[git] GnuPG - branch, master, updated. gnupg-2.1.16-161-g284ec54

by Werner Koch cvs at cvs.gnupg.org
Mon Dec 19 18:37:59 CET 2016 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  284ec54495dddc9eb0232e959cf994234097578a (commit)
      from  65a0d6a24e6299682793f213a9d2bae17c5b12d9 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 284ec54495dddc9eb0232e959cf994234097578a
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Dec 19 18:34:24 2016 +0100

    build: Add target to sign the windows installer.
    
    * build-aux/speedo.mk (w32-sign-installer): New.
    (AUTHENTICODE_KEY): New.
    (installer-from-source): Use cp instead of mv.  Factor code out to ...
    (MKSWDB_commands): new macro.
    (sign-installer): New.
    --
    
    Obviously this is more convenient then doing this all by hand.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk
index fbe258c..8a366e6 100644
--- a/build-aux/speedo.mk
+++ b/build-aux/speedo.mk
@@ -52,12 +52,13 @@ SPEEDO_MK := $(realpath $(lastword $(MAKEFILE_LIST)))
 help:
 	@echo 'usage: make -f speedo.mk TARGET'
 	@echo '       with TARGET being one of:'
-	@echo '  help           This help'
-	@echo '  native         Native build of the GnuPG core'
-	@echo '  native-gui     Ditto but with pinentry and GPA'
-	@echo '  w32-installer  Build a Windows installer'
-	@echo '  w32-source     Pack a source archive'
-	@echo '  w32-release    Build a Windows release'
+	@echo '  help               This help'
+	@echo '  native             Native build of the GnuPG core'
+	@echo '  native-gui         Ditto but with pinentry and GPA'
+	@echo '  w32-installer      Build a Windows installer'
+	@echo '  w32-source         Pack a source archive'
+	@echo '  w32-release        Build a Windows release'
+	@echo '  w32-sign-installer Sign the installer'
 	@echo
 	@echo 'You may append INSTALL_PREFIX=<dir> for native builds.'
 	@echo 'Prepend TARGET with "git-" to build from GIT repos.'
@@ -109,6 +110,10 @@ w32-release: check-tools
 	$(SPEEDOMAKE) TARGETOS=w32 WHAT=release    WITH_GUI=0 SELFCHECK=0 \
                                                    installer-from-source
 
+w32-sign-installer: check-tools
+	$(SPEEDOMAKE) TARGETOS=w32 WHAT=release    WITH_GUI=0 SELFCHECK=0 \
+                                                   sign-installer
+
 w32-release-offline: check-tools
 	$(SPEEDOMAKE) TARGETOS=w32 WHAT=release    WITH_GUI=0 SELFCHECK=0 \
 	  CUSTOM_SWDB=1 pkgrep=${HOME}/b pkg10rep=${HOME}/b  \
@@ -148,6 +153,9 @@ INST_NAME=gnupg-w32
 # Use this to override the installaion directory for native builds.
 INSTALL_PREFIX=none
 
+# The Authenticode key used to sign the Windows installer
+AUTHENTICODE_KEY=${HOME}/.gnupg/g10code-authenticode-key.p12
+
 
 # Directory names.
 # They must be absolute, as we switch directories pretty often.
@@ -1162,6 +1170,18 @@ installer: all w32_insthelpers $(w32src)/inst-options.ini $(bdir)/README.txt
 		    $(extra_installer_options) $(w32src)/inst.nsi
 	@echo "Ready: $(idir)/$(INST_NAME)-$(INST_VERSION)_$(BUILD_DATESTR).exe"
 
+
+define MKSWDB_commands
+ ( pref="#+macro: gnupg21_w32_" ;\
+   echo "$${pref}ver  $(INST_VERSION)_$(BUILD_DATESTR)"  ;\
+   echo "$${pref}date $(2)" ;\
+   echo "$${pref}size $$(wc -c <$(1)|awk '{print int($$1/1024)}')k";\
+   echo "$${pref}sha1 $$(sha1sum <$(1)|cut -d' ' -f1)" ;\
+   echo "$${pref}sha2 $$(sha256sum <$(1)|cut -d' ' -f1)" ;\
+ ) | tee $(1).swdb
+endef
+
+
 # Build the installer from the source tarball.
 installer-from-source: dist-source
 	(set -e;\
@@ -1173,17 +1193,36 @@ installer-from-source: dist-source
          $(MAKE) -f build-aux/speedo.mk this-w32-installer SELFCHECK=0;\
 	 reldate="$$(date -u +%Y-%m-%d)" ;\
 	 exefile="$(INST_NAME)-$(INST_VERSION)_$(BUILD_DATESTR).exe" ;\
-	 mv "PLAY/inst/$$exefile" ../.. ;\
+	 cp "PLAY/inst/$$exefile" ../.. ;\
+	 exefile="../../$$exefile" ;\
+	 $(call MKSWDB_commands,$${exefile},$${reldate}); \
+	)
+
+# This target repeats some of the installer-from-source steps but it
+# is intended to be called interactively, so that the passphrase can be
+# entered.
+sign-installer:
+	@(set -e; \
+	 cd PLAY-release; \
+	 cd $(INST_NAME)-$(INST_VERSION); \
+	 reldate="$$(date -u +%Y-%m-%d)" ;\
+	 exefile="$(INST_NAME)-$(INST_VERSION)_$(BUILD_DATESTR).exe" ;\
+	 echo "speedo: /*" ;\
+	 echo "speedo:  * Signing installer" ;\
+	 echo "speedo:  * Key: $(AUTHENTICODE_KEY)";\
+	 echo "speedo:  */" ;\
+	 osslsigncode sign -pkcs12 $(AUTHENTICODE_KEY) -askpass \
+            -h sha256 -in "PLAY/inst/$$exefile" -out "../../$$exefile" ;\
 	 exefile="../../$$exefile" ;\
-	 ( pref="#+macro: gnupg21_w32_" ;\
-         echo "$${pref}ver  $(INST_VERSION)_$(BUILD_DATESTR)"  ;\
-         echo "$${pref}date $${reldate}" ;\
-         echo "$${pref}size $$(wc -c <$$exefile|awk '{print int($$1/1024)}')k";\
-	 echo "$${pref}sha1 $$(sha1sum <$$exefile|cut -d' ' -f1)" ;\
-	 echo "$${pref}sha2 $$(sha256sum <$$exefile|cut -d' ' -f1)" ;\
-	 ) | tee $$exefile.swdb ;\
+	 $(call MKSWDB_commands,$${exefile},$${reldate}); \
+	 echo "speedo: /*" ;\
+	 echo "speedo:  * Verification result" ;\
+	 echo "speedo:  */" ;\
+         osslsigncode verify $${exefile} \
 	)
 
+
+
 endif
 # }}} W32
 

-----------------------------------------------------------------------

Summary of changes:
 build-aux/speedo.mk | 67 ++++++++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 53 insertions(+), 14 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list