Amebis/GEANTLink
Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

Switch to SHA-256 signing

Browse Source
This commit is contained in:
Simon Rozman 2018-06-20 13:23:04 +02:00
parent 502f26059d
commit 9846d29d76
5 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
MSILocal.mak
View File

Binary file not shown.

BIN
Makefile
View File

Binary file not shown.

2
README.md
View File

@ -81,7 +81,7 @@ In order to have the build process digitally sign output files, one should provi
1. A signing certificate installed in the current users certificate store. 1. A signing certificate installed in the current users certificate store.
2. The following variables in the environment: 2. The following variables in the environment:
- `ManifestCertificateThumbprint` - set the value to certificates SHA1 thumbprint (hexadecimal, without spaces, i.e. `bc0d8da45f9eeefcbe4e334e1fc262804df88d7e`). - `ManifestCertificateThumbprint` - set the value to certificates SHA1 thumbprint (hexadecimal, without spaces, i.e. `bc0d8da45f9eeefcbe4e334e1fc262804df88d7e`).
- `ManifestTimestampUrl` - set the value to URL used to perform timestamp signature (i.e. `http://timestamp.verisign.com/scripts/timstamp.dll`). In order to perform timestamp signing successfully, the computer running the build should be online and able to access this URL. - `ManifestTimestampRFC3161Url` - set the value to URL used to perform RFC3161 timestamp signature (i.e. `http://sha256timestamp.ws.symantec.com/sha256/timestamp`). In order to perform timestamp signing successfully, the computer running the build should be online and able to access this URL.
Please note that only Release builds are configured for timestamp signing. Debug configurations do not attempt to timestamp sign the resulting DLL and EXE files in order to speed up the building process and enable offline building. Please note that only Release builds are configured for timestamp signing. Debug configurations do not attempt to timestamp sign the resulting DLL and EXE files in order to speed up the building process and enable offline building.

2
include/Debug.props
View File

@ -39,7 +39,7 @@
<ItemGroup /> <ItemGroup />
<Target Name="Sign" Condition="'$(ManifestCertificateThumbprint)' != '' and ('$(ConfigurationType)' == 'Application' or '$(ConfigurationType)' == 'DynamicLibrary')" AfterTargets="_Manifest" BeforeTargets="RegisterOutput" Inputs="$(OutDir)$(TargetName)$(TargetExt)" Outputs="$(IntDir)$(TargetName).sign"> <Target Name="Sign" Condition="'$(ManifestCertificateThumbprint)' != '' and ('$(ConfigurationType)' == 'Application' or '$(ConfigurationType)' == 'DynamicLibrary')" AfterTargets="_Manifest" BeforeTargets="RegisterOutput" Inputs="$(OutDir)$(TargetName)$(TargetExt)" Outputs="$(IntDir)$(TargetName).sign">
<Message Text="Signing output file..." /> <Message Text="Signing output file..." />
<SignFile CertificateThumbprint="$(ManifestCertificateThumbprint)" SigningTarget="$(OutDir)$(TargetName)$(TargetExt)" /> <Exec Command="signtool.exe sign /sha1 &quot;%ManifestCertificateThumbprint%&quot; /fd sha256 /q &quot;$(OutDir)$(TargetName)$(TargetExt)&quot;" />
<Touch Files="$(IntDir)$(TargetName).sign" AlwaysCreate="true" /> <Touch Files="$(IntDir)$(TargetName).sign" AlwaysCreate="true" />
</Target> </Target>
</Project> </Project>

2
include/Release.props
View File

@ -43,7 +43,7 @@
<ItemGroup /> <ItemGroup />
<Target Name="Sign" Condition="'$(ManifestCertificateThumbprint)' != '' and ('$(ConfigurationType)' == 'Application' or '$(ConfigurationType)' == 'DynamicLibrary')" AfterTargets="_Manifest" BeforeTargets="RegisterOutput" Inputs="$(OutDir)$(TargetName)$(TargetExt)" Outputs="$(IntDir)$(TargetName).sign"> <Target Name="Sign" Condition="'$(ManifestCertificateThumbprint)' != '' and ('$(ConfigurationType)' == 'Application' or '$(ConfigurationType)' == 'DynamicLibrary')" AfterTargets="_Manifest" BeforeTargets="RegisterOutput" Inputs="$(OutDir)$(TargetName)$(TargetExt)" Outputs="$(IntDir)$(TargetName).sign">
<Message Text="Signing output file..." /> <Message Text="Signing output file..." />
<SignFile CertificateThumbprint="$(ManifestCertificateThumbprint)" TimestampUrl="$(ManifestTimestampUrl)" SigningTarget="$(OutDir)$(TargetName)$(TargetExt)" /> <Exec Command="signtool.exe sign /sha1 &quot;%ManifestCertificateThumbprint%&quot; /fd sha256 /tr &quot;%ManifestTimestampRFC3161Url%&quot; /q &quot;$(OutDir)$(TargetName)$(TargetExt)&quot;" />
<Touch Files="$(IntDir)$(TargetName).sign" AlwaysCreate="true" /> <Touch Files="$(IntDir)$(TargetName).sign" AlwaysCreate="true" />
</Target> </Target>
</Project> </Project>