From c3f30e375dac8fae593ad6bc656c6b32a63801a7 Mon Sep 17 00:00:00 2001 From: anemeth Date: Wed, 9 Apr 2025 09:32:38 -0700 Subject: [PATCH 1/2] Flatten signed zip artifacts to better match unsigned artifact composition --- .github/workflows/publish.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 1a4766b1..0c9c1fd8 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -138,7 +138,8 @@ jobs: - name: Zip Signed Executables run: | mkdir zipped - 7z a -tzip -mx9 zipped/${{ env.FILE_NAME }}.zip signed/* + cd signed + 7z a -tzip -mx9 ../zipped/${{ env.FILE_NAME }}.zip * - name: Checksum Zipped Files run: | From 181f60846384e1a6db657a7b213ff6436a25784b Mon Sep 17 00:00:00 2001 From: anemeth Date: Mon, 14 Apr 2025 10:49:24 -0700 Subject: [PATCH 2/2] Add checksums for executable binaries in addition to existing .zip checksums --- .github/workflows/publish.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 0c9c1fd8..5a6de91c 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -45,6 +45,11 @@ jobs: name: azurehound-bin-${{ matrix.os }}-${{ matrix.arch }} path: azurehound* + - name: Create Executable Checksums + run: | + file=$(ls azurehound*) + sha256sum $file > ${file}.sha256 + - name: Zip run: 7z a -tzip -mx9 ${{ env.FILE_NAME }}.zip azurehound* @@ -135,6 +140,12 @@ jobs: osslsigncode verify -CAfile cert-chain.pem "$artifact" done + - name: Create Executable Checksums + run: | + cd signed + file=$(ls azurehound*) + sha256sum $file > ${file}.sha256 + - name: Zip Signed Executables run: | mkdir zipped