Go back to using old expiring certificate

It's good till Oct 2nd so at least the next calibre release is doable.
2025-09-29 15:31:08 -04:00 · 2025-09-18 20:04:12 +05:30 · 2025-09-18 20:04:12 +05:30 · 0976c55c24
commit 0976c55c24
parent 4d5671496d
1 changed files with 35 additions and 30 deletions
--- a/bypy/windows/main.py
+++ b/bypy/windows/main.py
@ -24,6 +24,7 @@ iv = globals()['init_env']
 calibre_constants = iv['calibre_constants']
 QT_PREFIX = os.path.join(PREFIX, 'qt')
 QT_DLLS, QT_PLUGINS, PYQT_MODULES = iv['QT_DLLS'], iv['QT_PLUGINS'], iv['PYQT_MODULES']
+USE_KEYLOCKER = False

 APPNAME, VERSION = calibre_constants['appname'], calibre_constants['version']
 WINVER = VERSION + '.0'
@ -362,7 +363,8 @@ def build_portable(env):
            obj, 'User32.lib', 'Shell32.lib']
        run(*cmd)
        launchers.append(exe)
-        # sign_files(launchers)
+        if not USE_KEYLOCKER:
+            sign_files(launchers)

    printf('Creating portable installer')
    shutil.copytree(env.base, j(base, 'Calibre'))
@ -380,6 +382,7 @@ def build_portable(env):

 def sign_files(files):
    printf('Signing {} files'.format(len(files)))
+    if USE_KEYLOCKER:
        cspath = os.path.expandvars(r'${HOMEDRIVE}${HOMEPATH}\code-signing')
        evars = os.environ.copy()
        with open(os.path.join(cspath, 'digicert-api-key')) as f:
@ -402,12 +405,13 @@ def sign_files(files):
        args = [SIGNTOOL, 'sign', '/sha1', certificate_thumbprint,
                '/fd', 'sha256', '/td', 'sha256', '/d', 'calibre - E-book management',
                '/du', 'https://calibre-ebook.com', '/v', '/debug', '/tr']
-    # with open(os.path.expandvars(r'${HOMEDRIVE}${HOMEPATH}\code-signing\cert-cred')) as f:
-    #     pw = f.read().strip()
-    # CODESIGN_CERT = os.path.abspath(os.path.expandvars(r'${HOMEDRIVE}${HOMEPATH}\code-signing\authenticode.pfx'))
-    # args = [SIGNTOOL, 'sign', '/a', '/fd', 'sha256', '/td', 'sha256', '/d',
-    #         'calibre - E-book management', '/du',
-    #         'https://calibre-ebook.com', '/f', CODESIGN_CERT, '/p', pw, '/tr']
+    else:
+        with open(os.path.expandvars(r'${HOMEDRIVE}${HOMEPATH}\code-signing\cert-cred')) as f:
+            pw = f.read().strip()
+        CODESIGN_CERT = os.path.abspath(os.path.expandvars(r'${HOMEDRIVE}${HOMEPATH}\code-signing\authenticode.pfx'))
+        args = [SIGNTOOL, 'sign', '/a', '/fd', 'sha256', '/td', 'sha256', '/d',
+                'calibre - E-book management', '/du',
+                'https://calibre-ebook.com', '/f', CODESIGN_CERT, '/p', pw, '/tr']

    def runcmd(cmd):
        # See https://gist.github.com/Manouchehri/fd754e402d98430243455713efada710 for list of timestamp servers
@ -598,7 +602,8 @@ def sign_executables(env):
    for path in walk(env.base):
        if path.lower().endswith('.exe') or path.lower().endswith('.dll'):
            files_to_sign.append(path)
-    # sign_files(files_to_sign)
+    if not USE_KEYLOCKER:
+        sign_files(files_to_sign)


 def main():