From d0e9630e1c2f880bb7cb7ae107685bd1a6d189c4 Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Fri, 11 Dec 2015 06:47:20 +0000 Subject: [PATCH] Code-sign the Windows PuTTY binaries and installer. Or, at least, potentially do so. The build script now has a slot into which code-signing can be dropped by setting a variable in the bob configuration to specify an appropriate command line. The variable will typically need to point at a script wrapping the actual signing tool, since there are lots of fiddly details (timestamping countersignature, certificate, private key, etc) not given on the command lines in this build script, on the basis that they're local configuration questions for whoever is _running_ this build script. --- Buildscr | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Buildscr b/Buildscr index 86532214..c9420658 100644 --- a/Buildscr +++ b/Buildscr @@ -151,11 +151,18 @@ in putty do perl -i~ -pe 'y/\015//d;s/$$/\015/' LICENCE delegate windows # FIXME: Cygwin alternative? in putty/windows do/win vcvars32 && nmake -f Makefile.vc $(Makeargs) + # Code-sign the binaries, if the local bob config provides a script + # to do so. We assume here that the script accepts an -i option to + # provide a 'more info' URL, and an optional -n option to provide a + # program name, and that it can take multiple .exe filename + # arguments and sign them all in place. + ifneq "$(winsigncode)" "" in putty/windows do $(winsigncode) -i http://www.chiark.greenend.org.uk/~sgtatham/putty/ *.exe # Ignore exit code from hhc, in favour of seeing whether the .chm # file was created. (Yuck; but hhc appears to return non-zero # exit codes on whim.) in putty/doc do/win hhc putty.hhp & type putty.chm >nul in putty/windows do/win iscc putty.iss + ifneq "$(winsigncode)" "" in putty/windows do $(winsigncode) -i http://www.chiark.greenend.org.uk/~sgtatham/putty/ -n "PuTTY Installer" Output/setup.exe return putty/windows/*.exe return putty/windows/*.map return putty/doc/putty.chm