raps 3.8.0

🌼 RAPS (rapeseed) — Rust Autodesk Platform Services CLI
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187

<# 
.SYNOPSIS
    Sign RAPS CLI binaries for Windows, macOS, and Linux

.DESCRIPTION
    This script handles code signing for RAPS CLI binaries:
    - Windows: Authenticode signing with certificate
    - macOS: Apple Developer ID signing and notarization
    - Linux: GPG signing

.PARAMETER Platform
    Target platform: windows, macos, linux, or all

.PARAMETER BinaryPath
    Path to the binary to sign

.PARAMETER Certificate
    Path to signing certificate (Windows) or certificate name (macOS)

.PARAMETER KeyPath
    Path to GPG key (Linux)

.EXAMPLE
    .\sign-binaries.ps1 -Platform windows -BinaryPath .\target\release\raps.exe

.NOTES
    Requires appropriate signing tools to be installed:
    - Windows: signtool.exe (Windows SDK)
    - macOS: codesign, notarytool (Xcode)
    - Linux: gpg
#>

param(
    [Parameter(Mandatory=$true)]
    [ValidateSet("windows", "macos", "linux", "all")]
    [string]$Platform,

    [Parameter(Mandatory=$true)]
    [string]$BinaryPath,

    [string]$Certificate = "",
    [string]$KeyPath = "",
    [string]$TimestampServer = "http://timestamp.digicert.com"
)

$ErrorActionPreference = "Stop"

function Sign-Windows {
    param([string]$Binary, [string]$Cert, [string]$Timestamp)
    
    Write-Host "Signing Windows binary: $Binary" -ForegroundColor Cyan
    
    if (-not $Cert) {
        Write-Error "Certificate path required for Windows signing"
        exit 1
    }

    # Find signtool
    $signtool = Get-ChildItem -Path "C:\Program Files (x86)\Windows Kits" -Recurse -Filter "signtool.exe" | 
                Select-Object -First 1 -ExpandProperty FullName

    if (-not $signtool) {
        Write-Error "signtool.exe not found. Install Windows SDK."
        exit 1
    }

    # Sign the binary
    $signArgs = @(
        "sign",
        "/f", $Cert,
        "/fd", "SHA256",
        "/tr", $Timestamp,
        "/td", "SHA256",
        "/v",
        $Binary
    )

    Write-Host "Running: $signtool $($signArgs -join ' ')"
    & $signtool @signArgs

    if ($LASTEXITCODE -ne 0) {
        Write-Error "Signing failed with exit code $LASTEXITCODE"
        exit $LASTEXITCODE
    }

    # Verify signature
    Write-Host "Verifying signature..." -ForegroundColor Cyan
    & $signtool verify /pa /v $Binary

    Write-Host "Windows binary signed successfully!" -ForegroundColor Green
}

function Sign-MacOS {
    param([string]$Binary, [string]$Identity)
    
    Write-Host "Signing macOS binary: $Binary" -ForegroundColor Cyan
    
    if (-not $Identity) {
        Write-Error "Developer ID identity required for macOS signing"
        exit 1
    }

    # Sign with codesign
    $signArgs = @(
        "--sign", $Identity,
        "--timestamp",
        "--options", "runtime",
        $Binary
    )

    Write-Host "Running: codesign $($signArgs -join ' ')"
    codesign @signArgs

    if ($LASTEXITCODE -ne 0) {
        Write-Error "Signing failed with exit code $LASTEXITCODE"
        exit $LASTEXITCODE
    }

    # Verify signature
    Write-Host "Verifying signature..." -ForegroundColor Cyan
    codesign --verify --verbose=2 $Binary

    Write-Host "macOS binary signed successfully!" -ForegroundColor Green
    Write-Host "Note: Notarization may be required for distribution" -ForegroundColor Yellow
}

function Sign-Linux {
    param([string]$Binary, [string]$Key)
    
    Write-Host "Creating GPG signature for Linux binary: $Binary" -ForegroundColor Cyan
    
    $sigFile = "$Binary.sig"
    
    $gpgArgs = @(
        "--armor",
        "--detach-sign",
        "--output", $sigFile
    )

    if ($Key) {
        $gpgArgs += @("--local-user", $Key)
    }

    $gpgArgs += $Binary

    Write-Host "Running: gpg $($gpgArgs -join ' ')"
    gpg @gpgArgs

    if ($LASTEXITCODE -ne 0) {
        Write-Error "Signing failed with exit code $LASTEXITCODE"
        exit $LASTEXITCODE
    }

    # Verify signature
    Write-Host "Verifying signature..." -ForegroundColor Cyan
    gpg --verify $sigFile $Binary

    Write-Host "Linux binary signed successfully!" -ForegroundColor Green
    Write-Host "Signature file: $sigFile"
}

# Main execution
Write-Host "RAPS CLI Binary Signing" -ForegroundColor Cyan
Write-Host "========================" -ForegroundColor Cyan

if (-not (Test-Path $BinaryPath)) {
    Write-Error "Binary not found: $BinaryPath"
    exit 1
}

switch ($Platform) {
    "windows" {
        Sign-Windows -Binary $BinaryPath -Cert $Certificate -Timestamp $TimestampServer
    }
    "macos" {
        Sign-MacOS -Binary $BinaryPath -Identity $Certificate
    }
    "linux" {
        Sign-Linux -Binary $BinaryPath -Key $KeyPath
    }
    "all" {
        Write-Host "Signing all platforms not supported in single run. Run separately for each platform."
    }
}

Write-Host "`nSigning complete!" -ForegroundColor Green