summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTobias Markmann <tm@ayena.de>2016-08-02 14:22:43 (GMT)
committerKevin Smith <kevin.smith@isode.com>2016-08-03 09:38:23 (GMT)
commitcc83a29121707f51a7eb8ff11c7eee7a7a575acf (patch)
tree6b83f9ebed26e27050b4a45a991ddfbf3cf4decf
parent331c6d2570b76f126491e9c955963879c5a76a54 (diff)
downloadswift-cc83a29121707f51a7eb8ff11c7eee7a7a575acf.zip
swift-cc83a29121707f51a7eb8ff11c7eee7a7a575acf.tar.bz2
Add support for signing the resulting MSI installer on Windows
Test-Information: Created a custom CA and added it as trusted to the system. Created a signing certificate and passed it to scons as described. The resulting installer does not show a red UAC dialog anymore during installation. Instead the publisher from the certificate is shown in a blue UAC dialog. Change-Id: Ie4043520f6d45ec2e7aad712441a928cb423b0de
-rw-r--r--BuildTools/SCons/SConscript.boot8
-rw-r--r--DEVELOPMENT.md3
-rw-r--r--Swift/QtUI/SConscript7
3 files changed, 17 insertions, 1 deletions
diff --git a/BuildTools/SCons/SConscript.boot b/BuildTools/SCons/SConscript.boot
index f845159..597690d 100644
--- a/BuildTools/SCons/SConscript.boot
+++ b/BuildTools/SCons/SConscript.boot
@@ -104,7 +104,12 @@ vars.Add(BoolVariable("unbound", "Build bundled ldns and unbound. Use them for D
vars.Add(BoolVariable("check_headers", "Independently build compilation units for all Swiften headers for detecting missing dependencies.", "no"))
vars.Add("win_target_arch", "Target architecture for Windows builds. x86 for 32-bit (default) or x86_64 for 64-bit.", "x86")
vars.Add(BoolVariable("install_git_hooks", "Install git hooks", "true"))
+
+# Code Signing Options
vars.Add("codesign_identity", "macOS code signing identity to be passed to codesign when building the distribution package. Must match the Commen Name of the Subject of the code signing certificate.", "")
+vars.Add("signtool_key_pfx", "The keyfile (.pfx) that will be used to sign the Windows installer.", None)
+vars.Add("signtool_timestamp_url", "The timestamp server that will be queried for a signed time stamp in the signing process.", None)
+
################################################################################
# Set up default build & configure environment
@@ -374,6 +379,9 @@ if env["PLATFORM"] == "hpux" :
# Code signing
if env["PLATFORM"] == "darwin" :
env["CODE_SIGN_IDENTITY"] = env["codesign_identity"]
+if env["PLATFORM"] == "win32" :
+ env["SIGNTOOL_KEY_PFX"] = env.get("signtool_key_pfx", None)
+ env["SIGNTOOL_TIMESTAMP_URL"] = env.get("signtool_timestamp_url", None)
# Testing
env["TEST_TYPE"] = env["test"]
diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md
index 2447853..2b8ca99 100644
--- a/DEVELOPMENT.md
+++ b/DEVELOPMENT.md
@@ -59,6 +59,9 @@ scons
scons dist=1
```
+To sign the resulting MSI file, append the `signtool_key_pfx` and `signtool_timestamp_url` parameters to the `scons dist=1` programm call, e.g.
+`scons dist=1 signtool_key_pfx=C:\Users\Swift\SwiftSPC.pfx signtool_timestamp_url=http://timestamp.verisign.com/scripts/timstamp.dll`.
+
Notes:
- The settings `debug = 1` and `optimize = 1` are **strictly required** if you use a precompiled Qt release from the Qt Project; otherwise you will get linker errors
- On 64-bit Windows it's "Program Files (x86)" instead of "Program Files" in the
diff --git a/Swift/QtUI/SConscript b/Swift/QtUI/SConscript
index 7e2aafe..403de5e 100644
--- a/Swift/QtUI/SConscript
+++ b/Swift/QtUI/SConscript
@@ -447,7 +447,12 @@ if env["PLATFORM"] == "win32" :
myenv.WiX_Heat('..\\Packaging\\WiX\\gen_files.wxs', windowsBundleFiles + copying)
myenv.WiX_Candle('..\\Packaging\\WiX\\Swift.wixobj', '..\\Packaging\\WiX\\Swift.wxs')
myenv.WiX_Candle('..\\Packaging\\WiX\\gen_files.wixobj', '..\\Packaging\\WiX\\gen_files.wxs')
- myenv.WiX_Light('#/Packages/Swift/Swift-' + myenv["SWIFT_VERSION"] + '.msi', ['..\\Packaging\\WiX\\gen_files.wixobj','..\\Packaging\\WiX\\Swift.wixobj'])
+ lightTask = myenv.WiX_Light('#/Packages/Swift/Swift-' + myenv["SWIFT_VERSION"] + '.msi', ['..\\Packaging\\WiX\\gen_files.wixobj','..\\Packaging\\WiX\\Swift.wixobj'])
+ if myenv.get("SIGNTOOL_KEY_PFX", None) and myenv.get("SIGNTOOL_TIMESTAMP_URL", None) :
+ def signToolAction(target = None, source = None, env = None):
+ env.Execute('signtool.exe sign /fd SHA256 /f "${SIGNTOOL_KEY_PFX}" /t "${SIGNTOOL_TIMESTAMP_URL}" ' + str(target[0]))
+
+ myenv.AddPostAction(lightTask, signToolAction)
if myenv["debug"] :
myenv.InstallAs('#/Packages/Swift/Swift-' + myenv["SWIFT_VERSION"] + '.pdb', "Swift.pdb")