From cf5f918d058718034cb4f2e62dede717bd4c98fe Mon Sep 17 00:00:00 2001
From: Julien Wadel <julien.wadel@belledonne-communications.com>
Date: Tue, 15 Mar 2022 11:27:00 +0100
Subject: [PATCH] Add a custom sign process

---
 .gitlab-ci-files/job-windows-desktop.yml          |  6 +++---
 .../cmake_builder/linphone_package/CMakeLists.txt | 12 +++++++++++-
 .../linphone_package/packaging.cmake.in           | 15 +++++++++++----
 linphone-app/tools/sign_package.bat               |  9 ++++++++-
 4 files changed, 33 insertions(+), 9 deletions(-)

diff --git a/.gitlab-ci-files/job-windows-desktop.yml b/.gitlab-ci-files/job-windows-desktop.yml
index 7c5c9a9db..e51523fc1 100644
--- a/.gitlab-ci-files/job-windows-desktop.yml
+++ b/.gitlab-ci-files/job-windows-desktop.yml
@@ -9,7 +9,7 @@
   SET PATH_TEMP=%PATH_TEMP:C:\Strawberry\perl\bin;=%
   SET PATH_TEMP=%PATH_TEMP:C:\Program Files\NASM=%
   SET Qt5_DIR=C:\Qt\5.14.2\msvc2017\lib\cmake
-  SET PATH=%PATH_TEMP%;C:\Qt\5.14.2\msvc2017\bin;C:\msys64;C:\msys64\usr\bin;C:\msys64\%MINGW_TYPE%\bin;
+  SET PATH=%PATH_TEMP%;C:\Qt\5.14.2\msvc2017\bin;C:\msys64;C:\msys64\usr\bin;C:\msys64\%MINGW_TYPE%\bin;%SIGNTOOL_ROOT%\x86
   IF EXIST build RMDIR /S /Q build
   mkdir build
   cd build
@@ -24,7 +24,7 @@
   stage: build
   tags: [ "windows" ]
   variables:
-    CMAKE_OPTIONS: -DENABLE_LIME_X3DH=NO -DENABLE_UNIT_TESTS=ON -DLINPHONE_WINDOWS_SIGNING_DIR=$WINDOWS_SIGNING_DIRECTORY -DENABLE_G729=ON
+    CMAKE_OPTIONS: -DENABLE_LIME_X3DH=NO -DENABLE_UNIT_TESTS=ON -DLINPHONE_WINDOWS_SIGN_TOOL=$WINDOWS_SIGN_TOOL -DLINPHONE_WINDOWS_SIGN_TIMESTAMP_URL=$WINDOWS_SIGN_TIMESTAMP_URL -DENABLE_G729=ON
     MINGW_TYPE: mingw32
   script:
    - *build_all_windows_script
@@ -82,7 +82,7 @@ job-windows-vs2017-package:
       - $PACKAGE_WINDOWS
       - $DEPLOY_WINDOWS
   variables:
-      CMAKE_OPTIONS: -DENABLE_APP_PACKAGING=YES -DLINPHONE_WINDOWS_SIGNING_DIR=$WINDOWS_SIGNING_DIRECTORY -DENABLE_G729=ON
+      CMAKE_OPTIONS: -DENABLE_APP_PACKAGING=YES -DLINPHONE_WINDOWS_SIGN_TOOL=$WINDOWS_SIGN_TOOL -DLINPHONE_WINDOWS_SIGN_TIMESTAMP_URL=$WINDOWS_SIGN_TIMESTAMP_URL -DENABLE_G729=ON
       MINGW_TYPE: mingw32
   script:
     - *build_all_windows_script
diff --git a/linphone-app/cmake_builder/linphone_package/CMakeLists.txt b/linphone-app/cmake_builder/linphone_package/CMakeLists.txt
index 2d350bd1b..3ebd8f96c 100644
--- a/linphone-app/cmake_builder/linphone_package/CMakeLists.txt
+++ b/linphone-app/cmake_builder/linphone_package/CMakeLists.txt
@@ -453,7 +453,17 @@ if(${ENABLE_APP_PACKAGING})
 			# TODO: Deal with install/uninstall.nsi
 		endif ()
 		
-		if(LINPHONE_WINDOWS_SIGNING_DIR)
+		if(LINPHONE_WINDOWS_SIGN_TOOL AND LINPHONE_WINDOWS_SIGN_TIMESTAMP_URL)
+			find_program(SIGNTOOL ${LINPHONE_WINDOWS_SIGN_TOOL})
+			set(TIMESTAMP_URL ${LINPHONE_WINDOWS_SIGN_TIMESTAMP_URL})
+			if (SIGNTOOL)
+				set(SIGNTOOL_COMMAND ${SIGNTOOL})
+				message("Found requested signtool")
+				set(PERFORM_SIGNING 1)
+			else ()
+				message(STATUS "Could not find requested signtool! Code signing disabled (${LINPHONE_WINDOWS_SIGN_TOOL})")
+			endif ()
+		elseif(LINPHONE_WINDOWS_SIGNING_DIR)
 			# Sign the installer.
 			set(TIMESTAMP_URL "http://timestamp.digicert.com")
 			set(PFX_FILE "${LINPHONE_WINDOWS_SIGNING_DIR}/linphone.pfx")
diff --git a/linphone-app/cmake_builder/linphone_package/packaging.cmake.in b/linphone-app/cmake_builder/linphone_package/packaging.cmake.in
index 67a168cec..8a39bb31f 100644
--- a/linphone-app/cmake_builder/linphone_package/packaging.cmake.in
+++ b/linphone-app/cmake_builder/linphone_package/packaging.cmake.in
@@ -69,10 +69,17 @@ if (NOT "${CMAKE_INSTALL_PREFIX}" MATCHES .*/_CPack_Packages/.*)
     endif()
   endif()
   if (@PERFORM_SIGNING@)
-    execute_process(
-      COMMAND "@CMAKE_CURRENT_SOURCE_DIR@/../../tools/sign_package.bat" "@PASSPHRASE_FILE@" "@SIGNTOOL_COMMAND@" "@PFX_FILE@" "@TIMESTAMP_URL@" @CPACK_PACKAGE_FILE_NAME@.@PACKAGE_EXT@
-      RESULT_VARIABLE SIGNING_RESULT WORKING_DIRECTORY "@CPACK_PACKAGE_DIRECTORY@"
-    )
+    if(@PASSPHRASE_FILE@)
+        execute_process(
+            COMMAND "@CMAKE_CURRENT_SOURCE_DIR@/../../tools/sign_package.bat" "@PASSPHRASE_FILE@" "@SIGNTOOL_COMMAND@" "@PFX_FILE@" "@TIMESTAMP_URL@" @CPACK_PACKAGE_FILE_NAME@.@PACKAGE_EXT@
+            RESULT_VARIABLE SIGNING_RESULT WORKING_DIRECTORY "@CPACK_PACKAGE_DIRECTORY@"
+        )
+    else()
+        execute_process(
+            COMMAND "@CMAKE_CURRENT_SOURCE_DIR@/../../tools/sign_package.bat" "@SIGNTOOL_COMMAND@" "@TIMESTAMP_URL@" @CPACK_PACKAGE_FILE_NAME@.@PACKAGE_EXT@
+            RESULT_VARIABLE SIGNING_RESULT WORKING_DIRECTORY "@CPACK_PACKAGE_DIRECTORY@"
+        )
+    endif()
     if(SIGNING_RESULT)
       message(FATAL_ERROR "Failed to sign the package! ${SIGNING_RESULT} ${RESULT_VARIABLE}")
     endif()
diff --git a/linphone-app/tools/sign_package.bat b/linphone-app/tools/sign_package.bat
index 57a58a8f4..b118a1f9f 100644
--- a/linphone-app/tools/sign_package.bat
+++ b/linphone-app/tools/sign_package.bat
@@ -1,3 +1,10 @@
 @echo off
+if [%5]==[] goto simple
 set /p passphrase=<%1
-%2 sign /f %3 /fd SHA256 /p %passphrase% /t %4 %5
\ No newline at end of file
+%2 sign /f %3 /fd SHA256 /p %passphrase% /t %4 %5
+goto :eof
+
+:simple
+%1 sign /fd SHA256 /t %2 %3
+
+:eof