Skip to content

Commit

Permalink
build osslsigncode locally for debian:testing
Browse files Browse the repository at this point in the history
  • Loading branch information
vszakats committed May 21, 2024
1 parent 30f8da6 commit 3de05ea
Show file tree
Hide file tree
Showing 5 changed files with 44 additions and 4 deletions.
6 changes: 5 additions & 1 deletion _build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -454,7 +454,11 @@ fi
if [ "${_OS}" = 'win' ] && \
[ -s "${SIGN_CODE_KEY}" ]; then
if command -v osslsigncode >/dev/null 2>&1; then
osslsigncode --version # We need 2.2 or newer
export _OSSLSIGNCODE=osslsigncode
"${_OSSLSIGNCODE}" --version # We need 2.2 or newer
elif [ -x "$(pwd)/osslsigncode-local" ]; then
export _OSSLSIGNCODE; _OSSLSIGNCODE="$(pwd)/osslsigncode-local"
"${_OSSLSIGNCODE}" --version
elif [ -n "${SIGN_PKG_KEY_PASS:+1}" ]; then
unset SIGN_CODE_KEY_PASS
echo "! WARNING: osslsigncode not found, code signing disabled."
Expand Down
13 changes: 13 additions & 0 deletions _dl.sh
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,11 @@ cat <<EOF
"ref_expr": "boringssl_revision",
"ref_mask": "([0-9a-fA-F]{32,})"
},
{
"name": "osslsigncode",
"url": "https://github.com/mtrojnar/osslsigncode/archive/refs/tags/{vermm}.tar.gz",
"redir": "redir"
},
{
"name": "zlibng",
"url": "https://github.com/zlib-ng/zlib-ng/archive/refs/tags/{ver}.tar.gz",
Expand Down Expand Up @@ -837,4 +842,12 @@ if [[ "${_DEPS}" = *'trurl'* ]]; then
live_xt trurl "${TRURL_HASH}"
fi

if [ "${_OS}" = 'win' ] && \
[ -n "${SIGN_CODE_GPG_PASS:+1}" ] && \
! command -v osslsigncode >/dev/null 2>&1; then
live_dl osslsigncode "${OSSLSIGNCODE_VER_}"
live_xt osslsigncode "${OSSLSIGNCODE_HASH}"
./osslsigncode.sh "${OSSLSIGNCODE_VER_}"
fi

rm -r -f "${gpgdir:?}"
7 changes: 4 additions & 3 deletions _sign-code.sh
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,8 @@ set -o xtrace -o errexit -o nounset; [ -n "${BASH:-}${ZSH_NAME:-}" ] && set -o p
# Linux: https://stackoverflow.com/questions/1732927/signed-executables-under-linux
if [ "${_OS}" = 'win' ] && \
[ -s "${SIGN_CODE_KEY}" ] && \
[ -n "${SIGN_CODE_KEY_PASS:+1}" ]; then
[ -n "${SIGN_CODE_KEY_PASS:+1}" ] && \
[ -n "${_OSSLSIGNCODE}" ]; then

_ref="$1"
shift
Expand All @@ -26,15 +27,15 @@ if [ "${_OS}" = 'win' ] && \
echo "Code signing: '${file}'"
# Requires: osslsigncode 2.4 or newer
# -ts 'https://freetsa.org/tsr'
osslsigncode sign \
"${_OSSLSIGNCODE}" sign \
-h sha512 \
-in "${file}" -out "${file}-signed" \
-time "${unixts}" \
-pkcs12 "${SIGN_CODE_KEY}" -readpass /dev/stdin <<EOF
${SIGN_CODE_KEY_PASS}
EOF
# # Create detached code signature:
# osslsigncode extract-signature \
# "${_OSSLSIGNCODE}" extract-signature \
# -in "${file}-signed" \
# -out "${file}.p7"
cp -f "${file}-signed" "${file}"
Expand Down
2 changes: 2 additions & 0 deletions _versions.sh
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,8 @@ export BORINGSSL_VER_='2db0eb3f96a5756298dcd7f9319e56a98585bd10'
export BORINGSSL_HASH=cd240bf27450f75cd5f41c512a06297c00646cdbac9f87b604e9312771db15a6
export LIBRESSL_VER_='3.9.2'
export LIBRESSL_HASH=7b031dac64a59eb6ee3304f7ffb75dad33ab8c9d279c847f92c89fb846068f97
export OSSLSIGNCODE_VER_='2.8.0'
export OSSLSIGNCODE_HASH=d275d86bf0a8094e2c2ea451065299f965238be3cfaf3af6aff276302d759354
export ZLIBNG_VER_='2.1.6'
export ZLIBNG_HASH=a5d504c0d52e2e2721e7e7d86988dec2e290d723ced2307145dedd06aeb6fef2
export ZLIB_VER_='1.3.1'
Expand Down
20 changes: 20 additions & 0 deletions osslsigncode.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
#!/usr/bin/env bash

# Copyright (C) Viktor Szakats. See LICENSE.md
# SPDX-License-Identifier: MIT

# shellcheck disable=SC3040,SC2039
set -o xtrace -o errexit -o nounset; [ -n "${BASH:-}${ZSH_NAME:-}" ] && set -o pipefail

_NAM="$(basename "$0" | cut -f 1 -d '.')"
_VER="$1"

(
cd "${_NAM}" || exit 0

gcc -O3 \
osslsigncode.c helpers.c utf.c msi.c pe.c cab.c cat.c appx.c script.c \
-o ../osslsigncode-local \
-DHAVE_SYS_MMAN_H \
-lcrypto -lz
)

0 comments on commit 3de05ea

Please sign in to comment.