Trim down

dechamps · May 26, 2024 · 6227ec1 · 6227ec1
1 parent d84bc0f
commit 6227ec1
Showing 1 changed file with 16 additions and 23 deletions.
diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml
@@ -3,33 +3,26 @@ jobs:
   test-scream:
     runs-on: windows-latest
     steps:
-      - run: net start audiosrv
-      - shell: powershell
-        run: Invoke-WebRequest https://github.com/duncanthrax/scream/releases/download/4.0/Scream4.0.zip -OutFile Scream4.0.zip
-      - shell: powershell
-        run: Expand-Archive -Path Scream4.0.zip -DestinationPath Scream
-      - run: cat "C:\Program Files\Common Files\SSL/openssl.cnf"
-      - run: openssl req -batch -verbose -x509 -newkey rsa -keyout ScreamCertificate.pvk -out ScreamCertificate.cer -nodes -extensions v3_req -addext extendedKeyUsage=codeSigning
-      - run: openssl x509 -in ScreamCertificate.cer -text
+      - run: 'Invoke-WebRequest https://github.com/duncanthrax/scream/releases/download/4.0/Scream4.0.zip -OutFile Scream4.0.zip'
+      - run: 'Expand-Archive -Path Scream4.0.zip -DestinationPath Scream'
+      # To work around https://github.com/duncanthrax/scream/issues/215, create our own self-signed certificate for the Scream driver.
+      # makecert.exe insists on interactively asking the user for a password (sigh...), so use OpenSSL instead.
+      # `-extensions v3_req` is a trick to make sure the resulting cert has basic constraint CA:FALSE (the default is CA:TRUE which is problematic here) without having to create an OpenSSL config file.
+      - run: 'openssl req -batch -verbose -x509 -newkey rsa -keyout ScreamCertificate.pvk -out ScreamCertificate.cer -nodes -extensions v3_req -addext extendedKeyUsage=codeSigning'
       - run: 'openssl pkcs12 -export -nodes -in ScreamCertificate.cer -inkey ScreamCertificate.pvk -out ScreamCertificate.pfx -passout pass:'
+      # This is just to make sure signtool.exe is in the PATH
       - uses: ilammy/msvc-dev-cmd@v1
-      - run: signtool sign /v /fd SHA256 /f ScreamCertificate.pfx Scream\Install\driver\x64\Scream.sys
+      # Sign the driver with the self-signed certificate we just made.
+      - run: 'signtool sign /v /fd SHA256 /f ScreamCertificate.pfx Scream\Install\driver\x64\Scream.sys'
       - run: '& "C:\Program Files (x86)\Windows Kits\10\bin\x86\Inf2Cat.exe" /driver:Scream\Install\driver\x64\ /os:ServerFE_X64'
-      - run: signtool sign /v /fd SHA256 /f ScreamCertificate.pfx Scream\Install\driver\x64\Scream.cat
-      - run: (Get-AuthenticodeSignature Scream\Install\driver\x64\Scream.cat).SignerCertificate | Export-Certificate -FilePath cert.cer
-        shell: powershell
-      - run: Import-Certificate -FilePath cert.cer -CertStoreLocation Cert:\LocalMachine\root
-        shell: powershell
-      - run: Import-Certificate -FilePath cert.cer -CertStoreLocation Cert:\LocalMachine\TrustedPublisher
-        shell: powershell
-      - shell: powershell
-        run: Install-Module -Name PShot -AcceptLicense -Force
-      - shell: powershell
-        run: |
-          Import-Module -Name PShot
-          Start-Job { Get-PShot -Directory . -Delay 30 }
-          Scream\Install\helpers\devcon-x64.exe install Scream\Install\driver\x64\Scream.inf *Scream
+      - run: 'signtool sign /v /fd SHA256 /f ScreamCertificate.pfx Scream\Install\driver\x64\Scream.cat'
+      # Tell Windows to trust the self-signed certificate we just made.
+      - run: 'Import-Certificate -FilePath ScreamCertificate.cer -CertStoreLocation Cert:\LocalMachine\root'
+      - run: 'Import-Certificate -FilePath ScreamCertificate.cer -CertStoreLocation Cert:\LocalMachine\TrustedPublisher'
+      # Finally, install the driver.
+      - run: 'Scream\Install\helpers\devcon-x64.exe install Scream\Install\driver\x64\Scream.inf *Scream'
         continue-on-error: true
+        # For convenience, make sure we fail fast if for whatever reason the install gets blocked on some GUI prompt.
         timeout-minutes: 1
       - uses: actions/upload-artifact@v2
         with: