[tor-commits] [Git][tpo/applications/tor-browser-build][maint-12.0] 2 commits: Bug 40875: Re-enable Windows code signing in do-all-signing

["boklm \(@boklm\) via tor-commits" <tor-commits@xxxxxxxxxxxxxxxxxxxx>]

Title: GitLab

boklm pushed to branch maint-12.0 at The Tor Project / Applications / tor-browser-build

Commits:

• 5966b10a
  by Nicolas Vigier at 2023-06-08T12:45:18+02:00

  Bug 40875: Re-enable Windows code signing in do-all-signing
  

• 2cdecd5b
  by Nicolas Vigier at 2023-06-08T12:45:33+02:00

  Bug 40877: Update osslsigncode to more recent version
  

6 changed files:

• − projects/osslsigncode/0001-Make-code-work-with-OpenSSL-1.1.patch
• projects/osslsigncode/build
• projects/osslsigncode/config
• − projects/osslsigncode/timestamping.patch
• tools/signing/authenticode-timestamping.sh
• tools/signing/do-all-signing

Changes:

projects/osslsigncode/0001-Make-code-work-with-OpenSSL-1.1.patch deleted

---

1		-From 86931f9d7c3d73b97010e598a5ad41ea4fab2b63 Mon Sep 17 00:00:00 2001
2		-From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= <Reimar.Doeffinger@xxxxxx>
3		-Date: Sun, 12 Mar 2017 23:00:12 +0100
4		-Subject: [PATCH] Make code work with OpenSSL 1.1.
5		-
6		-Changes in consist of:
7		-- Use EVP_MD_CTX_new/free API instead of on-stack allocation
8		-- Remove some M_ prefixes like for ASN1_IA5STRING_new
9		-- Remove pagehash functionality because it is useless to me and
10		- fixing it would be a pain. Would require declaring a few
11		- ASN_SEQUENCES and use that to get the required i2d functions
12		- from what I could find out.
13		-- Remove OBJ_create calls that seem to serve no purpose,
14		- now crash because NULL pointers are no longer handled
15		- (who changes API that way?!) and even if that was fixed
16		- lead to errors when these objects are later created
17		- again/"for real" by OBJ_txt2nid or OBJ_txt2obj (I think,
18		- did not investigate further).
19		-
20		-diff --git a/osslsigncode.c b/osslsigncode.c
21		-index 2978c02..3797458 100644
22		---- a/osslsigncode.c
23		-+++ b/osslsigncode.c
24		-@@ -450,16 +450,16 @@ static SpcSpOpusInfo* createOpus(const char *desc, const char *url)
25		- if (desc) {
26		- info->programName = SpcString_new();
27		- info->programName->type = 1;
28		-- info->programName->value.ascii = M_ASN1_IA5STRING_new();
29		-- ASN1_STRING_set((ASN1_STRING *)info->programName->value.ascii,
30		-+ info->programName->value.ascii = ASN1_IA5STRING_new();
31		-+ ASN1_STRING_set(info->programName->value.ascii,
32		- (const unsigned char*)desc, strlen(desc));
33		- }
34		-
35		- if (url) {
36		- info->moreInfo = SpcLink_new();
37		- info->moreInfo->type = 0;
38		-- info->moreInfo->value.url = "">
39		-- ASN1_STRING_set((ASN1_STRING *)info->moreInfo->value.url,
40		-+ info->moreInfo->value.url = "">
41		-+ ASN1_STRING_set(info->moreInfo->value.url,
42		- (const unsigned char*)url, strlen(url));
43		- }
44		-
45		-@@ -609,19 +609,20 @@ static int add_timestamp(PKCS7 *sig, char *url, char *proxy, int rfc3161, const
46		-
47		- if (rfc3161) {
48		- unsigned char mdbuf[EVP_MAX_MD_SIZE];
49		-- EVP_MD_CTX mdctx;
50		-+ EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
51		-
52		-- EVP_MD_CTX_init(&mdctx);
53		-- EVP_DigestInit(&mdctx, md);
54		-- EVP_DigestUpdate(&mdctx, si->enc_digest->data, si->enc_digest->length);
55		-- EVP_DigestFinal(&mdctx, mdbuf, NULL);
56		-+ EVP_DigestInit(mdctx, md);
57		-+ EVP_DigestUpdate(mdctx, si->enc_digest->data, si->enc_digest->length);
58		-+ EVP_DigestFinal(mdctx, mdbuf, NULL);
59		-+ EVP_MD_CTX_free(mdctx);
60		-+ mdctx = NULL;
61		-
62		- TimeStampReq *req = TimeStampReq_new();
63		- ASN1_INTEGER_set(req->version, 1);
64		- req->messageImprint->digestAlgorithm->algorithm = OBJ_nid2obj(EVP_MD_nid(md));
65		- req->messageImprint->digestAlgorithm->parameters = ASN1_TYPE_new();
66		- req->messageImprint->digestAlgorithm->parameters->type = V_ASN1_NULL;
67		-- M_ASN1_OCTET_STRING_set(req->messageImprint->digest, mdbuf, EVP_MD_size(md));
68		-+ ASN1_OCTET_STRING_set(req->messageImprint->digest, mdbuf, EVP_MD_size(md));
69		- req->certReq = (void*)0x1;
70		-
71		- len = i2d_TimeStampReq(req, NULL);
72		-@@ -921,83 +922,8 @@ static const unsigned char classid_page_hash[] = {
73		- 0xAE, 0x05, 0xA2, 0x17, 0xDA, 0x8E, 0x60, 0xD6
74		- };
75		-
76		--static unsigned char *calc_page_hash(char *indata, unsigned int peheader, int pe32plus,
77		-- unsigned int sigpos, int phtype, unsigned int *phlen);
78		--
79		--DECLARE_STACK_OF(ASN1_OCTET_STRING)
80		--#ifndef sk_ASN1_OCTET_STRING_new_null
81		--#define sk_ASN1_OCTET_STRING_new_null() SKM_sk_new_null(ASN1_OCTET_STRING)
82		--#define sk_ASN1_OCTET_STRING_free(st) SKM_sk_free(ASN1_OCTET_STRING, (st))
83		--#define sk_ASN1_OCTET_STRING_push(st, val) SKM_sk_push(ASN1_OCTET_STRING, (st), (val))
84		--#define i2d_ASN1_SET_OF_ASN1_OCTET_STRING(st, pp, i2d_func, ex_tag, ex_class, is_set) \
85		-- SKM_ASN1_SET_OF_i2d(ASN1_OCTET_STRING, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
86		--#endif
87		--
88		--DECLARE_STACK_OF(SpcAttributeTypeAndOptionalValue)
89		--#ifndef sk_SpcAttributeTypeAndOptionalValue_new_null
90		--#define sk_SpcAttributeTypeAndOptionalValue_new_null() SKM_sk_new_null(SpcAttributeTypeAndOptionalValue)
91		--#define sk_SpcAttributeTypeAndOptionalValue_free(st) SKM_sk_free(SpcAttributeTypeAndOptionalValue, (st))
92		--#define sk_SpcAttributeTypeAndOptionalValue_push(st, val) SKM_sk_push(SpcAttributeTypeAndOptionalValue, (st), (val))
93		--#define i2d_SpcAttributeTypeAndOptionalValue(st, pp, i2d_func, ex_tag, ex_class, is_set) \
94		-- SKM_ASN1_SET_OF_i2d(SpcAttributeTypeAndOptionalValue, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
95		--#endif
96		--
97		--static SpcLink *get_page_hash_link(int phtype, char *indata, unsigned int peheader, int pe32plus, unsigned int sigpos)
98		--{
99		-- unsigned int phlen;
100		-- unsigned char *ph = calc_page_hash(indata, peheader, pe32plus, sigpos, phtype, &phlen);
101		-- if (!ph) {
102		-- fprintf(stderr, "Failed to calculate page hash\n");
103		-- exit(-1);
104		-- }
105		--
106		-- ASN1_OCTET_STRING *ostr = M_ASN1_OCTET_STRING_new();
107		-- M_ASN1_OCTET_STRING_set(ostr, ph, phlen);
108		-- free(ph);
109		--
110		-- STACK_OF(ASN1_OCTET_STRING) *oset = sk_ASN1_OCTET_STRING_new_null();
111		-- sk_ASN1_OCTET_STRING_push(oset, ostr);
112		-- unsigned char *p, *tmp;
113		-- unsigned int l;
114		-- l = i2d_ASN1_SET_OF_ASN1_OCTET_STRING(oset, NULL, i2d_ASN1_OCTET_STRING,
115		-- V_ASN1_SET, V_ASN1_UNIVERSAL, IS_SET);
116		-- tmp = p = OPENSSL_malloc(l);
117		-- i2d_ASN1_SET_OF_ASN1_OCTET_STRING(oset, &tmp, i2d_ASN1_OCTET_STRING,
118		-- V_ASN1_SET, V_ASN1_UNIVERSAL, IS_SET);
119		-- ASN1_OCTET_STRING_free(ostr);
120		-- sk_ASN1_OCTET_STRING_free(oset);
121		--
122		-- SpcAttributeTypeAndOptionalValue *aval = SpcAttributeTypeAndOptionalValue_new();
123		-- aval->type = OBJ_txt2obj((phtype == NID_sha1) ? SPC_PE_IMAGE_PAGE_HASHES_V1 : SPC_PE_IMAGE_PAGE_HASHES_V2, 1);
124		-- aval->value = ASN1_TYPE_new();
125		-- aval->value->type = V_ASN1_SET;
126		-- aval->value->value.set = ASN1_STRING_new();
127		-- ASN1_STRING_set(aval->value->value.set, p, l);
128		-- OPENSSL_free(p);
129		--
130		-- STACK_OF(SpcAttributeTypeAndOptionalValue) *aset = sk_SpcAttributeTypeAndOptionalValue_new_null();
131		-- sk_SpcAttributeTypeAndOptionalValue_push(aset, aval);
132		-- l = i2d_SpcAttributeTypeAndOptionalValue(aset, NULL, i2d_SpcAttributeTypeAndOptionalValue,
133		-- V_ASN1_SET, V_ASN1_UNIVERSAL, IS_SET);
134		-- tmp = p = OPENSSL_malloc(l);
135		-- l = i2d_SpcAttributeTypeAndOptionalValue(aset, &tmp, i2d_SpcAttributeTypeAndOptionalValue,
136		-- V_ASN1_SET, V_ASN1_UNIVERSAL, IS_SET);
137		-- sk_SpcAttributeTypeAndOptionalValue_free(aset);
138		-- SpcAttributeTypeAndOptionalValue_free(aval);
139		--
140		-- SpcSerializedObject *so = SpcSerializedObject_new();
141		-- M_ASN1_OCTET_STRING_set(so->classId, classid_page_hash, sizeof(classid_page_hash));
142		-- M_ASN1_OCTET_STRING_set(so->serializedData, p, l);
143		-- OPENSSL_free(p);
144		--
145		-- SpcLink *link = SpcLink_new();
146		-- link->type = 1;
147		-- link->value.moniker = so;
148		-- return link;
149		--}
150		--
151		- static void get_indirect_data_blob(u_char **blob, int *len, const EVP_MD *md, file_type_t type,
152		-- int pagehash, char *indata, unsigned int peheader, int pe32plus,
153		-+ char *indata, unsigned int peheader, int pe32plus,
154		- unsigned int sigpos)
155		- {
156		- static const unsigned char msistr[] = {
157		-@@ -1024,14 +950,7 @@ static void get_indirect_data_blob(u_char **blob, int *len, const EVP_MD *md, fi
158		- } else if (type == FILE_TYPE_PE) {
159		- SpcPeImageData *pid = SpcPeImageData_new();
160		- ASN1_BIT_STRING_set(pid->flags, (unsigned char*)"0", 0);
161		-- if (pagehash) {
162		-- int phtype = NID_sha1;
163		-- if (EVP_MD_size(md) > EVP_MD_size(EVP_sha1()))
164		-- phtype = NID_sha256;
165		-- pid->file = get_page_hash_link(phtype, indata, peheader, pe32plus, sigpos);
166		-- } else {
167		-- pid->file = get_obsolete_link();
168		-- }
169		-+ pid->file = get_obsolete_link();
170		- l = i2d_SpcPeImageData(pid, NULL);
171		- p = OPENSSL_malloc(l);
172		- i2d_SpcPeImageData(pid, &p);
173		-@@ -1046,7 +965,7 @@ static void get_indirect_data_blob(u_char **blob, int *len, const EVP_MD *md, fi
174		- ASN1_INTEGER_set(si->d, 0);
175		- ASN1_INTEGER_set(si->e, 0);
176		- ASN1_INTEGER_set(si->f, 0);
177		-- M_ASN1_OCTET_STRING_set(si->string, msistr, sizeof(msistr));
178		-+ ASN1_OCTET_STRING_set(si->string, msistr, sizeof(msistr));
179		- l = i2d_SpcSipInfo(si, NULL);
180		- p = OPENSSL_malloc(l);
181		- i2d_SpcSipInfo(si, &p);
182		-@@ -1068,7 +987,7 @@ static void get_indirect_data_blob(u_char **blob, int *len, const EVP_MD *md, fi
183		- hashlen = EVP_MD_size(md);
184		- hash = OPENSSL_malloc(hashlen);
185		- memset(hash, 0, hashlen);
186		-- M_ASN1_OCTET_STRING_set(idc->messageDigest->digest, hash, hashlen);
187		-+ ASN1_OCTET_STRING_set(idc->messageDigest->digest, hash, hashlen);
188		- OPENSSL_free(hash);
189		-
190		- *len = i2d_SpcIndirectDataContent(idc, NULL);
191		-@@ -1923,19 +1842,18 @@ static void calc_pe_digest(BIO *bio, const EVP_MD *md, unsigned char *mdbuf,
192		- unsigned int peheader, int pe32plus, unsigned int fileend)
193		- {
194		- static unsigned char bfb[16*1024*1024];
195		-- EVP_MD_CTX mdctx;
196		-+ EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
197		-
198		-- EVP_MD_CTX_init(&mdctx);
199		-- EVP_DigestInit(&mdctx, md);
200		-+ EVP_DigestInit(mdctx, md);
201		-
202		- memset(mdbuf, 0, EVP_MAX_MD_SIZE);
203		-
204		- (void)BIO_seek(bio, 0);
205		- BIO_read(bio, bfb, peheader + 88);
206		-- EVP_DigestUpdate(&mdctx, bfb, peheader + 88);
207		-+ EVP_DigestUpdate(mdctx, bfb, peheader + 88);
208		- BIO_read(bio, bfb, 4);
209		- BIO_read(bio, bfb, 60+pe32plus*16);
210		-- EVP_DigestUpdate(&mdctx, bfb, 60+pe32plus*16);
211		-+ EVP_DigestUpdate(mdctx, bfb, 60+pe32plus*16);
212		- BIO_read(bio, bfb, 8);
213		-
214		- unsigned int n = peheader + 88 + 4 + 60+pe32plus*16 + 8;
215		-@@ -1946,11 +1864,12 @@ static void calc_pe_digest(BIO *bio, const EVP_MD *md, unsigned char *mdbuf,
216		- int l = BIO_read(bio, bfb, want);
217		- if (l <= 0)
218		- break;
219		-- EVP_DigestUpdate(&mdctx, bfb, l);
220		-+ EVP_DigestUpdate(mdctx, bfb, l);
221		- n += l;
222		- }
223		-
224		-- EVP_DigestFinal(&mdctx, mdbuf, NULL);
225		-+ EVP_DigestFinal(mdctx, mdbuf, NULL);
226		-+ EVP_MD_CTX_free(mdctx);
227		- }
228		-
229		-
230		-@@ -2019,16 +1938,15 @@ static unsigned char *calc_page_hash(char *indata, unsigned int peheader, int pe
231		- int phlen = pphlen * (3 + nsections + sigpos / pagesize);
232		- unsigned char *res = malloc(phlen);
233		- unsigned char *zeroes = calloc(pagesize, 1);
234		-- EVP_MD_CTX mdctx;
235		--
236		-- EVP_MD_CTX_init(&mdctx);
237		-- EVP_DigestInit(&mdctx, md);
238		-- EVP_DigestUpdate(&mdctx, indata, peheader + 88);
239		-- EVP_DigestUpdate(&mdctx, indata + peheader + 92, 60 + pe32plus*16);
240		-- EVP_DigestUpdate(&mdctx, indata + peheader + 160 + pe32plus*16, hdrsize - (peheader + 160 + pe32plus*16));
241		-- EVP_DigestUpdate(&mdctx, zeroes, pagesize - hdrsize);
242		-+ EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
243		-+
244		-+ EVP_DigestInit(mdctx, md);
245		-+ EVP_DigestUpdate(mdctx, indata, peheader + 88);
246		-+ EVP_DigestUpdate(mdctx, indata + peheader + 92, 60 + pe32plus*16);
247		-+ EVP_DigestUpdate(mdctx, indata + peheader + 160 + pe32plus*16, hdrsize - (peheader + 160 + pe32plus*16));
248		-+ EVP_DigestUpdate(mdctx, zeroes, pagesize - hdrsize);
249		- memset(res, 0, 4);
250		-- EVP_DigestFinal(&mdctx, res + 4, NULL);
251		-+ EVP_DigestFinal(mdctx, res + 4, NULL);
252		-
253		- unsigned short sizeofopthdr = GET_UINT16_LE(indata + peheader + 20);
254		- char *sections = indata + peheader + 24 + sizeofopthdr;
255		-@@ -2040,18 +1958,20 @@ static unsigned char *calc_page_hash(char *indata, unsigned int peheader, int pe
256		- unsigned int l;
257		- for (l=0; l < rs; l+=pagesize, pi++) {
258		- PUT_UINT32_LE(ro + l, res + pi*pphlen);
259		-- EVP_DigestInit(&mdctx, md);
260		-+ EVP_DigestInit(mdctx, md);
261		- if (rs - l < pagesize) {
262		-- EVP_DigestUpdate(&mdctx, indata + ro + l, rs - l);
263		-- EVP_DigestUpdate(&mdctx, zeroes, pagesize - (rs - l));
264		-+ EVP_DigestUpdate(mdctx, indata + ro + l, rs - l);
265		-+ EVP_DigestUpdate(mdctx, zeroes, pagesize - (rs - l));
266		- } else {
267		-- EVP_DigestUpdate(&mdctx, indata + ro + l, pagesize);
268		-+ EVP_DigestUpdate(mdctx, indata + ro + l, pagesize);
269		- }
270		-- EVP_DigestFinal(&mdctx, res + pi*pphlen + 4, NULL);
271		-+ EVP_DigestFinal(mdctx, res + pi*pphlen + 4, NULL);
272		- }
273		- lastpos = ro + rs;
274		- sections += 40;
275		- }
276		-+ EVP_MD_CTX_free(mdctx);
277		-+ mdctx = NULL;
278		- PUT_UINT32_LE(lastpos, res + pi*pphlen);
279		- memset(res + pi*pphlen + 4, 0, EVP_MD_size(md));
280		- pi++;
281		-@@ -2413,7 +2333,7 @@ int main(int argc, char **argv)
282		- int nturl = 0, ntsurl = 0;
283		- int addBlob = 0;
284		- u_char *p = NULL;
285		-- int ret = 0, i, len = 0, jp = -1, pe32plus = 0, comm = 0, pagehash = 0;
286		-+ int ret = 0, i, len = 0, jp = -1, pe32plus = 0, comm = 0;
287		- unsigned int tmp, peheader = 0, padlen = 0;
288		- off_t filesize, fileend, sigfilesize, sigfileend, outdatasize;
289		- file_type_t type;
290		-@@ -2448,13 +2368,6 @@ int main(int argc, char **argv)
291		- ERR_load_crypto_strings();
292		- OPENSSL_add_all_algorithms_conf();
293		-
294		-- /* create some MS Authenticode OIDS we need later on */
295		-- if (!OBJ_create(SPC_STATEMENT_TYPE_OBJID, NULL, NULL) ||
296		-- !OBJ_create(SPC_MS_JAVA_SOMETHING, NULL, NULL) ||
297		-- !OBJ_create(SPC_SP_OPUS_INFO_OBJID, NULL, NULL) ||
298		-- !OBJ_create(SPC_NESTED_SIGNATURE_OBJID, NULL, NULL))
299		-- DO_EXIT_0("Failed to add objects\n");
300		--
301		- md = EVP_sha1();
302		-
303		- if (argc > 1) {
304		-@@ -2531,8 +2444,6 @@ int main(int argc, char **argv)
305		- readpass = *(++argv);
306		- } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-comm")) {
307		- comm = 1;
308		-- } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-ph")) {
309		-- pagehash = 1;
310		- } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-n")) {
311		- if (--argc < 1) usage(argv0);
312		- desc = *(++argv);
313		-@@ -3243,7 +3154,7 @@ int main(int argc, char **argv)
314		- p7x = NULL;
315		- }
316		-
317		-- get_indirect_data_blob(&p, &len, md, type, pagehash, indata, peheader, pe32plus, fileend);
318		-+ get_indirect_data_blob(&p, &len, md, type, indata, peheader, pe32plus, fileend);
319		- len -= EVP_MD_size(md);
320		- memcpy(buf, p, len);
321		- OPENSSL_free(p);
322		---
323		-2.34.1
324		-

projects/osslsigncode/build

---

...	...	@@ -4,11 +4,10 @@ distdir=$(pwd)/dist
4	4	mkdir -p $distdir/[% project %]
5	5	tar xf [% project %]-[% c('version') %].tar.gz
6	6	cd [% project %]-[% c('version') %]
7		-patch -p1 < ../0001-Make-code-work-with-OpenSSL-1.1.patch
8		-patch -p1 < ../timestamping.patch
9	7
10		-./autogen.sh
11		-./configure --prefix=/[% project %]
	8	+mkdir build
	9	+cd build
	10	+cmake -DCMAKE_INSTALL_PREFIX=/[% project %] -S ..
12	11	make
13	12	make DESTDIR=$distdir install
14	13

projects/osslsigncode/config

---

1	1	# vim: filetype=yaml sw=2
2	2	version: '[% c("git_hash").substr(0, 12) %]'
3	3	git_url: https://github.com/mtrojnar/osslsigncode
4		-git_hash: e72a1937d1a13e87074e4584f012f13e03fc1d64
	4	+git_hash: d6f94d71f731868a3df86c6e0b8094da0c1412ed
5	5	filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz'
6	6	container:
7	7	use_container: 0
8	8	var:
9	9	deps:
10		- - autoconf
11		- - libtool
12		- - pkg-config
	10	+ - cmake
13	11	- libssl-dev
14	12	- libcurl4-openssl-dev
15	13	input_files:
16		- - filename: 0001-Make-code-work-with-OpenSSL-1.1.patch
17		- - filename: timestamping.patch
18	14	- filename: '[% c("var/srcfile") %]'
19	15	enable: '[% c("var/no-git") %]'
20	16

projects/osslsigncode/timestamping.patch deleted

---

1		-From 28b384e77fa0d4dd38751a0c72ab5976d2e38f75 Mon Sep 17 00:00:00 2001
2		-From: Georg Koppen <gk@xxxxxxxxxxxxxx>
3		-Date: Fri, 5 Feb 2016 09:23:10 +0000
4		-Subject: [PATCH] Allow timestamping with the 'add' command
5		-
6		-
7		-diff --git a/osslsigncode.c b/osslsigncode.c
8		-index 32e37c8..2978c02 100644
9		---- a/osslsigncode.c
10		-+++ b/osslsigncode.c
11		-@@ -2556,16 +2556,16 @@ int main(int argc, char **argv)
12		- if (--argc < 1) usage(argv0);
13		- url = "">
14		- #ifdef ENABLE_CURL
15		-- } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-t")) {
16		-+ } else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-t")) {
17		- if (--argc < 1) usage(argv0);
18		- turl[nturl++] = *(++argv);
19		-- } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-ts")) {
20		-+ } else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-ts")) {
21		- if (--argc < 1) usage(argv0);
22		- tsurl[ntsurl++] = *(++argv);
23		-- } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-p")) {
24		-+ } else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-p")) {
25		- if (--argc < 1) usage(argv0);
26		- proxy = *(++argv);
27		-- } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-noverifypeer")) {
28		-+ } else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-noverifypeer")) {
29		- noverifypeer = 1;
30		- #endif
31		- } else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-addUnauthenticatedBlob")) {
32		---
33		-2.7.0
34		-
35		-
36		-From 8159546dfa270da0e3512dcba983ce15029111d0 Mon Sep 17 00:00:00 2001
37		-From: Georg Koppen <gk@xxxxxxxxxxxxxx>
38		-Date: Sat, 11 Apr 2020 05:50:36 +0000
39		-Subject: [PATCH] fixup! Allow timestamping with the 'add' command
40		-
41		-
42		-diff --git a/osslsigncode.c b/osslsigncode.c
43		-index 3797458..4f4b897 100644
44		---- a/osslsigncode.c
45		-+++ b/osslsigncode.c
46		-@@ -2447,7 +2447,7 @@ int main(int argc, char **argv)
47		- } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-n")) {
48		- if (--argc < 1) usage(argv0);
49		- desc = *(++argv);
50		-- } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-h")) {
51		-+ } else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-h")) {
52		- if (--argc < 1) usage(argv0);
53		- ++argv;
54		- if (!strcmp(*argv, "md5")) {
55		---
56		-2.26.0

tools/signing/authenticode-timestamping.sh

---

...	...	@@ -35,7 +35,7 @@ set -e
35	35	script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
36	36	source "$script_dir/functions"
37	37
38		-osslsigncode_file="$script_dir/../../out/osslsigncode/osslsigncode-e72a1937d1a1-25066d.tar.gz"
	38	+osslsigncode_file="$script_dir/../../out/osslsigncode/osslsigncode-d6f94d71f731-3a61fb.tar.gz"
39	39
40	40	test -f "$osslsigncode_file" ||
41	41	exit_error "$osslsigncode_file is missing." \

tools/signing/do-all-signing

---

...	...	@@ -17,9 +17,9 @@ echo
17	17	test -f "$steps_dir/linux-signer-signmars.done" ||
18	18	read -sp "Enter nssdb7 (mar signing) passphrase: " NSSPASS
19	19	echo
20		-#test -f "$steps_dir/linux-signer-authenticode-signing.done" ||
21		-# read -sp "Enter windows authenticode (yubihsm) passphrase: " YUBIPASS
22		-#echo
	20	+test -f "$steps_dir/linux-signer-authenticode-signing.done" ||
	21	+ read -sp "Enter windows authenticode passphrase: " YUBIPASS
	22	+echo
23	23	test -f "$steps_dir/linux-signer-gpg-sign.done" ||
24	24	read -sp "Enter gpg passphrase: " GPG_PASS
25	25	echo
...	...	@@ -193,10 +193,10 @@ do_step dmg2mar
193	193	do_step sync-scripts-to-linux-signer
194	194	do_step linux-signer-signmars
195	195	do_step sync-after-signmars
196		-#do_step linux-signer-authenticode-signing
197		-#do_step sync-after-authenticode-signing
198		-#do_step authenticode-timestamping
199		-#do_step sync-after-authenticode-timestamping
	196	+do_step linux-signer-authenticode-signing
	197	+do_step sync-after-authenticode-signing
	198	+do_step authenticode-timestamping
	199	+do_step sync-after-authenticode-timestamping
200	200	do_step hash_signed_bundles
201	201	do_step sync-after-hash
202	202	do_step linux-signer-gpg-sign

—
View it on GitLab.
You're receiving this email because of your account on gitlab.torproject.org. Manage all notifications · Help

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits