diff options
| author | Christian Lohmaier <lohmaier+LibreOffice@googlemail.com> | 2019-09-05 14:23:24 +0200 |
|---|---|---|
| committer | Christian Lohmaier <lohmaier+LibreOffice@googlemail.com> | 2019-09-06 13:02:27 +0200 |
| commit | c0d43f245a2e6b761ebc2bccba2560faf29cac0a (patch) | |
| tree | 609fda289580d3818b154608ffac42d198522b3f /solenv | |
| parent | 463419f3f415061db443d7b98b603f9f24a11c3d (diff) | |
split msi signing from creation to reduce number of singtool calls
as with private key on crypto-smartcard you'd have to enter your pin
over a hundred times while creating full-lang builds and that is not
fun.
This reduces it to
* once for dll/exe
(at least in case for mergelib is is less than 350 objects and
that doesn't break commandline limits - previously it was set to
only sign 20 objects at a time, forcing a pin-entry over 15 times) and
* once for main installation set
* once for SDK
* once for all the helppacks
(signing description previously also contained the language, this
change drops that to just "<productname> <version> Helppack"
and last three are not scattered timewise, but are done after all
packaging is complete, so the build only waits twice for user-input.
Change-Id: Ibb8bb233e967556f9654573ad30d0ed5883b533f
Reviewed-on: https://gerrit.libreoffice.org/78658
Tested-by: Jenkins
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Diffstat (limited to 'solenv')
| -rw-r--r-- | solenv/bin/modules/installer.pm | 28 |
1 files changed, 0 insertions, 28 deletions
diff --git a/solenv/bin/modules/installer.pm b/solenv/bin/modules/installer.pm index f7983673f2e8..f440132ab866 100644 --- a/solenv/bin/modules/installer.pm +++ b/solenv/bin/modules/installer.pm @@ -1669,34 +1669,6 @@ sub run { if ( $allvariableshashref->{'OOODOWNLOADNAME'} ) { $$downloadname = installer::download::set_download_filename($languagestringref, $allvariableshashref); } else { $$downloadname = installer::download::resolve_variables_in_downloadname($allvariableshashref, $$downloadname, $languagestringref); } installer::systemactions::rename_one_file( $finalinstalldir . $installer::globals::separator . $installer::globals::shortmsidatabasename, $finalinstalldir . $installer::globals::separator . $$downloadname . ".msi" ); - if ( defined($ENV{'WINDOWS_BUILD_SIGNING'}) && ($ENV{'WINDOWS_BUILD_SIGNING'} eq 'TRUE') && ( $allvariableshashref->{'CREATE_MSP_INSTALLSET'} eq '0')) - { - my $systemcall = "signtool.exe sign "; - if ( defined($ENV{'PFXFILE'}) ) { $systemcall .= "-f $ENV{'PFXFILE'} "; } - if ( defined($ENV{'PFXPASSWORD'}) ) { $systemcall .= "-p $ENV{'PFXPASSWORD'} "; } - if ( defined($ENV{'TIMESTAMPURL'}) ) { $systemcall .= "-t $ENV{'TIMESTAMPURL'} "; } else { $systemcall .= "-t http://timestamp.globalsign.com/scripts/timestamp.dll "; } - $systemcall .= "-d \"" . installer::download::get_downloadname_productname($allvariableshashref) . " " . installer::download::get_download_version($allvariableshashref) . " " . installer::download::get_downloadname_language($languagestringref) . " " . installer::download::get_download_functionality($allvariableshashref) . "\" "; - $systemcall .= $finalinstalldir . $installer::globals::separator . $$downloadname . ".msi"; - installer::logger::print_message( "... code signing and timestamping with signtool.exe ...\n" ); - - my $returnvalue = system($systemcall); - - # do not print password to log - if ( defined($ENV{'PFXPASSWORD'}) ) { $systemcall =~ s/$ENV{'PFXPASSWORD'}/********/; } - my $infoline = "Systemcall: $systemcall\n"; - push( @installer::globals::logfileinfo, $infoline); - - if ($returnvalue) - { - $infoline = "ERROR: Could not execute \"$systemcall\"!\n"; - push( @installer::globals::logfileinfo, $infoline); - } - else - { - $infoline = "Success: Executed \"$systemcall\" successfully!\n"; - push( @installer::globals::logfileinfo, $infoline); - } - } } if (( $is_success ) && ( $create_download ) && ( $ENV{'ENABLE_DOWNLOADSETS'} )) { |