Code signing by specifying hash.

2026-01-17 03:18:07 +00:00 · 2023-03-31 15:27:07 +02:00 · 2023-03-31 15:27:07 +02:00 · 180d9bc8df
commit 180d9bc8df
parent c5225c6ccc
4 changed files with 10 additions and 9 deletions
--- a/.gitlab-ci-files/job-windows-desktop.yml
+++ b/.gitlab-ci-files/job-windows-desktop.yml
@ -10,7 +10,7 @@
    - if: $CI_PIPELINE_SOURCE == "merge_request_event" && $DOCKER_UPDATE == null && $SKIP_WINDOWS == null
    - if: $CI_PIPELINE_SOURCE == "schedule" && $DOCKER_UPDATE == null && $SKIP_WINDOWS == null
  variables:
-    CMAKE_OPTIONS: -DLINPHONE_WINDOWS_SIGN_TOOL=$WINDOWS_SIGN_TOOL -DLINPHONE_WINDOWS_SIGN_TIMESTAMP_URL=$WINDOWS_SIGN_TIMESTAMP_URL -DENABLE_G729=ON -DENABLE_PQCRYPTO=ON
+    CMAKE_OPTIONS: -DLINPHONE_WINDOWS_SIGN_TOOL=$WINDOWS_SIGN_TOOL -DLINPHONE_WINDOWS_SIGN_TIMESTAMP_URL=$WINDOWS_SIGN_TIMESTAMP_URL -DLINPHONE_WINDOWS_SIGN_HASH=$WINDOWS_SIGN_HASH -DENABLE_G729=ON -DENABLE_PQCRYPTO=ON
    LINPHONESDK_PLATFORM: Desktop
    OUTPUT_ZIP_FOLDER: win64
    MINGW_TYPE: mingw64
@ -100,7 +100,7 @@
 .windows-vs2019-msvc:
  extends: .windows-vs2019
  variables:
-    CMAKE_OPTIONS: -DENABLE_UNIT_TESTS=ON -DLINPHONE_WINDOWS_SIGN_TOOL=$WINDOWS_SIGN_TOOL -DLINPHONE_WINDOWS_SIGN_TIMESTAMP_URL=$WINDOWS_SIGN_TIMESTAMP_URL -DENABLE_G729=ON -DENABLE_PQCRYPTO=ON
+    CMAKE_OPTIONS: -DENABLE_UNIT_TESTS=ON -DLINPHONE_WINDOWS_SIGN_TOOL=$WINDOWS_SIGN_TOOL -DLINPHONE_WINDOWS_SIGN_TIMESTAMP_URL=$WINDOWS_SIGN_TIMESTAMP_URL -DLINPHONE_WINDOWS_SIGN_HASH=$WINDOWS_SIGN_HASH -DENABLE_G729=ON -DENABLE_PQCRYPTO=ON
    LINPHONESDK_PLATFORM: Desktop
    CMAKE_GENERATOR: "Visual Studio 16 2019"
    BUILD_TARGET: install
@ -156,7 +156,7 @@ vs2019-win64-package:
    - if: $PACKAGE_WINDOWS
    - if: $DEPLOY_WINDOWS
  variables:
-    CMAKE_OPTIONS: -DENABLE_APP_PACKAGING=YES -DLINPHONE_WINDOWS_SIGN_TOOL=$WINDOWS_SIGN_TOOL -DLINPHONE_WINDOWS_SIGN_TIMESTAMP_URL=$WINDOWS_SIGN_TIMESTAMP_URL -DENABLE_G729=ON -DLINPHONE_SDK_MAKE_RELEASE_FILE_URL=$MAKE_RELEASE_FILE_URL/$WINDOWS_PLATFORM/$APP_FOLDER -DENABLE_PQCRYPTO=ON
+    CMAKE_OPTIONS: -DENABLE_APP_PACKAGING=YES -DLINPHONE_WINDOWS_SIGN_TOOL=$WINDOWS_SIGN_TOOL -DLINPHONE_WINDOWS_SIGN_TIMESTAMP_URL=$WINDOWS_SIGN_TIMESTAMP_URL -DLINPHONE_WINDOWS_SIGN_HASH=$WINDOWS_SIGN_HASH -DENABLE_G729=ON -DLINPHONE_SDK_MAKE_RELEASE_FILE_URL=$MAKE_RELEASE_FILE_URL/$WINDOWS_PLATFORM/$APP_FOLDER -DENABLE_PQCRYPTO=ON

  
 #################################################
--- a/linphone-app/cmake_builder/linphone_package/CMakeLists.txt
+++ b/linphone-app/cmake_builder/linphone_package/CMakeLists.txt
@ -440,6 +440,7 @@ if(${ENABLE_APP_PACKAGING})
 		if(LINPHONE_WINDOWS_SIGN_TOOL AND LINPHONE_WINDOWS_SIGN_TIMESTAMP_URL)
 			find_program(SIGNTOOL ${LINPHONE_WINDOWS_SIGN_TOOL})
 			set(TIMESTAMP_URL ${LINPHONE_WINDOWS_SIGN_TIMESTAMP_URL})
+			set(SIGN_HASH ${LINPHONE_WINDOWS_SIGN_HASH})
 			if (SIGNTOOL)
 				set(SIGNTOOL_COMMAND ${SIGNTOOL})
 				message("Found requested signtool")
--- a/linphone-app/cmake_builder/linphone_package/packaging.cmake.in
+++ b/linphone-app/cmake_builder/linphone_package/packaging.cmake.in
@ -71,12 +71,12 @@ if (NOT "${CMAKE_INSTALL_PREFIX}" MATCHES .*/_CPack_Packages/.*)
  if (@PERFORM_SIGNING@)
    if(@PASSPHRASE_FILE@)
        execute_process(
-            COMMAND "@CMAKE_CURRENT_SOURCE_DIR@/../../tools/sign_package.bat" "@PASSPHRASE_FILE@" "@SIGNTOOL_COMMAND@" "@PFX_FILE@" "@TIMESTAMP_URL@" @CPACK_PACKAGE_FILE_NAME@.@PACKAGE_EXT@
+            COMMAND "@CMAKE_CURRENT_SOURCE_DIR@/../../tools/sign_package.bat" 1 "@PASSPHRASE_FILE@" "@SIGNTOOL_COMMAND@" "@PFX_FILE@" "@TIMESTAMP_URL@" @CPACK_PACKAGE_FILE_NAME@.@PACKAGE_EXT@
            RESULT_VARIABLE SIGNING_RESULT WORKING_DIRECTORY "@CPACK_PACKAGE_DIRECTORY@"
        )
    else()
        execute_process(
-            COMMAND "@CMAKE_CURRENT_SOURCE_DIR@/../../tools/sign_package.bat" "@SIGNTOOL_COMMAND@" "@TIMESTAMP_URL@" @CPACK_PACKAGE_FILE_NAME@.@PACKAGE_EXT@
+            COMMAND "@CMAKE_CURRENT_SOURCE_DIR@/../../tools/sign_package.bat" 2 "@SIGNTOOL_COMMAND@" "@TIMESTAMP_URL@" @SIGN_HASH@ @CPACK_PACKAGE_FILE_NAME@.@PACKAGE_EXT@
            RESULT_VARIABLE SIGNING_RESULT WORKING_DIRECTORY "@CPACK_PACKAGE_DIRECTORY@"
        )
    endif()
--- a/linphone-app/tools/sign_package.bat
+++ b/linphone-app/tools/sign_package.bat
@ -1,10 +1,10 @@
@echo off
-if [%5]==[] goto simple
-set /p passphrase=<%1
-%2 sign /f %3 /fd SHA256 /p %passphrase% /t %4 %5
+if [%1]==[2] goto simple
+set /p passphrase=<%2
+%3 sign /f %4 /fd SHA256 /p %passphrase% /t %5 %6
 goto :eof

 :simple
-%1 sign /fd SHA256 /t %2 %3
+%2 sign /fd SHA256 /t %3 /sha1 %4 %5

 :eof