electrum

Electrum Bitcoin wallet
git clone https://git.parazyd.org/electrum
Log | Files | Refs | Submodules

commit fa6c213d5ff02abfdfd253fa4b29da73b258054f
parent 1dc7ee7ac695c2668813f03e7dc1e8dc71a5edf7
Author: ThomasV <thomasv@electrum.org>
Date:   Sat, 30 Jun 2018 10:38:01 +0200

windows builds: sign the windows-signed files with gpg

Diffstat:
Mcontrib/build-wine/sign.sh | 34++++++----------------------------
Mcontrib/build-wine/unsign.sh | 59++++++++++++++++++++++++++++++++---------------------------
2 files changed, 38 insertions(+), 55 deletions(-)

diff --git a/contrib/build-wine/sign.sh b/contrib/build-wine/sign.sh @@ -4,7 +4,6 @@ here=$(dirname "$0") test -n "$here" -a -d "$here" || exit cd $here - CERT_FILE=${CERT_FILE:-~/codesigning/cert.pem} KEY_FILE=${KEY_FILE:-~/codesigning/key.pem} if [[ ! -f "$CERT_FILE" ]]; then @@ -16,32 +15,11 @@ if ! which osslsigncode > /dev/null 2>&1; then echo "Please install osslsigncode" fi -mkdir -p ./signed/dist >/dev/null 2>&1 +mkdir -p signed >/dev/null 2>&1 -echo "Found $(ls dist/*.exe | wc -w) files to sign." -for f in $(ls dist/*.exe); do - echo "Checking GPG signatures for $f..." - bad=0 - good=0 - for sig in $(ls $f.*.asc); do - if gpg --verify $sig $f > /dev/null 2>&1; then - (( good++ )) - else - (( bad++ )) - fi - done - echo "$good good signature(s) for $f". - if (( bad > 0 )); then - echo "WARNING: $bad bad signature(s)" - for sig in $(ls $f.*.asc); do - gpg --verify $sig $f - gpg --list-packets --verbose $sig - done - read -p "Do you want to continue (y/n)? " answer - if [ "$answer" != "y" ]; then - exit - fi - fi +cd dist +echo "Found $(ls *.exe | wc -w) files to sign." +for f in $(ls *.exe); do echo "Signing $f..." osslsigncode sign \ -certs "$CERT_FILE" \ @@ -50,6 +28,6 @@ for f in $(ls dist/*.exe); do -i "https://electrum.org/" \ -t "http://timestamp.digicert.com/" \ -in "$f" \ - -out "signed/$f" - ls signed/$f -lah + -out "../signed/$f" + ls ../signed/$f -lah done diff --git a/contrib/build-wine/unsign.sh b/contrib/build-wine/unsign.sh @@ -8,40 +8,45 @@ if ! which osslsigncode > /dev/null 2>&1; then exit fi -if [ $# -ne 2 ]; then - echo "Usage: $0 signed_binary unsigned_binary" - exit -fi - -out="$1-stripped.exe" - -set -ex - -echo "Step 1: Remove PE signature from signed binary" -osslsigncode remove-signature -in $1 -out $out - -echo "Step 2: Remove checksum from signed binary" -python3 <<EOF +# exit if command fails +set -e + +mkdir -p stripped >/dev/null 2>&1 + +cd signed + +echo "Found $(ls *.exe | wc -w) files to verify." +for signed in $(ls *.exe); do + echo $signed + mine="../dist/$signed" + out="../stripped/$signed" + size=$( wc -c < $mine ) + # Step 1: Remove PE signature from signed binary + osslsigncode remove-signature -in $signed -out $out + # Step 2: Remove checksum and padding from signed binary + python3 <<EOF pe_file = "$out" +size= $size with open(pe_file, "rb") as f: binary = bytearray(f.read()) - pe_offset = int.from_bytes(binary[0x3c:0x3c+4], byteorder="little") checksum_offset = pe_offset + 88 - for b in range(4): binary[checksum_offset + b] = 0 - +l = len(binary) +n = l - size +if n > 0: + assert binary[-n:] == bytearray(n) + print("removing %d null bytes"% n) + binary = binary[:size] with open(pe_file, "wb") as f: f.write(binary) EOF - -bytes=$( wc -c < $2 ) -bytes=$((8 - ($bytes%8))) -bytes=$(($bytes % 8)) - -echo "Step 3: Appending $bytes null bytes to unsigned binary" - -truncate -s +$bytes $2 - -diff $out $2 && echo "Success!" + chmod +x $out + if [ ! $(diff $out $mine) ]; then + echo "Success!" + gpg --sign --armor --detach $signed + else + echo "failure" + fi +done