Skip to content

Commit

Permalink
cmake: Windows codesigning refactor.
Browse files Browse the repository at this point in the history 
Quote variables containing the HOME or USERPROFILE, as they may have
spaces.

Check for both osslsigncode and signtool regardless of platform, and
prefer osslsigncode.

The reason for this being that osslsigncode is more reliable and does
not depend on system configuration in any way, while signtool can fail
under more conditions.

The other reason being that you can use either program on both windows
and linux. E.g. the mingw version of osslsigncode or the signtool from
mono distributions on linux.

Signed-off-by: Rafael Kitover <rkitover@gmail.com>
  • Loading branch information
@rkitover
rkitover committed Mar 13, 2020
1 parent 7a4a7d1 commit 6c64db0
Showing 1 changed file with 21 additions and 26 deletions.
47 changes: 21 additions & 26 deletions src/wx/CMakeLists.txt
View file
Expand Up @@ -1007,42 +1007,37 @@ endif()
option(UPSTREAM_RELEASE "do some release automation tasks" OFF)

if(UPSTREAM_RELEASE AND WIN32)
set(home $ENV{HOME})
set(home "$ENV{HOME}")

if(NOT CMAKE_CROSSCOMPILING AND NOT DEFINED ENV{MSYSTEM_PREFIX})
set(home $ENV{USERPROFILE})
set(home "$ENV{USERPROFILE}")
endif()

# rewrite backslashes to slashes, needed for msys osslsigncode
string(REGEX REPLACE "\\\\" "/" home ${home})
string(REGEX REPLACE "\\\\" "/" home "${home}")

set(cert ${home}/.codesign/windows_comodo.pkcs12)
set(cert "${home}/.codesign/windows_comodo.pkcs12")

if(EXISTS ${cert})
if(MSVC)
find_program(SIGNTOOL_PROGRAM signtool)
if(EXISTS "${cert}")
find_program(OSSLSIGNCODE_PROGRAM osslsigncode)
find_program(SIGNTOOL_PROGRAM signtool)

if(SIGNTOOL_PROGRAM)
add_custom_command(
TARGET visualboyadvance-m
POST_BUILD
COMMAND ${CMAKE_COMMAND} -E copy visualboyadvance-m.exe visualboyadvance-m-unsigned.exe
COMMAND ${SIGNTOOL_PROGRAM} sign /f ${cert} /p "vbam3!13" /tr http://timestamp.digicert.com /du https://github.com/visualboyadvance-m/visualboyadvance-m /a visualboyadvance-m.exe
WORKING_DIRECTORY ${CMAKE_BINARY_DIR}
if(OSSLSIGNCODE_PROGRAM)
add_custom_command(
TARGET visualboyadvance-m
POST_BUILD
COMMAND ${CMAKE_COMMAND} -E rename visualboyadvance-m.exe visualboyadvance-m-unsigned.exe
COMMAND ${OSSLSIGNCODE_PROGRAM} sign -pkcs12 ${cert} -pass "vbam3!13" -t http://timestamp.digicert.com -n visualboyadvance-m -i https://github.com/visualboyadvance-m/visualboyadvance-m -in visualboyadvance-m-unsigned.exe -out visualboyadvance-m.exe
WORKING_DIRECTORY ${CMAKE_BINARY_DIR}
)
endif()
else()
find_program(OSSLSIGNCODE_PROGRAM osslsigncode)

if(OSSLSIGNCODE_PROGRAM)
add_custom_command(
TARGET visualboyadvance-m
POST_BUILD
COMMAND ${CMAKE_COMMAND} -E rename visualboyadvance-m.exe visualboyadvance-m-unsigned.exe
COMMAND ${OSSLSIGNCODE_PROGRAM} sign -pkcs12 ${cert} -pass "vbam3!13" -t http://timestamp.digicert.com -n visualboyadvance-m -i https://github.com/visualboyadvance-m/visualboyadvance-m -in visualboyadvance-m-unsigned.exe -out visualboyadvance-m.exe
WORKING_DIRECTORY ${CMAKE_BINARY_DIR}
elseif(SIGNTOOL_PROGRAM)
add_custom_command(
TARGET visualboyadvance-m
POST_BUILD
COMMAND ${CMAKE_COMMAND} -E copy visualboyadvance-m.exe visualboyadvance-m-unsigned.exe
COMMAND ${SIGNTOOL_PROGRAM} sign /f ${cert} /p "vbam3!13" /tr http://timestamp.digicert.com /du https://github.com/visualboyadvance-m/visualboyadvance-m /a visualboyadvance-m.exe
WORKING_DIRECTORY ${CMAKE_BINARY_DIR}
)
endif()
endif()
endif()

Expand Down

1 comment on commit 6c64db0

@kode54
Copy link
Contributor

@kode54 kode54 commented on 6c64db0 Mar 13, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor issue with osslsigntool: You can't use it with any of those stupid "open source" certificates, like DigiCert, because those assholes require you to buy their fricking hardware token.

Please sign in to comment.