     unzip Windows.flatc.binary.zip
-      #     mv flatc.exe "C:/Program Files/node/"
+      - name: Install GCC
+        run: |
+          curl -L -O https://github.com/brechtsanders/winlibs_mingw/releases/download/14.2.0posix-19.1.1-12.0.0-msvcrt-r2/winlibs-x86_64-posix-seh-gcc-14.2.0-llvm-19.1.1-mingw-w64msvcrt-12.0.0-r2.7z
+          7z x winlibs-x86_64-posix-seh-gcc-14.2.0-llvm-19.1.1-mingw-w64msvcrt-12.0.0-r2.7z -oC:/gcc
+          Add-Content -Path $env:GITHUB_PATH -Value "C:/gcc/mingw64/bin"
 
-      # - name: Install protobuf (protoc)
-      #   run: |
-      #     curl -L -O https://github.com/protocolbuffers/protobuf/releases/download/v${{ env.PROTOC_VERSION }}/protoc-${{ env.PROTOC_VERSION }}-win64.zip
-      #     unzip protoc-${{ env.PROTOC_VERSION }}-win64.zip
-      #     mv bin/protoc.exe "C:/Program Files/node/"
-      #     mv include/* "C:/Program Files/node/include"
+      - name: Install LMDB
+        run: stack exec -- pacman -S --noconfirm mingw-w64-x86_64-lmdb
 
-      # - name: Setup Haskell
-      #   uses: haskell-actions/setup@v2
-      #   with:
-      #     ghc-version: ${{ env.GHC_VERSION }}
-      #     enable-stack: true
-      #     stack-version: ${{ env.STACK_VERSION }}
+      - name: Build Windows Node
+        run: |
+          ./scripts/distribution/windows/build-all.ps1 -nodeVersion ${{ needs.validate-preconditions.outputs.version }} -rustVersion ${{ env.RUST_VERSION }}
 
-      # - uses: milliewalky/setup-7-zip@v1
+      - name: Extract files to prepare for signing 
+        run: |
+          pwd
+          MsiDb.exe -d ./service/windows/installer/Node.msi -x Node.cab
+          mkdir -p ./Node
+          expand -F:* Node.cab ./Node
+      
+      - name: Rename files to prepare for signing 
+        run: |
+          mv ./Node/ConcordiumConsensusDLL ./Node/ConcordiumConsensusDLL.dll
+          mv ./Node/ConcordiumBaseDLL ./Node/ConcordiumBaseDLL.dll
+          mv ./Node/ConcordiumSmartContractEngineDLL ./Node/ConcordiumSmartContractEngineDLL.dll
+          mv ./Node/Sha2DLL ./Node/Sha2DLL.dll
+          mv ./Node/NodeRunnerService ./Node/NodeRunnerService.exe
+          mv ./Node/NodeCollector ./Node/NodeCollector.exe 
+          mv ./Node/ConcordiumNode ./Node/ConcordiumNode.exe
 
-      # - name: Install GCC
+      # - name: Sign files with smctl
+      #   working-directory: ${{steps.build.outputs.bin_dir}}
+      #   env:
+      #     WINDOWS_PKCS11_CONFIG: ${{ steps.digicert_client.outputs.PKCS11_CONFIG }}
+      #     WINDOWS_SM_KEYPAIR_ALIAS: ${{ secrets.WINDOWS_SM_KEYPAIR_ALIAS }}
+      #     SM_HOST: ${{ vars.WINDOWS_SM_HOST }}
+      #     SM_API_KEY: ${{ secrets.WINDOWS_SM_API_KEY }}
+      #     SM_CLIENT_CERT_FILE: ${{ steps.windows_certificate.outputs.CERTIFICATE_PATH }}
+      #     SM_CLIENT_CERT_PASSWORD: ${{ secrets.WINDOWS_SM_CLIENT_CERT_PASSWORD }}
+      #     SM_ARGS: "--verbose --exit-non-zero-on-fail --failfast"
       #   run: |
-      #     curl -L -O https://github.com/brechtsanders/winlibs_mingw/releases/download/14.2.0posix-19.1.1-12.0.0-msvcrt-r2/winlibs-x86_64-posix-seh-gcc-14.2.0-llvm-19.1.1-mingw-w64msvcrt-12.0.0-r2.7z
-      #     7z x winlibs-x86_64-posix-seh-gcc-14.2.0-llvm-19.1.1-mingw-w64msvcrt-12.0.0-r2.7z -oC:/gcc
-      #     Add-Content -Path $env:GITHUB_PATH -Value "C:/gcc/mingw64/bin"
+      #     smctl sign --keypair-alias ${{ env.WINDOWS_SM_KEYPAIR_ALIAS }} --input ./Node/ConcordiumConsensusDLL.dll --config-file ${{ env.WINDOWS_PKCS11_CONFIG }} ${{ env.SM_ARGS }}
+      #     smctl sign --keypair-alias ${{ env.WINDOWS_SM_KEYPAIR_ALIAS }} --input ./Node/ConcordiumBaseDLL.dll --config-file ${{ env.WINDOWS_PKCS11_CONFIG }} ${{ env.SM_ARGS }}
+      #     smctl sign --keypair-alias ${{ env.WINDOWS_SM_KEYPAIR_ALIAS }} --input ./Node/ConcordiumSmartContractEngineDLL.dll --config-file ${{ env.WINDOWS_PKCS11_CONFIG }} ${{ env.SM_ARGS }}
+      #     smctl sign --keypair-alias ${{ env.WINDOWS_SM_KEYPAIR_ALIAS }} --input ./Node/Sha2DLL.dll --config-file ${{ env.WINDOWS_PKCS11_CONFIG }}  ${{ env.SM_ARGS }}
+      #     smctl sign --keypair-alias ${{ env.WINDOWS_SM_KEYPAIR_ALIAS }} --input ./Node/NodeRunnerService.exe --config-file ${{ env.WINDOWS_PKCS11_CONFIG }} ${{ env.SM_ARGS }}
+      #     smctl sign --keypair-alias ${{ env.WINDOWS_SM_KEYPAIR_ALIAS }} --input ./Node/NodeCollector.exe  --config-file ${{ env.WINDOWS_PKCS11_CONFIG }} ${{ env.SM_ARGS }}
+      #     smctl sign --keypair-alias ${{ env.WINDOWS_SM_KEYPAIR_ALIAS }} --input ./Node/ConcordiumNode.exe  --config-file ${{ env.WINDOWS_PKCS11_CONFIG }} ${{ env.SM_ARGS }}
+      #   shell: cmd
 
-      # - name: Install LMDB
-      #   run: stack exec -- pacman -S --noconfirm mingw-w64-x86_64-lmdb
+      - name: Rename files back to their original form without extension. 
+        run: |
+          mv ./Node/ConcordiumConsensusDLL.dll ./Node/ConcordiumConsensusDLL
+          mv ./Node/ConcordiumBaseDLL.dll ./Node/ConcordiumBaseDLL
+          mv ./Node/ConcordiumSmartContractEngineDLL.dll ./Node/ConcordiumSmartContractEngineDLL
+          mv ./Node/Sha2DLL.dll ./Node/Sha2DLL
+          mv ./Node/NodeRunnerService.exe ./Node/NodeRunnerService
+          mv ./Node/NodeCollector.exe ./Node/NodeCollector
+          mv ./Node/ConcordiumNode.exe ./Node/ConcordiumNode
 
-      # - name: Build Windows Node
-      #   run: |
-      #     ./scripts/distribution/windows/build-all.ps1 -nodeVersion ${{ needs.validate-preconditions.outputs.version }} -rustVersion ${{ env.RUST_VERSION }}
-      #     cp ./service/windows/installer/Node.msi ./${{ env.ARTIFACT_NAME }}
-
-      # - name: Upload artifact
-      #   uses: actions/upload-artifact@v4
-      #   with:
-      #     name: ${{ github.job }}
-      #     path: ${{ env.ARTIFACT_NAME }}
+      - name: Recreate the cabinet file. 
+        run: |
+          dir Node /b /a-d > filelist.txt
+          makecab.exe /D MaxDiskSize=0 /D Cabinet=ON /D Compress=ON /D CabinetName1=Node.cab /D SourceDir=Node /f cabdirs.txt
+        shell: cmd
+
+
+      - name: Repackage the cabinet file. 
+        run: |
+          rm Node.cab
+          mv disk1\Node.cab .
+          MsiDb.exe -d ./service/windows/installer/Node.msi -k Node.cab
+          MsiDb.exe -d ./service/windows/installer/Node.msi -a Node.cab
+        shell: cmd
+
+      # Sign the installer
+
+      - name: Rename the package to target filename.
+        run: |
+          cp ./service/windows/installer/Node.msi ./${{ env.ARTIFACT_NAME }}
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ github.job }}
+          path: ${{ env.ARTIFACT_NAME }}
 
