Merge pull request #6 from IT-Service/develop

v1.0.0

ITG.MakeUtils/signing/sign.mk

@@ -6,7 +6,10 @@ include $(ITG_MAKEUTILS_DIR)/common.mk
 
 CODE_SIGNING_CERTIFICATE_PASSWORD ?= pfxpassword
 OPENSSL ?= openssl
-CERTUTIL := certutil
+SIGNTOOL ?= signtool
+SIGNCODE ?= signcode
+SIGNCODEPWD ?= signcodepwd
+CHKTRUST ?= chktrust
 
 $(call exportCodeSigningCertificate,filePath,password)
 define exportCodeSigningCertificate
@@ -103,7 +106,6 @@ encodeCertificatePfx = $(call encodeFile,,$1)
 # $(call decodeCertificatePfx, PfxFile)
 decodeCertificatePfx = $(call decodeFile,$1)
 
-SIGNTOOL ?= signtool
 SIGNWITHSIGNTOOL ?= \
   $(SIGNTOOL) \
     sign \
@@ -131,40 +133,14 @@ SIGNWITHSIGNTOOL ?= \
 # If your want a RFC3161 compliant SHA1 signaure, you can use the following server :
 # http://timestamp.geotrust.com/tsa 
 
-SIGNCODE ?= signcode
-SIGNCODEPWD ?= signcode-pwd
-
 SIGNWITHSIGNCODE = \
-  set -e; \
-  cp -f $1 $$TMP/$(notdir $1); \
-  $(SIGNCODEPWD) -m $(CODE_SIGNING_CERTIFICATE_PASSWORD); \
-  set +e; \
-  for ((a=1; a <= 10; a++)); do \
-    $(SIGNCODE) \
-      -spc "$(call winPath,$(CODE_SIGNING_CERTIFICATE_SPC))" \
-      -v "$(call winPath,$(CODE_SIGNING_CERTIFICATE_PVK))" \
-      -j "mssipotf.dll" \
-      "$(call winPath,$1)"; \
-    EXIT_CODE=$$?; \
-    if [[ $$EXIT_CODE -eq 0 ]]; then break; fi; \
-    cp -f $$TMP/$(notdir $1) $1; \
-  done; \
-  set -e; \
-  cp -f $1 $$TMP/$(notdir $1); \
-  if [[ $$EXIT_CODE -eq 0 ]]; then \
-    set +e; \
-    for ((a=1; a <= 10; a++)); do \
-      $(SIGNCODE) \
-        -x \
-        -t "http://timestamp.verisign.com/scripts/timstamp.dll" \
-        "$(call winPath,$1)"; \
-      EXIT_CODE=$$?; \
-      if [[ $$EXIT_CODE -eq 0 ]]; then break; fi; \
-      cp -f $$TMP/$(notdir $1) $1; \
-    done; \
-  fi; \
-  $(SIGNCODEPWD) -t; \
-  exit $$EXIT_CODE;
+  $(SIGNCODEPWD) \
+    -spc "$(call winPath,$(CODE_SIGNING_CERTIFICATE_SPC))" \
+    -v "$(call winPath,$(CODE_SIGNING_CERTIFICATE_PVK))" \
+    -j "mssipotf.dll" \
+    -t "http://timestamp.verisign.com/scripts/timstamp.dll" \
+    -p $(CODE_SIGNING_CERTIFICATE_PASSWORD) \
+    "$(call winPath,$1)"
 
 # $(call SIGN,fileForSigning)
 SIGN = \
@@ -177,6 +153,12 @@ SIGN = \
 
 SIGNTARGET = $(call SIGN,$@)
 
+# $(call SIGNFILES,files)
+SIGNFILES = \
+  set -e; \
+  $(foreach file,$(1), \
+    $(if $(strip $(call SIGN,$(file))),$(call SIGN,$(file));) \
+  )
 
 SIGNTESTWITHSIGNCODE = \
   $(SIGNTOOL) \
@@ -187,8 +169,11 @@ SIGNTESTWITHSIGNCODE = \
     /v \
     $1
 
-CHKTRUST ?= chktrust
-SIGNTESTWITHCHKTRUST = ( cd $(dir $1); $(CHKTRUST) -v -q $(notdir $1) )
+SIGNTESTWITHCHKTRUST = \
+  ( \
+    cd $(dir $1);\
+    $(CHKTRUST) -v -q $(notdir $1);\
+  )
 
 # $(call SIGNTEST,signedFile)
 SIGNTEST = \
@@ -206,6 +191,6 @@ SIGNTESTS = \
   set -e; \
   $(foreach file,$(1), \
     $(if $(strip $(call SIGNTEST,$(file))),$(call SIGNTEST,$(file));) \
-  ) \
+  )
 
 endif

ITG.MakeUtils/tests.mk

@@ -25,17 +25,19 @@ testPlatformWrapper = \
 
 # $(call defineTest,id,targetId,script,dependencies)
 define defineTest
-.PHONY: test.$(1)-$(2)
-test.$(1)-$(2): $(4)
+.PHONY: test.$(1)$(TEST_$(1)_INDEX)-$(2)
+test.$(1)$(TEST_$(1)_INDEX)-$(2): $(4)
 	@echo ===============================================================================
 	@$(call testPlatformWrapper,$$@,$3)
 	@echo ===============================================================================
 
 .PHONY: test-$(2)
-test-$(2): | test.$(1)-$(2)
+test-$(2): | test.$(1)$(TEST_$(1)_INDEX)-$(2)
 
 test: | test-$(2)
 
+$(eval export TEST_$(1)_INDEX := $(shell echo $$(($(TEST_$(1)_INDEX)+1))))
+
 endef
 
 endif

appveyor.yml

@@ -1,13 +1,27 @@
 image: WMF 5
 version: 1.0.0 (Build {build})
 
+branches:
+  except:
+    - /^modules\/.*$/
+
+environment: 
+  CODE_SIGNING_CERTIFICATE_PASSWORD:
+    secure: +Dn/WhvBx1rVgenyg7x+Bg==
+
 install:
   - cmd: GitVersion /output buildserver
   - ps: .\install.ps1 -ErrorAction Stop -InformationAction Continue -Verbose
 
 build_script:
   - cmd: make
 
+before_test: 
+  - cmd: openssl pkcs12 -in sign/certificate/cert.pfx -passin pass:%CODE_SIGNING_CERTIFICATE_PASSWORD% -nokeys -out sign/certificate/cert.cer
+  - ps: Import-Certificate -FilePath 'sign/certificate/cert.cer' -CertStoreLocation 'Cert:\LocalMachine\TrustedPublisher' -Verbose
+  - cmd: openssl pkcs12 -in sign/certificate/cert.pfx -passin pass:%CODE_SIGNING_CERTIFICATE_PASSWORD% -nokeys -cacerts -out sign/certificate/CA.cer
+  - ps: Import-Certificate -FilePath 'sign/certificate/CA.cer' -CertStoreLocation 'Cert:\LocalMachine\AuthRoot' -Verbose
+
 test_script:
   - cmd: make test --keep-going
 
@@ -20,13 +34,13 @@ deploy:
   - provider: Environment
     name: GitHub-Releases
     description: $(release_description)
-    artifact: signcode.install
+    artifact: package
     on:
       branch: master
       #appveyor_repo_tag: true
   - provider: Environment
     name: Chocolatey
-    artifact: signcode.install
+    artifact: package
     on:
       branch: master
       #appveyor_repo_tag: true

chocolatey/signcode.install/Makefile

@@ -3,6 +3,7 @@ include $(ITG_MAKEUTILS_DIR)/common.mk
 include $(ITG_MAKEUTILS_DIR)/gitversion.mk
 include $(ITG_MAKEUTILS_DIR)/chocolatey.mk
 include $(ITG_MAKEUTILS_DIR)/tests.mk
+include $(ITG_MAKEUTILS_DIR)/signing/sign.mk
 include $(ITG_MAKEUTILS_DIR)/appveyor.mk
 
 CHOCO_PACKAGE_NAME = signcode.install
@@ -11,8 +12,11 @@ $(eval $(call packChocoWebPackage,PACKAGE_,$(CHOCO_PACKAGE_NAME),\
   $(MajorMinorPatch),\
   $(PreReleaseLabel),\
   $(wildcard $(SOURCESDIR)/$(CHOCO_PACKAGE_NAME)/*.ignore)\
+  $(SOURCESDIR)/$(CHOCO_PACKAGE_NAME)/signcodepwd.cmd \
 ))
 
+FILES_FOR_SIGNING := $(wildcard tests/*.ttf)
+
 all: package
 package: $(PACKAGE_TARGETS)
 	$(pushDeploymentArtifact)
@@ -22,6 +26,16 @@ $(eval $(call defineTest,install,package,\
   $(PACKAGE_TARGETS) \
 ))
 
+$(eval $(foreach file,$(FILES_FOR_SIGNING),\
+  $(call defineTest,sign_ttf,package,\
+    /usr/bin/mkdir -p $(AUXDIR); \
+    cp -f $(file) -t $(AUXDIR); \
+    $$(call SIGN,$(AUXDIR)/$(notdir $(file))); \
+    $$(call SIGNTEST,$(AUXDIR)/$(notdir $(file))),\
+    $(file) $(CODE_SIGNING_CERTIFICATE_PVK) $(CODE_SIGNING_CERTIFICATE_SPC) \
+  )\
+))
+
 $(eval $(call defineTest,uninstall,package,\
   $(CHOCO) uninstall $(CHOCO_PACKAGE_NAME) --confirm, \
   $(PACKAGE_TARGETS) \

chocolatey/signcode.install/sources/signcode.install/chocolateyInstall.ps1

@@ -24,3 +24,8 @@ $exitCode = Start-ChocolateyProcessAsAdmin `
 "@ `
     -noSleep `
 ;
+
+Install-BinFile `
+    -name 'signcodepwd' `
+    -path ( Join-Path -Path $toolsDir -ChildPath 'signcodepwd.cmd' ) `
+;

chocolatey/signcode.install/sources/signcode.install/chocolateyUninstall.ps1

@@ -12,6 +12,11 @@ $exitCode = Start-ChocolateyProcessAsAdmin `
     -noSleep `
 ;
 
+Uninstall-BinFile `
+    -name 'signcodepwd' `
+    -path ( Join-Path -Path $toolsDir -ChildPath 'signcodepwd.cmd' ) `
+;
+
 $packageArgs = @{
   packageName   = $packageName;
   zipFileName   = 'Dsig.EXE';

chocolatey/signcode.install/sources/signcode.install/signcodepwd.cmd

@@ -0,0 +1,106 @@
+@echo off
+setlocal enableextensions enabledelayedexpansion
+set SIGNCODEPWD=signcode-pwd.exe
+set SIGNCODE=signcode.exe
+set CODE_TIMESTAMP_URL=http://timestamp.verisign.com/scripts/timstamp.dll
+set CODE_SIGNING_DLL=mssipotf.dll
+set SIGNCODEPASSWORD=%CODE_SIGNING_CERTIFICATE_PASSWORD%
+
+:parseargs
+if "%~1"=="" goto :endparseargs
+if "%~1"=="-h" (
+:help
+  echo Parameters -spc, -v, -t, -j, -p and filename for signing expected.
+  exit /b -1
+)
+if "%~1"=="/?" goto :help
+if "%~1"=="-?" goto :help
+if "%~1"=="-help" goto :help
+if "%~1"=="--help" goto :help
+if "%~1"=="-spc" (
+  set CODE_SIGNING_CERTIFICATE_SPC=%~2
+  shift
+  shift
+  goto :parseargs
+)
+if "%~1"=="-v" (
+  set CODE_SIGNING_CERTIFICATE_PVK=%~2
+  shift
+  shift
+  goto :parseargs
+)
+if "%~1"=="-t" (
+  set CODE_TIMESTAMP_URL=%~2
+  shift
+  shift
+  goto :parseargs
+)
+if "%~1"=="-j" (
+  set CODE_SIGNING_DLL=%~2
+  shift
+  shift
+  goto :parseargs
+)
+if "%~1"=="-p" (
+  set SIGNCODEPASSWORD=%~2
+  shift
+  shift
+  goto :parseargs
+)
+set FILEFORSIGNING=%~1
+shift
+goto :parseargs
+:endparseargs
+
+if "%CODE_SIGNING_CERTIFICATE_SPC%"=="" goto :help
+if "%CODE_SIGNING_CERTIFICATE_PVK%"=="" goto :help
+if "%CODE_TIMESTAMP_URL%"=="" goto :help
+if "%CODE_SIGNING_DLL%"=="" goto :help
+if "%SIGNCODEPASSWORD%"=="" goto :help
+if "%FILEFORSIGNING%"=="" goto :help
+
+for %%A in ("%FILEFORSIGNING%") do set TMPFILE="%TMP%\%%~nxA"
+
+copy /Y "%FILEFORSIGNING%" "%TMPFILE%"
+@echo on
+"%SIGNCODEPWD%" -m %SIGNCODEPASSWORD%
+@echo off
+set /a i=10
+:signingloopbegin
+  @echo on
+  "%SIGNCODE%" ^
+    -spc "%CODE_SIGNING_CERTIFICATE_SPC%" ^
+    -v "%CODE_SIGNING_CERTIFICATE_PVK%" ^
+    -j "%CODE_SIGNING_DLL%" ^
+    "%FILEFORSIGNING%"
+  @set exitcode=%errorlevel%
+  @echo off
+  if %exitcode%==0 goto :beforetimestamp
+  copy /Y "%TMPFILE%" "%FILEFORSIGNING%"
+  set /a i-=1
+  if %i% gtr 0 goto :signingloopbegin
+:signingloopend
+goto :beforeexit
+
+:beforetimestamp
+copy /Y "%FILEFORSIGNING%" "%TMPFILE%"
+set /a i=10
+:timestamploopbegin
+  @echo on
+  "%SIGNCODE%" ^
+    -x ^
+    -t "%CODE_TIMESTAMP_URL%" ^
+    "%FILEFORSIGNING%"
+  @set exitcode=%errorlevel%
+  @echo off
+  if %exitcode%==0 goto :timestamploopend
+  copy /Y "%TMPFILE%" "%FILEFORSIGNING%"
+  set /a i-=1
+  if %i% gtr 0 goto :timestamploopbegin
+:timestamploopend
+
+:beforeexit
+@echo on
+"%SIGNCODEPWD%" -t
+@REM @del /F /Q "%TMPFILE%"
+@exit /b %exitcode%

readme.md

@@ -1,4 +1,6 @@
-Пакет chocolatey для установки средств подписи шрифтов
+[![Build status](https://ci.appveyor.com/api/projects/status/47ga775dxwnopruv/branch/master?svg=true)](https://ci.appveyor.com/project/sergey-s-betke/signcode)
+
+Пакет chocolatey для установки средств подписи шрифтов
 ======================================================
 
 Репозиторий содержит проект для сборки пакета signcode.install для chocolatey.
@@ -9,6 +11,7 @@
 
 - [signcode][] - утилиту от Microsoft с библиотекой подписи шрифтов
 - [signcode-pwd][] - утилиту от Stephan Brenner для передачи signcode пароля к сертификату в пакетном режиме
+- signcodepwd - см. далее
 
 Пакет доступен [в репозитории chocolatey](https://chocolatey.org/packages/signcode.install). 
 
@@ -20,7 +23,7 @@
 
 - `signcode.exe`
 - `signcode-pwd.exe`
-- `signcode.bat`
+- `signcodepwd.exe`
 
 Последний пакетный файл в дополнение к параметрам signcode.exe позволяет указать пароль к сертификату
 в форме `-p password`.