diff options
| author | Christian Lohmaier <lohmaier+LibreOffice@googlemail.com> | 2019-09-05 14:23:24 +0200 |
|---|---|---|
| committer | Christian Lohmaier <lohmaier+LibreOffice@googlemail.com> | 2019-09-06 11:36:44 +0200 |
| commit | 8811516e2e9e71dd45198081d26c748cdf4d831a (patch) | |
| tree | bc3e0110116abd3e28d9214a6cf865f72eb974cc | |
| parent | 4ea98c922f130843e2c57417d4a3e5970b25de22 (diff) | |
split msi signing from creation to reduce number of singtool calls
as with private key on crypto-smartcard you'd have to enter your pin
over a hundred times while creating full-lang builds and that is not
fun.
This reduces it to
* once for dll/exe
(at least in case for mergelib is is less than 350 objects and
that doesn't break commandline limits - previously it was set to
only sign 20 objects at a time, forcing a pin-entry over 15 times) and
* once for main installation set
* once for SDK
* once for all the helppacks
(signing description previously also contained the language, this
change drops that to just "<productname> <version> Helppack"
and last three are not scattered timewise, but are done after all
packaging is complete, so the build only waits twice for user-input.
Change-Id: Ibb8bb233e967556f9654573ad30d0ed5883b533f
Reviewed-on: https://gerrit.libreoffice.org/78649
Tested-by: Jenkins
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
| -rw-r--r-- | instsetoo_native/CustomTarget_install.mk | 53 | ||||
| -rw-r--r-- | postprocess/CustomTarget_signing.mk | 1 | ||||
| -rw-r--r-- | postprocess/signing/signing.pl | 7 | ||||
| -rw-r--r-- | solenv/bin/modules/installer.pm | 28 |
4 files changed, 58 insertions, 31 deletions
diff --git a/instsetoo_native/CustomTarget_install.mk b/instsetoo_native/CustomTarget_install.mk index 016fbbd03abd..3272a57b71f4 100644 --- a/instsetoo_native/CustomTarget_install.mk +++ b/instsetoo_native/CustomTarget_install.mk @@ -20,12 +20,15 @@ $(eval $(call gb_CustomTarget_CustomTarget,instsetoo_native/install)) $(eval $(call gb_CustomTarget_register_targets,instsetoo_native/install,\ install.phony \ + $(if $(WINDOWS_BUILD_SIGNING),msi_signing.done) \ $(if $(filter-out WNT,$(OS)),\ bin/find-requires-gnome.sh \ bin/find-requires-x11.sh) \ $(foreach ulf,$(instsetoo_ULFLIST),win_ulffiles/$(ulf).ulf) \ )) +.PHONY: $(call gb_CustomTarget_get_workdir,instsetoo_native/install)/install.phony + $(call gb_CustomTarget_get_workdir,instsetoo_native/install)/install.phony: \ $(SRCDIR)/solenv/bin/make_installer.pl \ $(foreach ulf,$(instsetoo_ULFLIST),$(call gb_CustomTarget_get_workdir,instsetoo_native/install)/win_ulffiles/$(ulf).ulf) \ @@ -126,5 +129,55 @@ ifneq (WNT,$(OS)) $(call instsetoo_native_install_command,ooolangpack,$(lang),,-languagepack,$(PKGFORMAT))) endif endif # LIBO_TEST_INSTALL + touch $@ + +TIMESTAMPURL ?= "http://timestamp.globalsign.com/scripts/timestamp.dll" +$(call gb_CustomTarget_get_workdir,instsetoo_native/install)/msi_signing.done: \ + $(if $(filter HELP,$(BUILD_TYPE)),$(call gb_CustomTarget_get_workdir,instsetoo_native/install)/msi_helppack_signing.done) \ + $(if $(filter ODK,$(BUILD_TYPE)),$(call gb_CustomTarget_get_workdir,instsetoo_native/install)/msi_sdk_signing.done) \ + $(call gb_CustomTarget_get_workdir,instsetoo_native/install)/msi_main_signing.done + $(call gb_Output_announce,$(subst $(WORKDIR)/,,$@),$(true),PRL,2) + touch $@ + +$(call gb_CustomTarget_get_workdir,instsetoo_native/install)/msi_helppack_signing.done \ +$(call gb_CustomTarget_get_workdir,instsetoo_native/install)/msi_sdk_signing.done \ +$(call gb_CustomTarget_get_workdir,instsetoo_native/install)/msi_main_signing.done \ + : $(SRCDIR)/postprocess/signing/signing.pl $(call gb_CustomTarget_get_workdir,instsetoo_native/install)/install.phony + +$(call gb_CustomTarget_get_workdir,instsetoo_native/install)/msi_main_signing.done: + $(call gb_Output_announce,$(subst $(WORKDIR)/,,$@),$(true),PRL,2) + $(PERL) $(SRCDIR)/postprocess/signing/signing.pl \ + -l $(subst .done,_log.txt,$@) \ + $(if $(verbose),-v) \ + $(if $(PFXFILE),-f $(PFXFILE)) \ + $(if $(PFXPASSWORD),-p $(PFXPASSWORD)) \ + $(if $(TIMESTAMPURL),-t $(TIMESTAMPURL)) \ + -d $(PRODUCTNAME)\ $(LIBO_VERSION_MAJOR).$(LIBO_VERSION_MINOR).$(LIBO_VERSION_MICRO).$(LIBO_VERSION_PATCH) \ + $(WORKDIR)/installation/$(PRODUCTNAME)/msi/install/*/*.msi \ + && touch $@ + +$(call gb_CustomTarget_get_workdir,instsetoo_native/install)/msi_helppack_signing.done: + $(call gb_Output_announce,$(subst $(WORKDIR)/,,$@),$(true),PRL,2) + $(PERL) $(SRCDIR)/postprocess/signing/signing.pl \ + -l $(subst .done,_log.txt,$@) \ + $(if $(verbose),-v) \ + $(if $(PFXFILE),-f $(PFXFILE)) \ + $(if $(PFXPASSWORD),-p $(PFXPASSWORD)) \ + $(if $(TIMESTAMPURL),-t $(TIMESTAMPURL)) \ + -d $(PRODUCTNAME)\ $(LIBO_VERSION_MAJOR).$(LIBO_VERSION_MINOR).$(LIBO_VERSION_MICRO).$(LIBO_VERSION_PATCH)\ Helppack \ + $(WORKDIR)/installation/$(PRODUCTNAME)_helppack/msi/install/*/*.msi \ + && touch $@ + +$(call gb_CustomTarget_get_workdir,instsetoo_native/install)/msi_sdk_signing.done: + $(call gb_Output_announce,$(subst $(WORKDIR)/,,$@),$(true),PRL,2) + $(PERL) $(SRCDIR)/postprocess/signing/signing.pl \ + -l $(subst .done,_log.txt,$@) \ + $(if $(verbose),-v) \ + $(if $(PFXFILE),-f $(PFXFILE)) \ + $(if $(PFXPASSWORD),-p $(PFXPASSWORD)) \ + $(if $(TIMESTAMPURL),-t $(TIMESTAMPURL)) \ + -d $(PRODUCTNAME)\ $(LIBO_VERSION_MAJOR).$(LIBO_VERSION_MINOR).$(LIBO_VERSION_MICRO).$(LIBO_VERSION_PATCH)\ SDK \ + $(WORKDIR)/installation/$(PRODUCTNAME)_SDK/msi/install/*/*.msi \ + && touch $@ # vim: set noet sw=4 ts=4: diff --git a/postprocess/CustomTarget_signing.mk b/postprocess/CustomTarget_signing.mk index 3a7097fcbd77..7ba7c5832f17 100644 --- a/postprocess/CustomTarget_signing.mk +++ b/postprocess/CustomTarget_signing.mk @@ -36,6 +36,7 @@ ifneq ($(ENABLE_DBGUTIL),TRUE) $(PERL) $(SRCDIR)/postprocess/signing/signing.pl \ -e $$EXCLUDELIST \ -l $(subst .done,_log.txt,$@) \ + $(if $(verbose),-v) \ $(if $(PFXFILE),-f $(PFXFILE)) \ $(if $(PFXPASSWORD),-p $(PFXPASSWORD)) \ $(if $(TIMESTAMPURL),-t $(TIMESTAMPURL)) \ diff --git a/postprocess/signing/signing.pl b/postprocess/signing/signing.pl index bd5c2e3fe0d1..ed8065399f05 100644 --- a/postprocess/signing/signing.pl +++ b/postprocess/signing/signing.pl @@ -23,11 +23,11 @@ use strict; use Getopt::Long; my $debug = 0; -my $max_files = 20; # sign $max_files with one command line +my $max_files = 400; # sign $max_files with one command line #### globals ##### my $myname = ""; -my $opt_dir = ""; +my $opt_desc = ""; my $opt_exclude = ""; # file with a list of not signable dll and exe files my $opt_verbose = 0; my $opt_help = 0; @@ -72,7 +72,7 @@ sub parse_options #09.07.2007 08:13 # e exclude list file # v verbose my $success = GetOptions('h' => \$opt_help, - 'd=s' => \$opt_dir, 'e=s'=>\$opt_exclude, 'f=s'=>\$opt_pfxfile, 'l=s'=>\$opt_log, + 'd=s' => \$opt_desc, 'e=s'=>\$opt_exclude, 'f=s'=>\$opt_pfxfile, 'l=s'=>\$opt_log, 'p=s'=>\$opt_pass,'v'=>\$opt_verbose, 't=s'=>\$opt_timestamp_url); if ( !$success || $opt_help ) { usage(); @@ -150,6 +150,7 @@ sub sign_files #09.07.2007 10:36 $commandline_base .= " -f $opt_pfxfile" if ($opt_pfxfile ne ""); $commandline_base .= " -p $opt_pass" if ($opt_pass ne ""); $commandline_base .= " -t $opt_timestamp_url" if ($opt_timestamp_url ne ""); + $commandline_base .= " -d \"$opt_desc\"" if ($opt_desc ne ""); # Here switch between: # one command line for multiple files (all doesn't work, too much) / for each file one command line diff --git a/solenv/bin/modules/installer.pm b/solenv/bin/modules/installer.pm index f7983673f2e8..f440132ab866 100644 --- a/solenv/bin/modules/installer.pm +++ b/solenv/bin/modules/installer.pm @@ -1669,34 +1669,6 @@ sub run { if ( $allvariableshashref->{'OOODOWNLOADNAME'} ) { $$downloadname = installer::download::set_download_filename($languagestringref, $allvariableshashref); } else { $$downloadname = installer::download::resolve_variables_in_downloadname($allvariableshashref, $$downloadname, $languagestringref); } installer::systemactions::rename_one_file( $finalinstalldir . $installer::globals::separator . $installer::globals::shortmsidatabasename, $finalinstalldir . $installer::globals::separator . $$downloadname . ".msi" ); - if ( defined($ENV{'WINDOWS_BUILD_SIGNING'}) && ($ENV{'WINDOWS_BUILD_SIGNING'} eq 'TRUE') && ( $allvariableshashref->{'CREATE_MSP_INSTALLSET'} eq '0')) - { - my $systemcall = "signtool.exe sign "; - if ( defined($ENV{'PFXFILE'}) ) { $systemcall .= "-f $ENV{'PFXFILE'} "; } - if ( defined($ENV{'PFXPASSWORD'}) ) { $systemcall .= "-p $ENV{'PFXPASSWORD'} "; } - if ( defined($ENV{'TIMESTAMPURL'}) ) { $systemcall .= "-t $ENV{'TIMESTAMPURL'} "; } else { $systemcall .= "-t http://timestamp.globalsign.com/scripts/timestamp.dll "; } - $systemcall .= "-d \"" . installer::download::get_downloadname_productname($allvariableshashref) . " " . installer::download::get_download_version($allvariableshashref) . " " . installer::download::get_downloadname_language($languagestringref) . " " . installer::download::get_download_functionality($allvariableshashref) . "\" "; - $systemcall .= $finalinstalldir . $installer::globals::separator . $$downloadname . ".msi"; - installer::logger::print_message( "... code signing and timestamping with signtool.exe ...\n" ); - - my $returnvalue = system($systemcall); - - # do not print password to log - if ( defined($ENV{'PFXPASSWORD'}) ) { $systemcall =~ s/$ENV{'PFXPASSWORD'}/********/; } - my $infoline = "Systemcall: $systemcall\n"; - push( @installer::globals::logfileinfo, $infoline); - - if ($returnvalue) - { - $infoline = "ERROR: Could not execute \"$systemcall\"!\n"; - push( @installer::globals::logfileinfo, $infoline); - } - else - { - $infoline = "Success: Executed \"$systemcall\" successfully!\n"; - push( @installer::globals::logfileinfo, $infoline); - } - } } if (( $is_success ) && ( $create_download ) && ( $ENV{'ENABLE_DOWNLOADSETS'} )) { |