From b35c511b833b75bee576c15dd842b0446634b8e1 Mon Sep 17 00:00:00 2001 From: Andras Timar Date: Sun, 29 Sep 2013 09:39:22 -0700 Subject: I forgot to add -d swith to signtool The UAC prompt shows a temporary random Program Name for msi, if the -d switch is not given. One more change: probably it is not wise to print the password of code signing key in clear text to log and to screen. Change-Id: I1f555754eee19708bbd7a3c70280fe662c77fc3a --- solenv/bin/modules/installer.pm | 30 ++++------------------------- solenv/bin/modules/installer/windows/msp.pm | 30 +++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+), 26 deletions(-) (limited to 'solenv/bin') diff --git a/solenv/bin/modules/installer.pm b/solenv/bin/modules/installer.pm index d50f46d58d39..0b5e845e1731 100644 --- a/solenv/bin/modules/installer.pm +++ b/solenv/bin/modules/installer.pm @@ -1639,31 +1639,6 @@ sub run { # Path of new installation set: $finalinstalldir # Path of old installation set: $installer::globals::updatedatabasepath my $mspdir = installer::windows::msp::create_msp_patch($finalinstalldir, $includepatharrayref, $allvariableshashref, $languagestringref, $languagesarrayref, $filesinproductlanguageresolvedarrayref); - if ( defined($ENV{'WINDOWS_BUILD_SIGNING'}) && ($ENV{'WINDOWS_BUILD_SIGNING'} eq 'TRUE') ) - { - my $systemcall = "signtool.exe sign "; - if ( defined($ENV{'PFXFILE'}) ) { $systemcall .= "-f $ENV{'PFXFILE'} "; } - if ( defined($ENV{'PFXPASSWORD'}) ) { $systemcall .= "-p $ENV{'PFXPASSWORD'} "; } - if ( defined($ENV{'TIMESTAMPURL'}) ) { $systemcall .= "-t $ENV{'TIMESTAMPURL'} "; } else { $systemcall .= "-t http://timestamp.globalsign.com/scripts/timestamp.dll "; } - $systemcall .= $mspdir . "/*.msp"; - installer::logger::print_message( "... $systemcall ...\n" ); - - my $returnvalue = system($systemcall); - - my $infoline = "Systemcall: $systemcall\n"; - push( @installer::globals::logfileinfo, $infoline); - - if ($returnvalue) - { - $infoline = "ERROR: Could not execute \"$systemcall\"!\n"; - push( @installer::globals::logfileinfo, $infoline); - } - else - { - $infoline = "Success: Executed \"$systemcall\" successfully!\n"; - push( @installer::globals::logfileinfo, $infoline); - } - } ($is_success, $finalinstalldir) = installer::worker::analyze_and_save_logfile($loggingdir, $mspdir, $installlogdir, $allsettingsarrayref, $languagestringref, $current_install_number); installer::worker::clean_output_tree(); # removing directories created in the output tree } @@ -1690,11 +1665,14 @@ sub run { if ( defined($ENV{'PFXFILE'}) ) { $systemcall .= "-f $ENV{'PFXFILE'} "; } if ( defined($ENV{'PFXPASSWORD'}) ) { $systemcall .= "-p $ENV{'PFXPASSWORD'} "; } if ( defined($ENV{'TIMESTAMPURL'}) ) { $systemcall .= "-t $ENV{'TIMESTAMPURL'} "; } else { $systemcall .= "-t http://timestamp.globalsign.com/scripts/timestamp.dll "; } + $systemcall .= "-d \"" . installer::download::get_downloadname_productname($allvariableshashref) . " " . installer::download::get_download_version($allvariableshashref) . " " . installer::download::get_downloadname_language($languagestringref) . " " . installer::download::get_download_functionality($allvariableshashref) . "\" "; $systemcall .= $finalinstalldir . $installer::globals::separator . $$downloadname . ".msi"; - installer::logger::print_message( "... $systemcall ...\n" ); + installer::logger::print_message( "... code signing and timestamping with signtool.exe ...\n" ); my $returnvalue = system($systemcall); + # do not print password to log + if ( defined($ENV{'PFXPASSWORD'}) ) { $systemcall =~ s/$ENV{'PFXPASSWORD'}/********/; } my $infoline = "Systemcall: $systemcall\n"; push( @installer::globals::logfileinfo, $infoline); diff --git a/solenv/bin/modules/installer/windows/msp.pm b/solenv/bin/modules/installer/windows/msp.pm index fbb0661440df..944155978d09 100644 --- a/solenv/bin/modules/installer/windows/msp.pm +++ b/solenv/bin/modules/installer/windows/msp.pm @@ -1191,6 +1191,36 @@ sub create_msp_patch installer::logger::include_timestamp_into_logfile("\nPerformance Info: Starting msimsp.exe"); my $msimsplogfile = execute_msimsp($fullpcpfilename, $mspfilename, $localmspdir); + # Sign .msp file + if ( defined($ENV{'WINDOWS_BUILD_SIGNING'}) && ($ENV{'WINDOWS_BUILD_SIGNING'} eq 'TRUE') ) + { + my $systemcall = "signtool.exe sign "; + if ( defined($ENV{'PFXFILE'}) ) { $systemcall .= "-f $ENV{'PFXFILE'} "; } + if ( defined($ENV{'PFXPASSWORD'}) ) { $systemcall .= "-p $ENV{'PFXPASSWORD'} "; } + if ( defined($ENV{'TIMESTAMPURL'}) ) { $systemcall .= "-t $ENV{'TIMESTAMPURL'} "; } else { $systemcall .= "-t http://timestamp.globalsign.com/scripts/timestamp.dll "; } + $systemcall .= "-d \"" . $allvariables->{'PRODUCTNAME'} . " " . $allvariables->{'PRODUCTVERSION'} . " Patch " . $allvariables->{'WINDOWSPATCHLEVEL'} . "\" "; + $systemcall .= $mspfilename; + installer::logger::print_message( "... code signing and timestamping with signtool.exe ...\n" ); + + my $returnvalue = system($systemcall); + + # do not print password to log + if ( defined($ENV{'PFXPASSWORD'}) ) { $systemcall =~ s/$ENV{'PFXPASSWORD'}/********/; } + my $infoline = "Systemcall: $systemcall\n"; + push( @installer::globals::logfileinfo, $infoline); + + if ($returnvalue) + { + $infoline = "ERROR: Could not execute \"$systemcall\"!\n"; + push( @installer::globals::logfileinfo, $infoline); + } + else + { + $infoline = "Success: Executed \"$systemcall\" successfully!\n"; + push( @installer::globals::logfileinfo, $infoline); + } + } + # Copy final installation set next to msp file installer::logger::include_timestamp_into_logfile("\nPerformance Info: Copying installation set"); installer::logger::print_message( "... copying installation set ...\n" ); -- cgit v1.2.3