# deploy-and-sign.ps1 — ky file, stop service, deploy, start lai # Chay voi quyen Admin $ErrorActionPreference = "Stop" $isAdmin = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole( [Security.Principal.WindowsBuiltInRole]::Administrator ) if (-not $isAdmin) { Write-Host "Can quyen Admin, dang tu nang quyen..." -ForegroundColor Yellow $log = "$env:TEMP\deploy-sign-log.txt" Remove-Item $log -ErrorAction SilentlyContinue Start-Process powershell -Verb RunAs -Wait ` -ArgumentList "-ExecutionPolicy Bypass -File `"$PSCommandPath`"" Start-Sleep -Milliseconds 800 if (Test-Path $log) { Get-Content $log } else { Write-Warning "Khong co log — UAC bi tu choi?" } exit } Start-Transcript -Path "$env:TEMP\deploy-sign-log.txt" -Force | Out-Null $distDir = "C:\Users\huanld\tailscale\dist" $destDir = "C:\Program Files\Tailscale-Custom" $files = @("tailscaled.exe", "tailscale.exe") # ──────────────────────────────────────────────── # 1. Lay cert # ──────────────────────────────────────────────── Write-Host "`n=== KY FILE ===" -ForegroundColor Cyan $cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Subject -eq "CN=Tailscale-Custom, O=SoftsBusiness, C=VN" -and $_.HasPrivateKey } | Sort-Object NotAfter -Descending | Select-Object -First 1 if (-not $cert) { Write-Error "Khong tim thay code-signing cert trong LocalMachine\My!" Stop-Transcript | Out-Null exit 1 } Write-Host " Dung cert: $($cert.Thumbprint)" # ──────────────────────────────────────────────── # 2. Ky tung file trong dist\ # ──────────────────────────────────────────────── foreach ($name in $files) { $path = Join-Path $distDir $name if (-not (Test-Path $path)) { Write-Warning " Khong tim thay: $path"; continue } # Thu ky voi timestamp $r = Set-AuthenticodeSignature -FilePath $path -Certificate $cert ` -TimestampServer "http://timestamp.digicert.com" -HashAlgorithm SHA256 ` -ErrorAction SilentlyContinue if (-not $r -or $r.Status -notin @("Valid")) { Write-Warning " Timestamp loi ($($r.StatusMessage)), ky khong timestamp..." $r = Set-AuthenticodeSignature -FilePath $path -Certificate $cert -HashAlgorithm SHA256 } if ($r.Status -eq "Valid") { Write-Host " [OK] $name" -ForegroundColor Green } else { Write-Host " [~] $name => $($r.Status) — $($r.StatusMessage)" -ForegroundColor Yellow } } # ──────────────────────────────────────────────── # 3. Dung service + process # ──────────────────────────────────────────────── Write-Host "`n=== DUNG SERVICE ===" -ForegroundColor Cyan Stop-Service "Tailscale-Custom" -Force -ErrorAction SilentlyContinue Stop-Process -Name tailscaled -Force -ErrorAction SilentlyContinue Start-Sleep -Seconds 2 Write-Host " Service da dung" # ──────────────────────────────────────────────── # 4. Copy vao Program Files # ──────────────────────────────────────────────── Write-Host "`n=== COPY FILES ===" -ForegroundColor Cyan foreach ($name in $files) { $src = Join-Path $distDir $name $dst = Join-Path $destDir $name if (-not (Test-Path $src)) { Write-Warning " Khong tim thay: $src"; continue } Copy-Item $src $dst -Force $sz = [math]::Round((Get-Item $dst).Length / 1MB, 1) Write-Host " [OK] $name -> $dst ($sz MB)" -ForegroundColor Green } # ──────────────────────────────────────────────── # 5. Start service # ──────────────────────────────────────────────── Write-Host "`n=== START SERVICE ===" -ForegroundColor Cyan Start-Service "Tailscale-Custom" Start-Sleep -Seconds 4 $svc = Get-Service "Tailscale-Custom" if ($svc.Status -eq "Running") { Write-Host " [OK] Service dang chay: $($svc.Status)" -ForegroundColor Green } else { Write-Host " [!!] Service status: $($svc.Status)" -ForegroundColor Red } # ──────────────────────────────────────────────── # 6. Kiem tra chu ky trong Program Files # ──────────────────────────────────────────────── Write-Host "`n=== XAC NHAN CHU KY ===" -ForegroundColor Cyan foreach ($name in $files) { $path = Join-Path $destDir $name if (-not (Test-Path $path)) { continue } $sig = Get-AuthenticodeSignature -FilePath $path Write-Host " $name => $($sig.Status) [$($sig.SignerCertificate.Thumbprint)]" } Write-Host "`n=== HOAN THANH ===" -ForegroundColor Green Stop-Transcript | Out-Null