[PATCH setup 4/4] Codesign setup.exe (DO NOT APPLY)

[PATCH setup 4/4] Codesign setup.exe (DO NOT APPLY)

[Jon Turney]

As discussed in https://cygwin.com/ml/cygwin/2015-04/msg00133.html

This is quite straightforward, but unfortunately, requires a non-technical
problem to be solved to complete.

1/ A code signing certificate signed by a CA is required.

2/ The signature should be timestamped, so that it remains vaild after the
signing key expires, but I assume you have to use the timestamp service of
the CA that signed the key.

Signed-off-by: Jon Turney <jon.turney@dronecode.org.uk>
---
 .gitignore  |  2 ++
 Makefile.am | 13 +++++++++++--
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 8b81166..a27cae3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,3 +12,5 @@ autoconf.h.in*
 inilex.cc
 iniparse.cc
 iniparse.hh
+cygwin.crt
+cygwin.key
diff --git a/Makefile.am b/Makefile.am
index 12ad5ca..5afbb9f 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -293,8 +293,8 @@ setup-src:
 	git ls-files | tar -T - -cJf ${CURDIR}/$$ver-src.tar.xz;\
 	echo $$ver-src.tar.xz; exec rm -f $$ver
 
-# optional: strip and compress executable
-.PHONY:	strip upx
+# optional: strip, compress and sign executable
+.PHONY:	strip upx sign
 
 strip:	all
 	$(OBJCOPY) --add-gnu-debuglink=/dev/null --only-keep-debug setup$(EXEEXT) setup.dbg
@@ -307,3 +307,12 @@ upx:	strip
 	else \
 		echo "UPX doesn't seem to be installed, cannot compress setup$(EXEEXT)." ;\
 	fi
+
+sign:	upx
+	@if [ -e `which osslsigncode` ]; then \
+		osslsigncode sign -certs $(srcdir)/cygwin.crt -key $(srcdir)/cygwin.key -n "Cygwin setup" -i https://cygwin.com/ -in setup$(EXEEXT) -out setup-signed$(EXEEXT) ;\
+		chmod +x setup-signed.exe ;\
+		mv setup-signed.exe setup.exe ;\
+	else \
+		echo "osslsigncode not found, cannot sign setup$(EXEEXT)." ;\
+	fi
-- 
2.8.3

[PATCH setup 2/4] Fully initialize PROPSHEETPAGE

[Jon Turney]

Avoids uninitilized data access errors reported by Dr.Memory

Signed-off-by: Jon Turney <jon.turney@dronecode.org.uk>
---
 proppage.cc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/proppage.cc b/proppage.cc
index c03e5f7..d4d2926 100644
--- a/proppage.cc
+++ b/proppage.cc
@@ -67,6 +67,7 @@ PropertyPage::Create (DLGPROC dlgproc,
 			BOOL (*cproc) (HWND h, int id, HWND hwndctl,
 				       UINT code), int TemplateID)
 {
+  memset(&psp, 0, sizeof (PROPSHEETPAGE));
   psp.dwSize = sizeof (PROPSHEETPAGE);
   psp.dwFlags = 0;
   psp.hInstance = GetInstance ();
-- 
2.8.3

[PATCH setup 1/4] Use English button labels 'Keep', 'Current' and 'Test'

[Jon Turney]

Use the English words 'Keep', 'Current' and 'Test' as button labels, rather
than 'Keep', 'Curr' and 'Exp'.

Signed-off-by: Jon Turney <jon.turney@dronecode.org.uk>
---
 res.rc | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/res.rc b/res.rc
index 1227418..aad74ac 100644
--- a/res.rc
+++ b/res.rc
@@ -309,7 +309,7 @@ BEGIN
 END
 
 // Width for Keep/Prev/Curr/Exp buttons.
-#define SETUP_KPCE_W		(30)
+#define SETUP_KPCE_W		(35)
 
 // Right-aligned controls.
 #define SETUP_EXP_X		(SETUP_STANDARD_DIALOG_W - SETUP_KPCE_W - 7)
@@ -346,9 +346,9 @@ BEGIN
                     SETUP_CLEAR_W, 14
     CONTROL         "&Keep", IDC_CHOOSE_KEEP, "Button", BS_AUTORADIOBUTTON
                     | WS_GROUP | WS_TABSTOP, SETUP_KEEP_X, 30, SETUP_KPCE_W, 14
-    CONTROL         "C&urr", IDC_CHOOSE_CURR, "Button", BS_AUTORADIOBUTTON,
+    CONTROL         "C&urrent", IDC_CHOOSE_CURR, "Button", BS_AUTORADIOBUTTON,
                     SETUP_CURR_X, 30, SETUP_KPCE_W, 14
-    CONTROL         "E&xp", IDC_CHOOSE_EXP, "Button", BS_AUTORADIOBUTTON,
+    CONTROL         "&Test", IDC_CHOOSE_EXP, "Button", BS_AUTORADIOBUTTON,
                     SETUP_EXP_X, 30, SETUP_KPCE_W, 14
     CONTROL         "", IDC_HEADSEPARATOR, "Static", SS_BLACKFRAME | SS_SUNKEN,
                     0, 28, SETUP_STANDARD_DIALOG_W, 1
@@ -535,7 +535,7 @@ BEGIN
     IDS_TRUSTCURR_TOOLTIP   "Globally select the version that is currently "
        "considered the most stable. (RECOMMENDED)"
     IDS_TRUSTEXP_TOOLTIP    "Globally select the most recent version, even if "
-       "that version is considered Experimental or for test use by the maintainer."
+       "that version is considered experimental or for test use by the maintainer."
     IDS_VIEWBUTTON_TOOLTIP  "Select the package view.  This determines "
        "which packages are shown below.\r\n"
        "\r\n"
-- 
2.8.3

[PATCH setup 0/4] Various setup patches

[Jon Turney]

Dregs of my patch queue :)

Jon Turney (4):
  Use English button labels 'Keep', 'Current' and 'Test'
  Fully initialize PROPSHEETPAGE
  Remove unused grammar for dependent package architecture information
  Codesign setup.exe (DO NOT APPLY)

 .gitignore  |  2 ++
 Makefile.am | 13 +++++++++++--
 iniparse.yy | 13 ++-----------
 proppage.cc |  1 +
 res.rc      |  8 ++++----
 5 files changed, 20 insertions(+), 17 deletions(-)

-- 
2.8.3

[PATCH setup 3/4] Remove unused grammar for dependent package architecture information

[Jon Turney]

A dependency package entry can apparently end with '[architecturelist]', but
this would be completely ignored if anything ever generated it...

Signed-off-by: Jon Turney <jon.turney@dronecode.org.uk>
---
 iniparse.yy | 13 ++-----------
 1 file changed, 2 insertions(+), 11 deletions(-)

diff --git a/iniparse.yy b/iniparse.yy
index 173c665..8ae1e2d 100644
--- a/iniparse.yy
+++ b/iniparse.yy
@@ -195,8 +195,8 @@ listseparator: /* empty */
  ;
  
 versionedpackageentry /* empty not allowed */
- : STRING { iniBuilder->buildPackageListOrNode($1); } versioncriteria architecture
- | versionedpackageentry OR STRING { iniBuilder->buildPackageListOrNode($3); } versioncriteria architecture
+ : STRING { iniBuilder->buildPackageListOrNode($1); } versioncriteria
+ | versionedpackageentry OR STRING { iniBuilder->buildPackageListOrNode($3); } versioncriteria
  ;
 
 versioncriteria: /* empty */
@@ -210,16 +210,7 @@ operator /* non-empty */
  | LTEQUAL { iniBuilder->buildPackageListOperator (PackageSpecification::LessThanEquals); }
  | GTEQUAL { iniBuilder->buildPackageListOperator (PackageSpecification::MoreThanEquals); }
  ;
- 
-architecture: /* empty */
- | OPENSQUARE architecturelist CLOSESQUARE
- ;
 
-architecturelist: /* empty */
- | architecturelist STRING
- ;
-  
- 
 SourceFilesList: /* empty */
  | SourceFilesList MD5 STRING STRING { iniBuilder->buildSourceFile ((unsigned char *)$2, $3, $4);  } NL
  ;
-- 
2.8.3

Re: [PATCH setup 0/4] Various setup patches

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 461 bytes --]

On Dec 12 13:29, Jon Turney wrote:
> Dregs of my patch queue :)
> 
> Jon Turney (4):
>   Use English button labels 'Keep', 'Current' and 'Test'
>   Fully initialize PROPSHEETPAGE
>   Remove unused grammar for dependent package architecture information

Looks good.  Please apply.


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: [PATCH setup 4/4] Codesign setup.exe (DO NOT APPLY)

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 1376 bytes --]

Hi Jon,

On Dec 12 13:29, Jon Turney wrote:
> As discussed in https://cygwin.com/ml/cygwin/2015-04/msg00133.html
> 
> This is quite straightforward, but unfortunately, requires a non-technical
> problem to be solved to complete.
> 
> 1/ A code signing certificate signed by a CA is required.

Where do we get one which is trusted, can be checked publically,
and doesn't cost any money?

Who will be keymaster and with whom do we share the private key?

> 2/ The signature should be timestamped, so that it remains vaild after the
> signing key expires, but I assume you have to use the timestamp service of
> the CA that signed the key.

Not necessarily.  We can workaround that by getting a new key and
release a new setup.

> +sign:	upx
> +	@if [ -e `which osslsigncode` ]; then \
> +		osslsigncode sign -certs $(srcdir)/cygwin.crt -key $(srcdir)/cygwin.key -n "Cygwin setup" -i https://cygwin.com/ -in setup$(EXEEXT) -out setup-signed$(EXEEXT) ;\
                                         ^^^^^^^^^
                                         $(srcdir)?

This might not be quite right.  We need to store the cert in a reasonable
safe place, certainly not in srcdir (or git).


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: [PATCH setup 4/4] Codesign setup.exe (DO NOT APPLY)

[Achim Gratz]

Corinna Vinschen writes:
>> 2/ The signature should be timestamped, so that it remains vaild after the
>> signing key expires, but I assume you have to use the timestamp service of
>> the CA that signed the key.
>
> Not necessarily.  We can workaround that by getting a new key and
> release a new setup.

That wouldn't do any good for folks trying to use an old setup version
or am I missing something?

In the meantime, we could provide a detached signature with the cygwin
key, just like we do for setup.ini?


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

SD adaptations for Waldorf Q V3.00R3 and Q+ V3.54R2:
http://Synth.Stromeko.net/Downloads.html#WaldorfSDada

Re: [PATCH setup 4/4] Codesign setup.exe (DO NOT APPLY)

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 980 bytes --]

On Dec 12 19:47, Achim Gratz wrote:
> Corinna Vinschen writes:
> >> 2/ The signature should be timestamped, so that it remains vaild after the
> >> signing key expires, but I assume you have to use the timestamp service of
> >> the CA that signed the key.
> >
> > Not necessarily.  We can workaround that by getting a new key and
> > release a new setup.
> 
> That wouldn't do any good for folks trying to use an old setup version
> or am I missing something?

They would get two messages, "Sig has expired" and "there's a new version
of setup".  Isn't that sufficient?


Corinna

> In the meantime, we could provide a detached signature with the cygwin
> key, just like we do for setup.ini?

We already do.  You can download setup-x86.exe.sig and
setup-x86_64.exe.sig from https://cygwin.com/


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: [PATCH setup 4/4] Codesign setup.exe (DO NOT APPLY)

[Jon Turney]

On 12/12/2016 17:30, Corinna Vinschen wrote:
> Hi Jon,
>
> On Dec 12 13:29, Jon Turney wrote:
>> As discussed in https://cygwin.com/ml/cygwin/2015-04/msg00133.html
>>
>> This is quite straightforward, but unfortunately, requires a non-technical
>> problem to be solved to complete.
>>
>> 1/ A code signing certificate signed by a CA is required.
>
> Where do we get one which is trusted, can be checked publically,
> and doesn't cost any money?

This is a trick question,  right?  You don't :(

> Who will be keymaster and with whom do we share the private key?
>
>> 2/ The signature should be timestamped, so that it remains vaild after the
>> signing key expires, but I assume you have to use the timestamp service of
>> the CA that signed the key.

This is more saying that we should use osslsigncode's -t option, but I 
don't quite know how.

Looking at this again, all the examples I find use a certain CA's 
timestamp service, so I think perhaps my assumption is wrong.

> Not necessarily.  We can workaround that by getting a new key and
> release a new setup.
>
>> +sign:	upx
>> +	@if [ -e `which osslsigncode` ]; then \
>> +		osslsigncode sign -certs $(srcdir)/cygwin.crt -key $(srcdir)/cygwin.key -n "Cygwin setup" -i https://cygwin.com/ -in setup$(EXEEXT) -out setup-signed$(EXEEXT) ;\
>                                          ^^^^^^^^^
>                                          $(srcdir)?
>
> This might not be quite right.  We need to store the cert in a reasonable
> safe place, certainly not in srcdir (or git).

Yes, this could be done better.

I added these filesname to .gitignore to make sure they didn't end up in 
the git repo :)

Re: [PATCH setup 4/4] Codesign setup.exe (DO NOT APPLY)

[Achim Gratz]

Corinna Vinschen writes:
>> That wouldn't do any good for folks trying to use an old setup version
>> or am I missing something?
>
> They would get two messages, "Sig has expired" and "there's a new version
> of setup".  Isn't that sufficient?

I was under the (maybe mistaken) impression that the executable would
stop running if the signature was deemed incorrect.

>> In the meantime, we could provide a detached signature with the cygwin
>> key, just like we do for setup.ini?
>
> We already do.  You can download setup-x86.exe.sig and
> setup-x86_64.exe.sig from https://cygwin.com/

It's not advertised in an easily accessible place (i.e. right besides
the download link on cygwin.com main page).  The install page shows
those, but I'm not sure how many people look it up there.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

DIY Stuff:
http://Synth.Stromeko.net/DIY.html

Re: [PATCH setup 4/4] Codesign setup.exe (DO NOT APPLY)

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 1184 bytes --]

On Dec 13 19:33, Achim Gratz wrote:
> Corinna Vinschen writes:
> >> That wouldn't do any good for folks trying to use an old setup version
> >> or am I missing something?
> >
> > They would get two messages, "Sig has expired" and "there's a new version
> > of setup".  Isn't that sufficient?
> 
> I was under the (maybe mistaken) impression that the executable would
> stop running if the signature was deemed incorrect.
> 
> >> In the meantime, we could provide a detached signature with the cygwin
> >> key, just like we do for setup.ini?
> >
> > We already do.  You can download setup-x86.exe.sig and
> > setup-x86_64.exe.sig from https://cygwin.com/
> 
> It's not advertised in an easily accessible place (i.e. right besides
> the download link on cygwin.com main page).  The install page shows
> those, but I'm not sure how many people look it up there.

The websites are in git(*).  Just send patches if you see some flaw.


Thanks,
Corinna

(*) https://cygwin.com/git/gitweb.cgi?p=cygwin-htdocs.git

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]