Add MrTrust GUI and Gitea release build

scripts/New-MrTrustCertificate.ps1

@@ -0,0 +1,90 @@
+[CmdletBinding()]
+param(
+    [string]$PublisherName = "MrSphay",
+    [string]$RootSubject = "CN=MrSphay Local Trust Root",
+    [string]$SigningSubject = "CN=MrSphay Code Signing",
+    [string]$PublicCertificateDirectory = ".\assets\certificates",
+    [string]$PrivateDirectory = ".\private",
+    [int]$ValidYears = 5,
+    [switch]$SkipPfxExport
+)
+
+$ErrorActionPreference = "Stop"
+
+function Resolve-FullPath {
+    param([Parameter(Mandatory)][string]$Path)
+
+    $executionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath($Path)
+}
+
+if ($ValidYears -lt 1 -or $ValidYears -gt 20) {
+    throw "ValidYears must be between 1 and 20."
+}
+
+$publicDirectory = Resolve-FullPath $PublicCertificateDirectory
+$privateDirectory = Resolve-FullPath $PrivateDirectory
+
+New-Item -ItemType Directory -Force -Path $publicDirectory | Out-Null
+if (-not $SkipPfxExport) {
+    New-Item -ItemType Directory -Force -Path $privateDirectory | Out-Null
+}
+
+$rootCertPath = Join-Path $publicDirectory "$PublisherName-LocalTrust-Root.cer"
+$signingCertPath = Join-Path $publicDirectory "$PublisherName-CodeSigning.cer"
+$pfxPath = Join-Path $privateDirectory "$PublisherName-CodeSigning.pfx"
+
+Write-Host "Creating local trust root certificate: $RootSubject"
+$rootCertificate = New-SelfSignedCertificate `
+    -Type Custom `
+    -Subject $RootSubject `
+    -KeyAlgorithm RSA `
+    -KeyLength 4096 `
+    -HashAlgorithm SHA256 `
+    -KeyExportPolicy Exportable `
+    -KeyUsage CertSign, CRLSign, DigitalSignature `
+    -TextExtension @("2.5.29.19={critical}{text}ca=1&pathlength=1") `
+    -CertStoreLocation "Cert:\CurrentUser\My" `
+    -NotAfter (Get-Date).AddYears($ValidYears)
+
+Write-Host "Creating code-signing certificate: $SigningSubject"
+$signingCertificate = New-SelfSignedCertificate `
+    -Type CodeSigningCert `
+    -Subject $SigningSubject `
+    -Signer $rootCertificate `
+    -KeyAlgorithm RSA `
+    -KeyLength 4096 `
+    -HashAlgorithm SHA256 `
+    -KeyExportPolicy Exportable `
+    -CertStoreLocation "Cert:\CurrentUser\My" `
+    -NotAfter (Get-Date).AddYears($ValidYears)
+
+Export-Certificate -Cert $rootCertificate -FilePath $rootCertPath -Force | Out-Null
+Export-Certificate -Cert $signingCertificate -FilePath $signingCertPath -Force | Out-Null
+
+if (-not $SkipPfxExport) {
+    $password = Read-Host "Enter a strong password for the private code-signing PFX" -AsSecureString
+    Export-PfxCertificate -Cert $signingCertificate -FilePath $pfxPath -Password $password -Force | Out-Null
+}
+
+Write-Host ""
+Write-Host "Created public root certificate:"
+Write-Host "  $rootCertPath"
+Write-Host "Root thumbprint:"
+Write-Host "  $($rootCertificate.Thumbprint)"
+Write-Host ""
+Write-Host "Created public signing certificate:"
+Write-Host "  $signingCertPath"
+Write-Host "Signing thumbprint:"
+Write-Host "  $($signingCertificate.Thumbprint)"
+Write-Host ""
+if ($SkipPfxExport) {
+    Write-Host "Skipped private PFX export."
+    Write-Host "Use this thumbprint for signing from the Windows certificate store:"
+    Write-Host "  $($signingCertificate.Thumbprint)"
+}
+else {
+    Write-Host "Created private PFX:"
+    Write-Host "  $pfxPath"
+    Write-Host ""
+    Write-Warning "Do not commit, publish, or share the private .pfx file or its password."
+}