From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 67606 invoked by alias); 12 Dec 2016 13:30:40 -0000 Mailing-List: contact cygwin-apps-help@cygwin.com; run by ezmlm Precedence: bulk Sender: cygwin-apps-owner@cygwin.com List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Mail-Followup-To: cygwin-apps@cygwin.com Received: (qmail 67226 invoked by uid 89); 12 Dec 2016 13:30:24 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=1.5 required=5.0 tests=AWL,BAYES_50,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_NONE autolearn=no version=3.3.2 spammy=signing, expires, HCc:D*uk, APPLY X-HELO: rgout01.bt.lon5.cpcloud.co.uk Received: from rgout0107.bt.lon5.cpcloud.co.uk (HELO rgout01.bt.lon5.cpcloud.co.uk) (65.20.0.127) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 12 Dec 2016 13:30:14 +0000 X-OWM-Source-IP: 86.179.112.226 (GB) X-OWM-Env-Sender: jonturney@btinternet.com X-Junkmail-Premium-Raw: score=7/50,refid=2.7.2:2016.12.12.125715:17:7.944,ip=,rules=__HAS_FROM, __TO_MALFORMED_2, __TO_NO_NAME, __HAS_CC_HDR, __CC_NAME, __CC_NAME_DIFF_FROM_ACC, __HAS_MSGID, __SANE_MSGID, __HAS_X_MAILER, __IN_REP_TO, __REFERENCES, __FROM_DOMAIN_IN_ANY_CC1, __ANY_URI, __HTTPS_URI, __URI_WITH_PATH, URI_ENDS_IN_HTML, __URI_NO_WWW, __CP_URI_IN_BODY, __FRAUD_MONEY_CURRENCY_DOLLAR, __MULTIPLE_URI_TEXT, __URI_IN_BODY, __NO_HTML_TAG_RAW, BODYTEXTP_SIZE_3000_LESS, BODY_SIZE_1800_1899, __MIME_TEXT_P1, __MIME_TEXT_ONLY, __URI_NS, HTML_00_01, HTML_00_10, __FRAUD_MONEY_CURRENCY, BODY_SIZE_5000_LESS, BODY_SIZE_2000_LESS, __FROM_DOMAIN_IN_RCPT, IN_REP_TO, __MIME_TEXT_P, REFERENCES, BODY_SIZE_7000_LESS, MSG_THREAD, __CC_REAL_NAMES, MULTIPLE_REAL_RCPTS, LEGITIMATE_SIGNS, LEGITIMATE_NEGATE Received: from localhost.localdomain (86.179.112.226) by rgout01.bt.lon5.cpcloud.co.uk (9.0.019.13-1) (authenticated as jonturney@btinternet.com) id 584829CB0066041F; Mon, 12 Dec 2016 13:30:03 +0000 From: Jon Turney To: cygwin-apps@cygwin.com Cc: Jon Turney Subject: [PATCH setup 4/4] Codesign setup.exe (DO NOT APPLY) Date: Mon, 12 Dec 2016 13:30:00 -0000 Message-Id: <20161212132929.58904-5-jon.turney@dronecode.org.uk> In-Reply-To: <20161212132929.58904-1-jon.turney@dronecode.org.uk> References: <20161212132929.58904-1-jon.turney@dronecode.org.uk> X-SW-Source: 2016-12/txt/msg00016.txt.bz2 As discussed in https://cygwin.com/ml/cygwin/2015-04/msg00133.html This is quite straightforward, but unfortunately, requires a non-technical problem to be solved to complete. 1/ A code signing certificate signed by a CA is required. 2/ The signature should be timestamped, so that it remains vaild after the signing key expires, but I assume you have to use the timestamp service of the CA that signed the key. Signed-off-by: Jon Turney --- .gitignore | 2 ++ Makefile.am | 13 +++++++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 8b81166..a27cae3 100644 --- a/.gitignore +++ b/.gitignore @@ -12,3 +12,5 @@ autoconf.h.in* inilex.cc iniparse.cc iniparse.hh +cygwin.crt +cygwin.key diff --git a/Makefile.am b/Makefile.am index 12ad5ca..5afbb9f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -293,8 +293,8 @@ setup-src: git ls-files | tar -T - -cJf ${CURDIR}/$$ver-src.tar.xz;\ echo $$ver-src.tar.xz; exec rm -f $$ver -# optional: strip and compress executable -.PHONY: strip upx +# optional: strip, compress and sign executable +.PHONY: strip upx sign strip: all $(OBJCOPY) --add-gnu-debuglink=/dev/null --only-keep-debug setup$(EXEEXT) setup.dbg @@ -307,3 +307,12 @@ upx: strip else \ echo "UPX doesn't seem to be installed, cannot compress setup$(EXEEXT)." ;\ fi + +sign: upx + @if [ -e `which osslsigncode` ]; then \ + osslsigncode sign -certs $(srcdir)/cygwin.crt -key $(srcdir)/cygwin.key -n "Cygwin setup" -i https://cygwin.com/ -in setup$(EXEEXT) -out setup-signed$(EXEEXT) ;\ + chmod +x setup-signed.exe ;\ + mv setup-signed.exe setup.exe ;\ + else \ + echo "osslsigncode not found, cannot sign setup$(EXEEXT)." ;\ + fi -- 2.8.3