From e4cb42c599f058de7d22cd23d59b34609df21616 Mon Sep 17 00:00:00 2001 From: R4SAS Date: Sun, 20 Feb 2022 12:53:31 +0300 Subject: [PATCH] [win] add binary signing support Signed-off-by: R4SAS --- build/build_mingw.cmd | 66 +++++++++++++++++++++++++++++++++++------ build/win_installer.iss | 5 +--- 2 files changed, 58 insertions(+), 13 deletions(-) diff --git a/build/build_mingw.cmd b/build/build_mingw.cmd index 847a318f..e09fab9f 100644 --- a/build/build_mingw.cmd +++ b/build/build_mingw.cmd @@ -8,8 +8,8 @@ REM See full license text in LICENSE file at top of project tree REM To use that script, you must have installed in your MSYS installation these packages: REM Base: git make zip -REM x86_64: mingw-w64-x86_64-boost mingw-w64-x86_64-openssl mingw-w64-x86_64-gcc -REM i686: mingw-w64-i686-boost mingw-w64-i686-openssl mingw-w64-i686-gcc +REM UCRT64: mingw-w64-ucrt-x86_64-boost mingw-w64-ucrt-x86_64-openssl mingw-w64-ucrt-x86_64-gcc +REM MINGW32: mingw-w64-i686-boost mingw-w64-i686-openssl mingw-w64-i686-gcc REM setting up variables for MSYS REM Note: if you installed MSYS64 to different path, edit WD variable (only C:\msys64 needed to edit)! @@ -36,12 +36,12 @@ echo Receiving latest commit and cleaning up... %xSH% "git checkout contrib/* && git pull && make clean" > build\build.log 2>&1 REM set to variable current commit hash -FOR /F "usebackq" %%a IN (`%xSH% "git describe --tags"`) DO ( +for /F "usebackq" %%a in (`%xSH% "git describe --tags"`) DO ( set tag=%%a ) REM set to variable latest released tag -FOR /F "usebackq" %%b IN (`%xSH% "git describe --abbrev=0"`) DO ( +for /F "usebackq" %%b in (`%xSH% "git describe --abbrev=0"`) DO ( set reltag=%%b ) @@ -49,19 +49,38 @@ echo Preparing configuration files and README for packaging... %xSH% "echo To use configs and certificates, move all files and certificates folder from contrib directory here. > README.txt" >> nul -REM converting configuration files to DOS format (usable in default notepad) +REM converting configuration files to DOS format (make usable in Windows Notepad) %xSH% "unix2dos contrib/i2pd.conf contrib/tunnels.conf contrib/tunnels.d/* contrib/webconsole/style.css" >> build\build.log 2>&1 +REM Prepare binary signing command if signing key and password provided +if defined SIGNKEY ( + if defined SIGNPASS ( + echo Signing options found^^! + + for %%X in (signtool.exe) do (set xSIGNTOOL=%%~$PATH:X) + if not defined xSIGNTOOL ( + if not defined SIGNTOOL ( + echo Error: Can't find signtool^^! Please provide path to binary using SIGNTOOL variable^^! + exit /b 1 + ) else ( + set "xSIGNTOOL=%SIGNTOOL%" + ) + ) + + set "xSIGNOPTS=sign /tr http://timestamp.digicert.com /td sha256 /fd sha256 /f ^"%SIGNKEY%^" /p ^"%SIGNPASS%^"" + ) +) + REM starting building set MSYSTEM=MINGW32 set bitness=32 call :BUILDING -set MSYSTEM=MINGW64 +set MSYSTEM=UCRT64 set bitness=64 call :BUILDING -IF exist C:\msys64-xp\ ( +if exist C:\msys64-xp\ ( REM building for WinXP set "WD=C:\msys64-xp\usr\bin\" set MSYSTEM=MINGW32 @@ -72,8 +91,14 @@ IF exist C:\msys64-xp\ ( ) REM compile installer +echo Building installer... C:\PROGRA~2\INNOSE~1\ISCC.exe /dI2Pd_TextVer="%tag%" /dI2Pd_Ver="%reltag%.0" build\win_installer.iss >> build\build.log 2>&1 +REM Sign binary +if defined xSIGNOPTS ( + "%xSIGNTOOL%" %xSIGNOPTS% build\setup_i2pd_v%tag%.exe +) + %xSH% "git checkout contrib/*" >> build\build.log 2>&1 del README.txt i2pd_x32.exe i2pd_x64.exe i2pd_xp.exe >> nul @@ -84,12 +109,35 @@ exit /b 0 :BUILDING %xSH% "make clean" >> nul echo Building i2pd %tag% for win%bitness%... -%xSH% "make DEBUG=no USE_UPNP=yes -j%threads% && cp i2pd.exe i2pd_x%bitness%.exe && zip -r9 build/i2pd_%tag%_win%bitness%_mingw.zip %FILELIST% && make clean" > build\build_win%bitness%_%tag%.log 2>&1 +REM Build i2pd +%xSH% "make DEBUG=no USE_UPNP=yes -j%threads%" > build\build_win%bitness%_%tag%.log 2>&1 + +REM Sign binary +if defined xSIGNOPTS ( + "%xSIGNTOOL%" %xSIGNOPTS% i2pd.exe +) + +REM Copy binary for installer and create distribution archive +%xSH% "cp i2pd.exe i2pd_x%bitness%.exe && zip -r9 build/i2pd_%tag%_win%bitness%_mingw.zip %FILELIST%" >> build\build_win%bitness%_%tag%.log 2>&1 + +REM Clean work directory +%xSH% "make clean" >> build\build_win%bitness%_%tag%.log 2>&1 goto EOF :BUILDING_XP %xSH% "make clean" >> nul echo Building i2pd %tag% for winxp... -%xSH% "make DEBUG=no USE_UPNP=yes USE_WINXP_FLAGS=yes -j%threads% && cp i2pd.exe i2pd_xp.exe && zip -r9 build/i2pd_%tag%_winxp_mingw.zip %FILELIST% && make clean" > build\build_winxp_%tag%.log 2>&1 +%xSH% "make DEBUG=no USE_UPNP=yes USE_WINXP_FLAGS=yes -j%threads%" > build\build_winxp_%tag%.log 2>&1 + +REM Sign binary +if defined xSIGNOPTS ( + "%xSIGNTOOL%" %xSIGNOPTS% i2pd.exe +) + +REM Copy binary for installer and create distribution archive +%xSH% "cp i2pd.exe i2pd_xp.exe && zip -r9 build/i2pd_%tag%_winxp_mingw.zip %FILELIST%" >> build\build_winxp_%tag%.log 2>&1 + +REM Clean work directory +%xSH% "make clean" >> build\build_winxp_%tag%.log 2>&1 :EOF \ No newline at end of file diff --git a/build/win_installer.iss b/build/win_installer.iss index 6de6e518..cfeff812 100644 --- a/build/win_installer.iss +++ b/build/win_installer.iss @@ -1,8 +1,5 @@ #define I2Pd_AppName "i2pd" #define I2Pd_Publisher "PurpleI2P" -; Get application version from compiled binary -; Disabled to use definition from command line -;#define I2Pd_ver GetFileVersionString(AddBackslash(SourcePath) + "..\i2pd_x64.exe") [Setup] AppName={#I2Pd_AppName} @@ -27,7 +24,7 @@ ExtraDiskSpaceRequired=15 AppID={{621A23E0-3CF4-4BD6-97BC-4835EA5206A2} AppVerName={#I2Pd_AppName} -AppCopyright=Copyright (c) 2013-2020, The PurpleI2P Project +AppCopyright=Copyright (c) 2013-2022, The PurpleI2P Project AppPublisherURL=http://i2pd.website/ AppSupportURL=https://github.com/PurpleI2P/i2pd/issues AppUpdatesURL=https://github.com/PurpleI2P/i2pd/releases