4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
# File 'lib/packaging/sign/msi.rb', line 4
def sign(target_dir = 'pkg')
use_identity = "-i #{Pkg::Config.msi_signing_ssh_key}" if Pkg::Config.msi_signing_ssh_key
ssh_host_string = "#{use_identity} Administrator@#{Pkg::Config.msi_signing_server}"
rsync_host_string = "-e 'ssh #{use_identity}' Administrator@#{Pkg::Config.msi_signing_server}"
work_dir = "Windows/Temp/#{Pkg::Util.rand_string}"
Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "mkdir -p C:/#{work_dir}")
msis = Dir.glob("#{target_dir}/windows*/**/*.msi")
Pkg::Util::Net.rsync_to(msis.join(" "), rsync_host_string, "/cygdrive/c/#{work_dir}",
extra_flags: ["--ignore-existing --relative"])
sign_command = <<-CMD
for msipath in #{msis.join(" ")}; do
msi="$(basename $msipath)"
msidir="C:/#{work_dir}/$(dirname $msipath)"
if "/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe" verify -in "$msidir/$msi" ; then
echo "$msi is already signed, skipping . . ." ;
else
tries=5
sha1Servers=(http://timestamp.verisign.com/scripts/timstamp.dll
http://timestamp.globalsign.com/scripts/timstamp.dll
http://www.startssl.com/timestamp)
for timeserver in "${sha1Servers[@]}"; do
for ((try=1; try<=$tries; try++)) do
ret=$(/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe sign \
-n "Puppet" -i "http://www.puppet.com" \
-h sha1 \
-pkcs12 "#{Pkg::Config.msi_signing_cert}" \
-pass "#{Pkg::Config.msi_signing_cert_pw}" \
-t "$timeserver" \
-in "$msidir/$msi" \
-out "$msidir/signed-$msi")
if [[ $ret == *"Succeeded"* ]]; then break; fi
done;
if [[ $ret == *"Succeeded"* ]]; then break; fi
done;
echo $ret
if [[ $ret != *"Succeeded"* ]]; then exit 1; fi
sha256Servers=(http://timestamp.digicert.com/sha256/timestamp
http://timestamp.comodoca.com?td=sha256)
for timeserver in "${sha256Servers[@]}"; do
for ((try=1; try<=$tries; try++)) do
ret=$(/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe sign \
-n "Puppet" -i "http://www.puppet.com" \
-nest -h sha256 \
-pkcs12 "#{Pkg::Config.msi_signing_cert}" \
-pass "#{Pkg::Config.msi_signing_cert_pw}" \
-ts "$timeserver" \
-in "$msidir/signed-$msi" \
-out "$msidir/$msi")
if [[ $ret == *"Succeeded"* ]]; then break; fi
done;
if [[ $ret == *"Succeeded"* ]]; then break; fi
done;
echo $ret
if [[ $ret != *"Succeeded"* ]]; then exit 1; fi
fi
done
CMD
Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, sign_command, false, '', false)
msis.each do | msi |
Pkg::Util::Net.rsync_from("/cygdrive/c/#{work_dir}/#{msi}", rsync_host_string, File.dirname(msi))
end
Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "if [ -d '/cygdrive/c/#{work_dir}' ]; then rm -rf '/cygdrive/c/#{work_dir}'; fi")
end
|