From 9c1a7fb40babfadf0ec49a9bbe8f1fc2e168ec78 Mon Sep 17 00:00:00 2001 From: Bill Zissimopoulos Date: Mon, 16 May 2022 12:24:25 +0100 Subject: [PATCH] build: sign all artifacts destined for installation --- tools/build-choco.bat | 153 +----------------------------------------- tools/build.bat | 19 ++++-- 2 files changed, 14 insertions(+), 158 deletions(-) mode change 100755 => 120000 tools/build-choco.bat diff --git a/tools/build-choco.bat b/tools/build-choco.bat deleted file mode 100755 index 3f6dd851..00000000 --- a/tools/build-choco.bat +++ /dev/null @@ -1,152 +0,0 @@ -@echo off - -setlocal -setlocal EnableDelayedExpansion - -call "%~dp0myinfo.bat" - -set MsiName="%MyProductName% - %MyDescription%" -set CrossCert="%~dp0%MyCrossCert%" -set Issuer="%MyCertIssuer%" -set Subject="%MyCompanyName%" - -set Configuration=Release -set SignedPackage= - -if not X%1==X set Configuration=%1 -if not X%2==X set SignedPackage=%2 - -echo Configuration=%Configuration% -echo: - -if X%~nx0==Xbuild-choco.bat ( - cd %~dp0..\build\VStudio - goto :choco -) - -set BuildArm64=yes -if "%APPVEYOR_BUILD_WORKER_IMAGE%"=="Visual Studio 2015" ( - set BuildArm64=no -) -if "%APPVEYOR_BUILD_WORKER_IMAGE%"=="Visual Studio 2017" ( - set BuildArm64=no -) -if X%BuildArm64%==Xno ( - echo WARNING: APPVEYOR BUILD ON UNSUPPORTED VERSION OF VISUAL STUDIO. - echo WARNING: ARM64 BUILD PRODUCTS ARE COPIES OF X64 BUILD PRODUCTS. - echo: -) - -call "%~dp0vcvarsall.bat" x64 - -if not X%SignedPackage%==X ( - if not exist "%~dp0..\build\VStudio\build\%Configuration%\%MyProductFileName%-*.msi" (echo previous build not found >&2 & exit /b 1) - if not exist "%SignedPackage%" (echo signed package not found >&2 & exit /b 1) - del "%~dp0..\build\VStudio\build\%Configuration%\%MyProductFileName%-*.msi" - if exist "%~dp0..\build\VStudio\build\%Configuration%\winfsp.*.nupkg" del "%~dp0..\build\VStudio\build\%Configuration%\winfsp.*.nupkg" - for /R "%SignedPackage%" %%f in (*.sys) do ( - copy "%%f" "%~dp0..\build\VStudio\build\%Configuration%" >nul - ) -) - -cd %~dp0..\build\VStudio -set signfail=0 - -if X%SignedPackage%==X ( - if exist build\ for /R build\ %%d in (%Configuration%) do ( - if exist "%%d" rmdir /s/q "%%d" - ) - - if X%BuildArm64%==Xyes ( - devenv winfsp.sln /build "%Configuration%|ARM64" - if errorlevel 1 goto fail - ) - devenv winfsp.sln /build "%Configuration%|x64" - if errorlevel 1 goto fail - devenv winfsp.sln /build "%Configuration%|x86" - if errorlevel 1 goto fail - if X%BuildArm64%==Xno ( - copy build\%Configuration%\*-x64.* build\%Configuration%\*-a64.* >nul - if errorlevel 1 goto fail - ) - - for %%f in (build\%Configuration%\%MyProductFileName%-a64.sys build\%Configuration%\%MyProductFileName%-x64.sys build\%Configuration%\%MyProductFileName%-x86.sys) do ( - signtool sign /ac %CrossCert% /i %Issuer% /n %Subject% /fd sha1 /t http://timestamp.digicert.com %%f - if errorlevel 1 set /a signfail=signfail+1 - signtool sign /as /ac %CrossCert% /i %Issuer% /n %Subject% /fd sha256 /tr http://timestamp.digicert.com /td sha256 %%f - if errorlevel 1 set /a signfail=signfail+1 - ) - - pushd build\%Configuration% - echo .OPTION EXPLICIT >driver.ddf - echo .Set CabinetFileCountThreshold=0 >>driver.ddf - echo .Set FolderFileCountThreshold=0 >>driver.ddf - echo .Set FolderSizeThreshold=0 >>driver.ddf - echo .Set MaxCabinetSize=0 >>driver.ddf - echo .Set MaxDiskFileCount=0 >>driver.ddf - echo .Set MaxDiskSize=0 >>driver.ddf - echo .Set CompressionType=MSZIP >>driver.ddf - echo .Set Cabinet=on >>driver.ddf - echo .Set Compress=on >>driver.ddf - echo .Set CabinetNameTemplate=driver.cab >>driver.ddf - echo .Set DiskDirectory1=. >>driver.ddf - echo .Set DestinationDir=a64 >>driver.ddf - echo driver-a64.inf >>driver.ddf - echo %MyProductFileName%-a64.sys >>driver.ddf - echo .Set DestinationDir=x64 >>driver.ddf - echo driver-x64.inf >>driver.ddf - echo %MyProductFileName%-x64.sys >>driver.ddf - echo .Set DestinationDir=x86 >>driver.ddf - echo driver-x86.inf >>driver.ddf - echo %MyProductFileName%-x86.sys >>driver.ddf - makecab /F driver.ddf - signtool sign /ac %CrossCert% /i %Issuer% /n %Subject% /fd sha256 /tr http://timestamp.digicert.com /td sha256 driver.cab - if errorlevel 1 set /a signfail=signfail+1 - popd -) - -devenv winfsp.sln /build "Installer.%Configuration%|x86" -if errorlevel 1 goto fail - -for %%f in (build\%Configuration%\%MyProductFileName%-*.msi) do ( - signtool sign /ac %CrossCert% /i %Issuer% /n %Subject% /fd sha1 /t http://timestamp.digicert.com /d %MsiName% %%f - if errorlevel 1 set /a signfail=signfail+1 - REM signtool sign /ac %CrossCert% /i %Issuer% /n %Subject% /fd sha256 /tr http://timestamp.digicert.com /td sha256 /d %MsiName% %%f - REM if errorlevel 1 set /a signfail=signfail+1 -) - -if not %signfail%==0 echo SIGNING FAILED! The product has been successfully built, but not signed. - -set Version= -for %%f in (build\%Configuration%\%MyProductFileName%-*.msi) do set Version=%%~nf -set Version=!Version:%MyProductFileName%-=! -if X%SignedPackage%==X ( - pushd build\%Configuration% - powershell -command "Compress-Archive -Path winfsp-tests-*.exe,..\..\..\..\License.txt,..\..\..\..\tst\winfsp-tests\README.md -DestinationPath winfsp-tests-!Version!.zip" - if errorlevel 1 goto fail - popd -) - -:choco -if not exist "build\%Configuration%\%MyProductFileName%-*.msi" (echo installer msi not found >&2 & exit /b 1) -if not X!MyProductName!==XWinFsp (echo skipping choco build for !MyProductName! >&2 & exit /b 0) -set Version= -for %%f in (build\%Configuration%\%MyProductFileName%-*.msi) do set Version=%%~nf -set Version=!Version:%MyProductFileName%-=! -set PackageVersion=!Version! -if not X!MyProductStage!==XGold ( - set PackageVersion=!Version!-pre -) -where /q choco.exe -if %ERRORLEVEL% equ 0 ( - copy ..\choco\* build\%Configuration% - copy ..\choco\LICENSE.TXT /B + ..\..\License.txt /B build\%Configuration%\LICENSE.txt /B - certutil -hashfile build\%Configuration%\%MyProductFileName%-!Version!.msi SHA256 >>build\%Configuration%\VERIFICATION.txt - choco pack build\%Configuration%\winfsp.nuspec --version=!PackageVersion! --outputdirectory=build\%Configuration% MsiVersion=!Version! - if errorlevel 1 goto fail -) - -exit /b 0 - -:fail -exit /b 1 diff --git a/tools/build-choco.bat b/tools/build-choco.bat new file mode 120000 index 00000000..81628c94 --- /dev/null +++ b/tools/build-choco.bat @@ -0,0 +1 @@ +build.bat \ No newline at end of file diff --git a/tools/build.bat b/tools/build.bat index 3f6dd851..9e5ebad7 100755 --- a/tools/build.bat +++ b/tools/build.bat @@ -70,12 +70,19 @@ if X%SignedPackage%==X ( if errorlevel 1 goto fail ) - for %%f in (build\%Configuration%\%MyProductFileName%-a64.sys build\%Configuration%\%MyProductFileName%-x64.sys build\%Configuration%\%MyProductFileName%-x86.sys) do ( - signtool sign /ac %CrossCert% /i %Issuer% /n %Subject% /fd sha1 /t http://timestamp.digicert.com %%f - if errorlevel 1 set /a signfail=signfail+1 - signtool sign /as /ac %CrossCert% /i %Issuer% /n %Subject% /fd sha256 /tr http://timestamp.digicert.com /td sha256 %%f - if errorlevel 1 set /a signfail=signfail+1 - ) + pushd build\%Configuration% + set signfiles=^ + %MyProductFileName%-a64.sys %MyProductFileName%-x64.sys %MyProductFileName%-x86.sys^ + %MyProductFileName%-a64.dll %MyProductFileName%-x64.dll %MyProductFileName%-x86.dll %MyProductFileName%-msil.dll^ + launcher-a64.exe launcher-x64.exe launcher-x86.exe^ + launchctl-a64.exe launchctl-x64.exe launchctl-x86.exe^ + fsptool-a64.exe fsptool-x64.exe fsptool-x86.exe^ + memfs-a64.exe memfs-x64.exe memfs-x86.exe memfs-dotnet-msil.exe + signtool sign /ac %CrossCert% /i %Issuer% /n %Subject% /fd sha1 /t http://timestamp.digicert.com !signfiles! + if errorlevel 1 set /a signfail=signfail+1 + signtool sign /as /ac %CrossCert% /i %Issuer% /n %Subject% /fd sha256 /tr http://timestamp.digicert.com /td sha256 !signfiles! + if errorlevel 1 set /a signfail=signfail+1 + popd pushd build\%Configuration% echo .OPTION EXPLICIT >driver.ddf