xref: /aoo42x/main/postprocess/signing/signing.pl (revision 7e90fac2)
1cdf0e10cSrcweir:
2cdf0e10cSrcweireval 'exec perl -wS $0 ${1+"$@"}'
3cdf0e10cSrcweir    if 0;
4*7e90fac2SAndrew Rist#**************************************************************
5*7e90fac2SAndrew Rist#
6*7e90fac2SAndrew Rist#  Licensed to the Apache Software Foundation (ASF) under one
7*7e90fac2SAndrew Rist#  or more contributor license agreements.  See the NOTICE file
8*7e90fac2SAndrew Rist#  distributed with this work for additional information
9*7e90fac2SAndrew Rist#  regarding copyright ownership.  The ASF licenses this file
10*7e90fac2SAndrew Rist#  to you under the Apache License, Version 2.0 (the
11*7e90fac2SAndrew Rist#  "License"); you may not use this file except in compliance
12*7e90fac2SAndrew Rist#  with the License.  You may obtain a copy of the License at
13*7e90fac2SAndrew Rist#
14*7e90fac2SAndrew Rist#    http://www.apache.org/licenses/LICENSE-2.0
15*7e90fac2SAndrew Rist#
16*7e90fac2SAndrew Rist#  Unless required by applicable law or agreed to in writing,
17*7e90fac2SAndrew Rist#  software distributed under the License is distributed on an
18*7e90fac2SAndrew Rist#  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
19*7e90fac2SAndrew Rist#  KIND, either express or implied.  See the License for the
20*7e90fac2SAndrew Rist#  specific language governing permissions and limitations
21*7e90fac2SAndrew Rist#  under the License.
22*7e90fac2SAndrew Rist#
23*7e90fac2SAndrew Rist#**************************************************************
24*7e90fac2SAndrew Rist
25*7e90fac2SAndrew Rist
26cdf0e10cSrcweir
27cdf0e10cSrcweiruse strict;
28cdf0e10cSrcweiruse Getopt::Long;
29cdf0e10cSrcweir
30cdf0e10cSrcweirmy $debug = 0;
31cdf0e10cSrcweirmy $max_files = 20; 		  # sign $max_files with one command line
32cdf0e10cSrcweir
33cdf0e10cSrcweir#### globals #####
34cdf0e10cSrcweirmy $myname 		= "";
35cdf0e10cSrcweirmy $opt_dir 	= "";
36cdf0e10cSrcweirmy $opt_exclude = "";         # file with a list of not signable dll and exe files
37cdf0e10cSrcweirmy $opt_verbose = 0;
38cdf0e10cSrcweirmy $opt_help	= 0;
39cdf0e10cSrcweirmy $opt_log		= "";		  # for logging
40cdf0e10cSrcweirmy $opt_pass	= "";         # password for signing
41cdf0e10cSrcweirmy $opt_pfxfile = "";		  # Personal Information Exchange file
42cdf0e10cSrcweirmy $opt_timestamp_url = "";   # timestamp url
43cdf0e10cSrcweirmy %exclude_files = ();  	  # list of not signable dll and exe files
44cdf0e10cSrcweirmy $signtool    = "signtool.exe sign";
45cdf0e10cSrcweirmy @args		= ();
46cdf0e10cSrcweirmy @files_to_sign = ();
47cdf0e10cSrcweir
48cdf0e10cSrcweir#### main #####
49cdf0e10cSrcweir$myname = script_id();
50cdf0e10cSrcweirif ( $#ARGV < 2 ) {
51cdf0e10cSrcweir	usage();
52cdf0e10cSrcweir    exit(1);
53cdf0e10cSrcweir}
54cdf0e10cSrcweir@args = parse_options();
55cdf0e10cSrcweirget_exclude_files();
56cdf0e10cSrcweir@files_to_sign = get_files(\@args);
57cdf0e10cSrcweirif ( $opt_log ) {               # logging
58cdf0e10cSrcweir	open(LOG,">$opt_log") || die "Can't open log file $opt_log\n";
59cdf0e10cSrcweir}
60cdf0e10cSrcweirsign_files(\@files_to_sign);
61cdf0e10cSrcweirclose LOG if ($opt_log);        # logging
62cdf0e10cSrcweirexit 0;
63cdf0e10cSrcweir
64cdf0e10cSrcweir
65cdf0e10cSrcweir#### subroutines ####
66cdf0e10cSrcweir
67cdf0e10cSrcweirsub script_id
68cdf0e10cSrcweir{
69cdf0e10cSrcweir    ( my $script_name = $0 ) =~ s/^.*[\\\/]([\w\.]+)$/$1/;
70cdf0e10cSrcweir
71cdf0e10cSrcweir    my $script_rev;
72cdf0e10cSrcweir    my $id_str = ' $Revision$ ';
73cdf0e10cSrcweir    $id_str =~ /Revision:\s+(\S+)\s+\$/
74cdf0e10cSrcweir      ? ($script_rev = $1) : ($script_rev = "-");
75cdf0e10cSrcweir#    print "\n$script_name -- version: $script_rev\n";
76cdf0e10cSrcweir    return $script_name;
77cdf0e10cSrcweir}
78cdf0e10cSrcweir
79cdf0e10cSrcweir############################################################################
80cdf0e10cSrcweirsub parse_options		#09.07.2007 08:13
81cdf0e10cSrcweir############################################################################
82cdf0e10cSrcweir{
83cdf0e10cSrcweir	# e exclude list file
84cdf0e10cSrcweir	# v verbose
85cdf0e10cSrcweir	my $success = GetOptions('h' => \$opt_help,
86cdf0e10cSrcweir         'd=s' => \$opt_dir, 'e=s'=>\$opt_exclude, 'f=s'=>\$opt_pfxfile, 'l=s'=>\$opt_log,
87cdf0e10cSrcweir		 'p=s'=>\$opt_pass,'v'=>\$opt_verbose, 't=s'=>\$opt_timestamp_url);
88cdf0e10cSrcweir    if ( !$success || $opt_help ) {
89cdf0e10cSrcweir        usage();
90cdf0e10cSrcweir        exit(1);
91cdf0e10cSrcweir    }
92cdf0e10cSrcweir	if ( !$opt_exclude || !$opt_pfxfile || !$opt_pass || !$opt_timestamp_url) {
93cdf0e10cSrcweir		print "ERROR: Parameter missing!\n!";
94cdf0e10cSrcweir        usage();
95cdf0e10cSrcweir        exit(1);
96cdf0e10cSrcweir	}
97cdf0e10cSrcweir	return @ARGV;
98cdf0e10cSrcweir}	##parse_options
99cdf0e10cSrcweir
100cdf0e10cSrcweir############################################################################
101cdf0e10cSrcweirsub get_exclude_files		#09.07.2007 10:12
102cdf0e10cSrcweir############################################################################
103cdf0e10cSrcweir{
104cdf0e10cSrcweir	if ( -e $opt_exclude ) {
105cdf0e10cSrcweir            # get data from cache file
106cdf0e10cSrcweir            open( IN, "<$opt_exclude") || die "Can't open exclude file $opt_exclude\n";
107cdf0e10cSrcweir            while ( my $line = <IN> ) {
108cdf0e10cSrcweir			chomp($line);
109cdf0e10cSrcweir			$exclude_files{$line} = 1;			# fill hash
110cdf0e10cSrcweir			print "$line - $exclude_files{$line}\n" if ($debug);
111cdf0e10cSrcweir            }
112cdf0e10cSrcweir        } else
113cdf0e10cSrcweir        {
114cdf0e10cSrcweir			print_error("Can't open $opt_exclude file!\n");
115cdf0e10cSrcweir		}
116cdf0e10cSrcweir}	##get_exclude_files
117cdf0e10cSrcweir
118cdf0e10cSrcweir############################################################################
119cdf0e10cSrcweirsub get_files		#10.07.2007 10:19
120cdf0e10cSrcweir############################################################################
121cdf0e10cSrcweir {
122cdf0e10cSrcweir	use File::Basename;
123cdf0e10cSrcweir    my $target = shift;
124cdf0e10cSrcweir	my $file_pattern;
125cdf0e10cSrcweir	my $file;
126cdf0e10cSrcweir	my @files = ();
127cdf0e10cSrcweir	print "\n";
128cdf0e10cSrcweir	foreach $file_pattern ( @$target )
129cdf0e10cSrcweir	{
130cdf0e10cSrcweir		print "Files: $file_pattern\n";
131cdf0e10cSrcweir        foreach $file ( glob( $file_pattern ) )
132cdf0e10cSrcweir		{
133cdf0e10cSrcweir            my $lib = File::Basename::basename $file;
134cdf0e10cSrcweir			if ( ! $exclude_files{$lib} ) {
135cdf0e10cSrcweir				push @files,$file;
136cdf0e10cSrcweir			}
137cdf0e10cSrcweir			else
138cdf0e10cSrcweir			{
139cdf0e10cSrcweir				print "exclude=$lib\n" if ($opt_verbose);
140cdf0e10cSrcweir			}
141cdf0e10cSrcweir		}
142cdf0e10cSrcweir	}
143cdf0e10cSrcweir	print "\n";
144cdf0e10cSrcweir	return @files;
145cdf0e10cSrcweir}	##get_files
146cdf0e10cSrcweir
147cdf0e10cSrcweir############################################################################
148cdf0e10cSrcweirsub sign_files		#09.07.2007 10:36
149cdf0e10cSrcweir############################################################################
150cdf0e10cSrcweir{
151cdf0e10cSrcweir	my $files_to_sign = shift;
152cdf0e10cSrcweir	my $commandline_base = ""; # contains whole stuff without the file name
153cdf0e10cSrcweir	my $file = "";
154cdf0e10cSrcweir	my $result = "";
155cdf0e10cSrcweir
156cdf0e10cSrcweir	print_error("Can't open PFX file: $opt_pfxfile\n") if ( ! -e $opt_pfxfile );
157cdf0e10cSrcweir	print_error("Password is empty\n") if ( !$opt_pass );
158cdf0e10cSrcweir	if ( $opt_pass =~ /\.exe$/ ) {
159cdf0e10cSrcweir		# get password by tool
160cdf0e10cSrcweir		open(PIPE, "$opt_pass 2>&1 |") || die "Can't open PIPE!\n";
161cdf0e10cSrcweir		my $pass = <PIPE>;
162cdf0e10cSrcweir		close PIPE;
163cdf0e10cSrcweir		print_error("Can't get password!\n") if ( !$pass ); # exit here
164cdf0e10cSrcweir		$opt_pass = $pass;
165cdf0e10cSrcweir	}
166cdf0e10cSrcweir	$signtool .= " -v" if ($opt_verbose);
167cdf0e10cSrcweir	$commandline_base = $signtool . " " . "-f $opt_pfxfile -p $opt_pass -t $opt_timestamp_url";
168cdf0e10cSrcweir
169cdf0e10cSrcweir	# Here switch between:
170cdf0e10cSrcweir	# one command line for muliple files (all doesn't work, too much) / for each file one command line
171cdf0e10cSrcweir	if ( $max_files > 1 ) {
172cdf0e10cSrcweir		exec_multi_sign($files_to_sign, $commandline_base);
173cdf0e10cSrcweir	} else
174cdf0e10cSrcweir	{
175cdf0e10cSrcweir		exec_single_sign($files_to_sign, $commandline_base);
176cdf0e10cSrcweir	}
177cdf0e10cSrcweir}	##sign_files
178cdf0e10cSrcweir
179cdf0e10cSrcweir############################################################################
180cdf0e10cSrcweirsub exec_single_sign		#11.07.2007 09:05
181cdf0e10cSrcweir############################################################################
182cdf0e10cSrcweir{
183cdf0e10cSrcweir	my $files_to_sign    = shift;
184cdf0e10cSrcweir	my $commandline_base = shift; 				  # contains whole stuff without the file name
185cdf0e10cSrcweir	my $file = "";
186cdf0e10cSrcweir	my $commandline = "";
187cdf0e10cSrcweir
188cdf0e10cSrcweir	foreach $file (@$files_to_sign)
189cdf0e10cSrcweir	{
190cdf0e10cSrcweir		$commandline = $commandline_base . " $file";
191cdf0e10cSrcweir		print "$commandline\n" if ($debug);
192cdf0e10cSrcweir		execute($commandline);
193cdf0e10cSrcweir	} #foreach
194cdf0e10cSrcweir}	##exec_single_sign
195cdf0e10cSrcweir
196cdf0e10cSrcweir############################################################################
197cdf0e10cSrcweirsub exec_multi_sign		#11.07.2007 08:56
198cdf0e10cSrcweir############################################################################
199cdf0e10cSrcweir {
200cdf0e10cSrcweir	# sign multiple file with one command line
201cdf0e10cSrcweir	my $files_to_sign    = shift;
202cdf0e10cSrcweir	my $commandline_base = shift; 				  # contains whole stuff without the file name
203cdf0e10cSrcweir	my $commandline = $commandline_base;	      # contains stuff which will be executed
204cdf0e10cSrcweir	my $file = "";
205cdf0e10cSrcweir	my $counter = 0;
206cdf0e10cSrcweir
207cdf0e10cSrcweir	foreach $file (@$files_to_sign)
208cdf0e10cSrcweir	{
209cdf0e10cSrcweir		$commandline .= " $file";
210cdf0e10cSrcweir		++$counter;
211cdf0e10cSrcweir		if ( $counter >= $max_files ) {
212cdf0e10cSrcweir			execute($commandline);
213cdf0e10cSrcweir			$counter = 0;						 # reset counter
214cdf0e10cSrcweir			$commandline = $commandline_base;    # reset command line
215cdf0e10cSrcweir		}
216cdf0e10cSrcweir	}
217cdf0e10cSrcweir	execute($commandline) if ($counter > 0);
218cdf0e10cSrcweir}	##exec_multi_sign
219cdf0e10cSrcweir
220cdf0e10cSrcweir############################################################################
221cdf0e10cSrcweirsub execute		#11.07.2007 10:02
222cdf0e10cSrcweir############################################################################
223cdf0e10cSrcweir{
224cdf0e10cSrcweir	my $commandline = shift;
225cdf0e10cSrcweir	my $result = "";
226cdf0e10cSrcweir
227cdf0e10cSrcweir  	print "$commandline\n" if ($debug);
228cdf0e10cSrcweir  	open(PIPE, "$commandline 2>&1 |") || die "Error: Cant open pipe!\n";
229cdf0e10cSrcweir  	while ( $result = <PIPE> ) {
230cdf0e10cSrcweir  		print LOG "$result" if ($opt_log);        # logging
231cdf0e10cSrcweir  		if ( $result =~ /SignTool Error\:/ ) {
232cdf0e10cSrcweir			close PIPE;
233cdf0e10cSrcweir  			print_error( "$result\n" );
234cdf0e10cSrcweir  		} # if error
235cdf0e10cSrcweir  	} # while
236cdf0e10cSrcweir  	close PIPE;
237cdf0e10cSrcweir}	##execute
238cdf0e10cSrcweir
239cdf0e10cSrcweir############################################################################
240cdf0e10cSrcweirsub print_error		#09.07.2007 11:21
241cdf0e10cSrcweir############################################################################
242cdf0e10cSrcweir {
243cdf0e10cSrcweir	my $text = shift;
244cdf0e10cSrcweir	print "ERROR: $text\n";
245cdf0e10cSrcweir	print LOG "ERROR: $text\n" if ($opt_log);        # logging
246cdf0e10cSrcweir	close LOG if ($opt_log);        				 # logging
247cdf0e10cSrcweir	exit(1);
248cdf0e10cSrcweir}	##print_error
249cdf0e10cSrcweir
250cdf0e10cSrcweir############################################################################
251cdf0e10cSrcweirsub usage		#09.07.2007 08:39
252cdf0e10cSrcweir############################################################################
253cdf0e10cSrcweir {
254cdf0e10cSrcweir	print "Usage:\t $myname <-e filename> <-f filename> <-p password> <-t timestamp> [-l filename] [-v] <file[list]> \n";
255cdf0e10cSrcweir    print "Options:\n";
256cdf0e10cSrcweir	print "\t -e filename\t\t\tFile which contains a list of files which don't have to be signed.\n";
257cdf0e10cSrcweir    print                            "Mandatory.\n";
258cdf0e10cSrcweir    print "\t -f pfx_filename\t\t\"Personal Information Exchange\" file. ";
259cdf0e10cSrcweir    print                            "Mandatory.\n";
260cdf0e10cSrcweir    print "\t -p password\t\t\tPassword for \"Personal Information Exchange\" file. Mandatory.\n";
261cdf0e10cSrcweir    print "\t -t timestamp\t\t\tTimestamp URL e.g. \"http://timestamp.verisign.com/scripts/timstamp.dll\"\n";
262cdf0e10cSrcweir    print "\t\t\t\t\tMandatory.\n";
263cdf0e10cSrcweir	print "\t -l log_filename\t\tFile for logging.\n";
264cdf0e10cSrcweir    print "\t -v\t\t\t\tVerbose.\n";
265cdf0e10cSrcweir}	##usage
266cdf0e10cSrcweir
267cdf0e10cSrcweir
268cdf0e10cSrcweir
269cdf0e10cSrcweir
270