[tor-commits] [Git][tpo/applications/tor-browser-build][maint-12.0] 2 commits: Bug 40875: Re-enable Windows code signing in do-all-signing

Fri Jun 9 07:10:30 UTC 2023

boklm pushed to branch maint-12.0 at The Tor Project / Applications / tor-browser-build


Commits:
5966b10a by Nicolas Vigier at 2023-06-08T12:45:18+02:00
Bug 40875: Re-enable Windows code signing in do-all-signing

- - - - -
2cdecd5b by Nicolas Vigier at 2023-06-08T12:45:33+02:00
Bug 40877: Update osslsigncode to more recent version

- - - - -


6 changed files:

- − projects/osslsigncode/0001-Make-code-work-with-OpenSSL-1.1.patch
- projects/osslsigncode/build
- projects/osslsigncode/config
- − projects/osslsigncode/timestamping.patch
- tools/signing/authenticode-timestamping.sh
- tools/signing/do-all-signing


Changes:

=====================================
projects/osslsigncode/0001-Make-code-work-with-OpenSSL-1.1.patch deleted
=====================================
@@ -1,324 +0,0 @@
-From 86931f9d7c3d73b97010e598a5ad41ea4fab2b63 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= <Reimar.Doeffinger at gmx.de>
-Date: Sun, 12 Mar 2017 23:00:12 +0100
-Subject: [PATCH] Make code work with OpenSSL 1.1.
-
-Changes in consist of:
-- Use EVP_MD_CTX_new/free API instead of on-stack allocation
-- Remove some M_ prefixes like for ASN1_IA5STRING_new
-- Remove pagehash functionality because it is useless to me and
-  fixing it would be a pain. Would require declaring a few
-  ASN_SEQUENCES and use that to get the required i2d functions
-  from what I could find out.
-- Remove OBJ_create calls that seem to serve no purpose,
-  now crash because NULL pointers are no longer handled
-  (who changes API that way?!) and even if that was fixed
-  lead to errors when these objects are later created
-  again/"for real" by OBJ_txt2nid or OBJ_txt2obj (I think,
-  did not investigate further).
-
-diff --git a/osslsigncode.c b/osslsigncode.c
-index 2978c02..3797458 100644
---- a/osslsigncode.c
-+++ b/osslsigncode.c
-@@ -450,16 +450,16 @@ static SpcSpOpusInfo* createOpus(const char *desc, const char *url)
- 	if (desc) {
- 		info->programName = SpcString_new();
- 		info->programName->type = 1;
--		info->programName->value.ascii = M_ASN1_IA5STRING_new();
--		ASN1_STRING_set((ASN1_STRING *)info->programName->value.ascii,
-+		info->programName->value.ascii = ASN1_IA5STRING_new();
-+		ASN1_STRING_set(info->programName->value.ascii,
- 						(const unsigned char*)desc, strlen(desc));
- 	}
- 
- 	if (url) {
- 		info->moreInfo = SpcLink_new();
- 		info->moreInfo->type = 0;
--		info->moreInfo->value.url = M_ASN1_IA5STRING_new();
--		ASN1_STRING_set((ASN1_STRING *)info->moreInfo->value.url,
-+		info->moreInfo->value.url = ASN1_IA5STRING_new();
-+		ASN1_STRING_set(info->moreInfo->value.url,
- 						(const unsigned char*)url, strlen(url));
- 	}
- 
-@@ -609,19 +609,20 @@ static int add_timestamp(PKCS7 *sig, char *url, char *proxy, int rfc3161, const
- 
- 	if (rfc3161) {
- 		unsigned char mdbuf[EVP_MAX_MD_SIZE];
--		EVP_MD_CTX mdctx;
-+		EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
- 
--		EVP_MD_CTX_init(&mdctx);
--		EVP_DigestInit(&mdctx, md);
--		EVP_DigestUpdate(&mdctx, si->enc_digest->data, si->enc_digest->length);
--		EVP_DigestFinal(&mdctx, mdbuf, NULL);
-+		EVP_DigestInit(mdctx, md);
-+		EVP_DigestUpdate(mdctx, si->enc_digest->data, si->enc_digest->length);
-+		EVP_DigestFinal(mdctx, mdbuf, NULL);
-+		EVP_MD_CTX_free(mdctx);
-+		mdctx = NULL;
- 
- 		TimeStampReq *req = TimeStampReq_new();
- 		ASN1_INTEGER_set(req->version, 1);
- 		req->messageImprint->digestAlgorithm->algorithm = OBJ_nid2obj(EVP_MD_nid(md));
- 		req->messageImprint->digestAlgorithm->parameters = ASN1_TYPE_new();
- 		req->messageImprint->digestAlgorithm->parameters->type = V_ASN1_NULL;
--		M_ASN1_OCTET_STRING_set(req->messageImprint->digest, mdbuf, EVP_MD_size(md));
-+		ASN1_OCTET_STRING_set(req->messageImprint->digest, mdbuf, EVP_MD_size(md));
- 		req->certReq = (void*)0x1;
- 
- 		len = i2d_TimeStampReq(req, NULL);
-@@ -921,83 +922,8 @@ static const unsigned char classid_page_hash[] = {
- 	0xAE, 0x05, 0xA2, 0x17, 0xDA, 0x8E, 0x60, 0xD6
- };
- 
--static unsigned char *calc_page_hash(char *indata, unsigned int peheader, int pe32plus,
--									 unsigned int sigpos, int phtype, unsigned int *phlen);
--
--DECLARE_STACK_OF(ASN1_OCTET_STRING)
--#ifndef sk_ASN1_OCTET_STRING_new_null
--#define sk_ASN1_OCTET_STRING_new_null() SKM_sk_new_null(ASN1_OCTET_STRING)
--#define sk_ASN1_OCTET_STRING_free(st) SKM_sk_free(ASN1_OCTET_STRING, (st))
--#define sk_ASN1_OCTET_STRING_push(st, val) SKM_sk_push(ASN1_OCTET_STRING, (st), (val))
--#define i2d_ASN1_SET_OF_ASN1_OCTET_STRING(st, pp, i2d_func, ex_tag, ex_class, is_set) \
--	SKM_ASN1_SET_OF_i2d(ASN1_OCTET_STRING, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
--#endif
--
--DECLARE_STACK_OF(SpcAttributeTypeAndOptionalValue)
--#ifndef sk_SpcAttributeTypeAndOptionalValue_new_null
--#define sk_SpcAttributeTypeAndOptionalValue_new_null() SKM_sk_new_null(SpcAttributeTypeAndOptionalValue)
--#define sk_SpcAttributeTypeAndOptionalValue_free(st) SKM_sk_free(SpcAttributeTypeAndOptionalValue, (st))
--#define sk_SpcAttributeTypeAndOptionalValue_push(st, val) SKM_sk_push(SpcAttributeTypeAndOptionalValue, (st), (val))
--#define i2d_SpcAttributeTypeAndOptionalValue(st, pp, i2d_func, ex_tag, ex_class, is_set) \
--	SKM_ASN1_SET_OF_i2d(SpcAttributeTypeAndOptionalValue, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
--#endif
--
--static SpcLink *get_page_hash_link(int phtype, char *indata, unsigned int peheader, int pe32plus, unsigned int sigpos)
--{
--	unsigned int phlen;
--	unsigned char *ph = calc_page_hash(indata, peheader, pe32plus, sigpos, phtype, &phlen);
--	if (!ph) {
--		fprintf(stderr, "Failed to calculate page hash\n");
--		exit(-1);
--	}
--
--	ASN1_OCTET_STRING *ostr = M_ASN1_OCTET_STRING_new();
--	M_ASN1_OCTET_STRING_set(ostr, ph, phlen);
--	free(ph);
--
--	STACK_OF(ASN1_OCTET_STRING) *oset = sk_ASN1_OCTET_STRING_new_null();
--	sk_ASN1_OCTET_STRING_push(oset, ostr);
--	unsigned char *p, *tmp;
--	unsigned int l;
--	l = i2d_ASN1_SET_OF_ASN1_OCTET_STRING(oset, NULL, i2d_ASN1_OCTET_STRING,
--										  V_ASN1_SET, V_ASN1_UNIVERSAL, IS_SET);
--	tmp = p = OPENSSL_malloc(l);
--	i2d_ASN1_SET_OF_ASN1_OCTET_STRING(oset, &tmp, i2d_ASN1_OCTET_STRING,
--									  V_ASN1_SET, V_ASN1_UNIVERSAL, IS_SET);
--	ASN1_OCTET_STRING_free(ostr);
--	sk_ASN1_OCTET_STRING_free(oset);
--
--	SpcAttributeTypeAndOptionalValue *aval = SpcAttributeTypeAndOptionalValue_new();
--	aval->type = OBJ_txt2obj((phtype == NID_sha1) ? SPC_PE_IMAGE_PAGE_HASHES_V1 : SPC_PE_IMAGE_PAGE_HASHES_V2, 1);
--	aval->value = ASN1_TYPE_new();
--	aval->value->type = V_ASN1_SET;
--	aval->value->value.set = ASN1_STRING_new();
--	ASN1_STRING_set(aval->value->value.set, p, l);
--	OPENSSL_free(p);
--
--	STACK_OF(SpcAttributeTypeAndOptionalValue) *aset = sk_SpcAttributeTypeAndOptionalValue_new_null();
--	sk_SpcAttributeTypeAndOptionalValue_push(aset, aval);
--	l = i2d_SpcAttributeTypeAndOptionalValue(aset, NULL, i2d_SpcAttributeTypeAndOptionalValue,
--											 V_ASN1_SET, V_ASN1_UNIVERSAL, IS_SET);
--	tmp = p = OPENSSL_malloc(l);
--	l = i2d_SpcAttributeTypeAndOptionalValue(aset, &tmp, i2d_SpcAttributeTypeAndOptionalValue,
--											 V_ASN1_SET, V_ASN1_UNIVERSAL, IS_SET);
--	sk_SpcAttributeTypeAndOptionalValue_free(aset);
--	SpcAttributeTypeAndOptionalValue_free(aval);
--
--	SpcSerializedObject *so = SpcSerializedObject_new();
--	M_ASN1_OCTET_STRING_set(so->classId, classid_page_hash, sizeof(classid_page_hash));
--	M_ASN1_OCTET_STRING_set(so->serializedData, p, l);
--	OPENSSL_free(p);
--
--	SpcLink *link = SpcLink_new();
--	link->type = 1;
--	link->value.moniker = so;
--	return link;
--}
--
- static void get_indirect_data_blob(u_char **blob, int *len, const EVP_MD *md, file_type_t type,
--								   int pagehash, char *indata, unsigned int peheader, int pe32plus,
-+								   char *indata, unsigned int peheader, int pe32plus,
- 								   unsigned int sigpos)
- {
- 	static const unsigned char msistr[] = {
-@@ -1024,14 +950,7 @@ static void get_indirect_data_blob(u_char **blob, int *len, const EVP_MD *md, fi
- 	} else if (type == FILE_TYPE_PE) {
- 		SpcPeImageData *pid = SpcPeImageData_new();
- 		ASN1_BIT_STRING_set(pid->flags, (unsigned char*)"0", 0);
--		if (pagehash) {
--			int phtype = NID_sha1;
--			if (EVP_MD_size(md) > EVP_MD_size(EVP_sha1()))
--				phtype = NID_sha256;
--			pid->file = get_page_hash_link(phtype, indata, peheader, pe32plus, sigpos);
--		} else {
--			pid->file = get_obsolete_link();
--		}
-+		pid->file = get_obsolete_link();
- 		l = i2d_SpcPeImageData(pid, NULL);
- 		p = OPENSSL_malloc(l);
- 		i2d_SpcPeImageData(pid, &p);
-@@ -1046,7 +965,7 @@ static void get_indirect_data_blob(u_char **blob, int *len, const EVP_MD *md, fi
- 		ASN1_INTEGER_set(si->d, 0);
- 		ASN1_INTEGER_set(si->e, 0);
- 		ASN1_INTEGER_set(si->f, 0);
--		M_ASN1_OCTET_STRING_set(si->string, msistr, sizeof(msistr));
-+		ASN1_OCTET_STRING_set(si->string, msistr, sizeof(msistr));
- 		l = i2d_SpcSipInfo(si, NULL);
- 		p = OPENSSL_malloc(l);
- 		i2d_SpcSipInfo(si, &p);
-@@ -1068,7 +987,7 @@ static void get_indirect_data_blob(u_char **blob, int *len, const EVP_MD *md, fi
- 	hashlen = EVP_MD_size(md);
- 	hash = OPENSSL_malloc(hashlen);
- 	memset(hash, 0, hashlen);
--	M_ASN1_OCTET_STRING_set(idc->messageDigest->digest, hash, hashlen);
-+	ASN1_OCTET_STRING_set(idc->messageDigest->digest, hash, hashlen);
- 	OPENSSL_free(hash);
- 
- 	*len  = i2d_SpcIndirectDataContent(idc, NULL);
-@@ -1923,19 +1842,18 @@ static void calc_pe_digest(BIO *bio, const EVP_MD *md, unsigned char *mdbuf,
- 						   unsigned int peheader, int pe32plus, unsigned int fileend)
- {
- 	static unsigned char bfb[16*1024*1024];
--	EVP_MD_CTX mdctx;
-+	EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
- 
--	EVP_MD_CTX_init(&mdctx);
--	EVP_DigestInit(&mdctx, md);
-+	EVP_DigestInit(mdctx, md);
- 
- 	memset(mdbuf, 0, EVP_MAX_MD_SIZE);
- 
- 	(void)BIO_seek(bio, 0);
- 	BIO_read(bio, bfb, peheader + 88);
--	EVP_DigestUpdate(&mdctx, bfb, peheader + 88);
-+	EVP_DigestUpdate(mdctx, bfb, peheader + 88);
- 	BIO_read(bio, bfb, 4);
- 	BIO_read(bio, bfb, 60+pe32plus*16);
--	EVP_DigestUpdate(&mdctx, bfb, 60+pe32plus*16);
-+	EVP_DigestUpdate(mdctx, bfb, 60+pe32plus*16);
- 	BIO_read(bio, bfb, 8);
- 
- 	unsigned int n = peheader + 88 + 4 + 60+pe32plus*16 + 8;
-@@ -1946,11 +1864,12 @@ static void calc_pe_digest(BIO *bio, const EVP_MD *md, unsigned char *mdbuf,
- 		int l = BIO_read(bio, bfb, want);
- 		if (l <= 0)
- 			break;
--		EVP_DigestUpdate(&mdctx, bfb, l);
-+		EVP_DigestUpdate(mdctx, bfb, l);
- 		n += l;
- 	}
- 
--	EVP_DigestFinal(&mdctx, mdbuf, NULL);
-+	EVP_DigestFinal(mdctx, mdbuf, NULL);
-+	EVP_MD_CTX_free(mdctx);
- }
- 
- 
-@@ -2019,16 +1938,15 @@ static unsigned char *calc_page_hash(char *indata, unsigned int peheader, int pe
- 	int phlen = pphlen * (3 + nsections + sigpos / pagesize);
- 	unsigned char *res = malloc(phlen);
- 	unsigned char *zeroes = calloc(pagesize, 1);
--	EVP_MD_CTX mdctx;
--
--	EVP_MD_CTX_init(&mdctx);
--	EVP_DigestInit(&mdctx, md);
--	EVP_DigestUpdate(&mdctx, indata, peheader + 88);
--	EVP_DigestUpdate(&mdctx, indata + peheader + 92, 60 + pe32plus*16);
--	EVP_DigestUpdate(&mdctx, indata + peheader + 160 + pe32plus*16, hdrsize - (peheader + 160 + pe32plus*16));
--	EVP_DigestUpdate(&mdctx, zeroes, pagesize - hdrsize);
-+	EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
-+
-+	EVP_DigestInit(mdctx, md);
-+	EVP_DigestUpdate(mdctx, indata, peheader + 88);
-+	EVP_DigestUpdate(mdctx, indata + peheader + 92, 60 + pe32plus*16);
-+	EVP_DigestUpdate(mdctx, indata + peheader + 160 + pe32plus*16, hdrsize - (peheader + 160 + pe32plus*16));
-+	EVP_DigestUpdate(mdctx, zeroes, pagesize - hdrsize);
- 	memset(res, 0, 4);
--	EVP_DigestFinal(&mdctx, res + 4, NULL);
-+	EVP_DigestFinal(mdctx, res + 4, NULL);
- 
- 	unsigned short sizeofopthdr = GET_UINT16_LE(indata + peheader + 20);
- 	char *sections = indata + peheader + 24 + sizeofopthdr;
-@@ -2040,18 +1958,20 @@ static unsigned char *calc_page_hash(char *indata, unsigned int peheader, int pe
- 		unsigned int l;
- 		for (l=0; l < rs; l+=pagesize, pi++) {
- 			PUT_UINT32_LE(ro + l, res + pi*pphlen);
--			EVP_DigestInit(&mdctx, md);
-+			EVP_DigestInit(mdctx, md);
- 			if (rs - l < pagesize) {
--				EVP_DigestUpdate(&mdctx, indata + ro + l, rs - l);
--				EVP_DigestUpdate(&mdctx, zeroes, pagesize - (rs - l));
-+				EVP_DigestUpdate(mdctx, indata + ro + l, rs - l);
-+				EVP_DigestUpdate(mdctx, zeroes, pagesize - (rs - l));
- 			} else {
--				EVP_DigestUpdate(&mdctx, indata + ro + l, pagesize);
-+				EVP_DigestUpdate(mdctx, indata + ro + l, pagesize);
- 			}
--			EVP_DigestFinal(&mdctx, res + pi*pphlen + 4, NULL);
-+			EVP_DigestFinal(mdctx, res + pi*pphlen + 4, NULL);
- 		}
- 		lastpos = ro + rs;
- 		sections += 40;
- 	}
-+	EVP_MD_CTX_free(mdctx);
-+	mdctx = NULL;
- 	PUT_UINT32_LE(lastpos, res + pi*pphlen);
- 	memset(res + pi*pphlen + 4, 0, EVP_MD_size(md));
- 	pi++;
-@@ -2413,7 +2333,7 @@ int main(int argc, char **argv)
- 	int nturl = 0, ntsurl = 0;
- 	int addBlob = 0;
- 	u_char *p = NULL;
--	int ret = 0, i, len = 0, jp = -1, pe32plus = 0, comm = 0, pagehash = 0;
-+	int ret = 0, i, len = 0, jp = -1, pe32plus = 0, comm = 0;
- 	unsigned int tmp, peheader = 0, padlen = 0;
- 	off_t filesize, fileend, sigfilesize, sigfileend, outdatasize;
- 	file_type_t type;
-@@ -2448,13 +2368,6 @@ int main(int argc, char **argv)
- 	ERR_load_crypto_strings();
- 	OPENSSL_add_all_algorithms_conf();
- 
--	/* create some MS Authenticode OIDS we need later on */
--	if (!OBJ_create(SPC_STATEMENT_TYPE_OBJID, NULL, NULL) ||
--		!OBJ_create(SPC_MS_JAVA_SOMETHING, NULL, NULL) ||
--		!OBJ_create(SPC_SP_OPUS_INFO_OBJID, NULL, NULL) ||
--		!OBJ_create(SPC_NESTED_SIGNATURE_OBJID, NULL, NULL))
--		DO_EXIT_0("Failed to add objects\n");
--
- 	md = EVP_sha1();
- 
- 	if (argc > 1) {
-@@ -2531,8 +2444,6 @@ int main(int argc, char **argv)
- 			readpass = *(++argv);
- 		} else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-comm")) {
- 			comm = 1;
--		} else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-ph")) {
--			pagehash = 1;
- 		} else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-n")) {
- 			if (--argc < 1) usage(argv0);
- 			desc = *(++argv);
-@@ -3243,7 +3154,7 @@ int main(int argc, char **argv)
- 		p7x = NULL;
- 	}
- 
--	get_indirect_data_blob(&p, &len, md, type, pagehash, indata, peheader, pe32plus, fileend);
-+	get_indirect_data_blob(&p, &len, md, type, indata, peheader, pe32plus, fileend);
- 	len -= EVP_MD_size(md);
- 	memcpy(buf, p, len);
- 	OPENSSL_free(p);

--- 
-2.34.1
-


=====================================
projects/osslsigncode/build
=====================================
@@ -4,11 +4,10 @@ distdir=$(pwd)/dist
 mkdir -p $distdir/[% project %]
 tar xf [% project %]-[% c('version') %].tar.gz
 cd [% project %]-[% c('version') %]
-patch -p1 < ../0001-Make-code-work-with-OpenSSL-1.1.patch
-patch -p1 < ../timestamping.patch
 
-./autogen.sh
-./configure --prefix=/[% project %]
+mkdir build
+cd build
+cmake -DCMAKE_INSTALL_PREFIX=/[% project %] -S ..
 make
 make DESTDIR=$distdir install
 


=====================================
projects/osslsigncode/config
=====================================
@@ -1,20 +1,16 @@
 # vim: filetype=yaml sw=2
 version: '[% c("git_hash").substr(0, 12) %]'
 git_url: https://github.com/mtrojnar/osslsigncode
-git_hash: e72a1937d1a13e87074e4584f012f13e03fc1d64
+git_hash: d6f94d71f731868a3df86c6e0b8094da0c1412ed
 filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz'
 container:
   use_container: 0
 var:
   deps:
-    - autoconf
-    - libtool
-    - pkg-config
+    - cmake
     - libssl-dev
     - libcurl4-openssl-dev
 input_files:
-  - filename: 0001-Make-code-work-with-OpenSSL-1.1.patch
-  - filename: timestamping.patch
   - filename: '[% c("var/srcfile") %]'
     enable: '[% c("var/no-git") %]'
 


=====================================
projects/osslsigncode/timestamping.patch deleted
=====================================
@@ -1,56 +0,0 @@
-From 28b384e77fa0d4dd38751a0c72ab5976d2e38f75 Mon Sep 17 00:00:00 2001
-From: Georg Koppen <gk at torproject.org>
-Date: Fri, 5 Feb 2016 09:23:10 +0000
-Subject: [PATCH] Allow timestamping with the 'add' command
-
-
-diff --git a/osslsigncode.c b/osslsigncode.c
-index 32e37c8..2978c02 100644
---- a/osslsigncode.c
-+++ b/osslsigncode.c
-@@ -2556,16 +2556,16 @@ int main(int argc, char **argv)
- 			if (--argc < 1) usage(argv0);
- 			url = *(++argv);
- #ifdef ENABLE_CURL
--		} else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-t")) {
-+		} else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-t")) {
- 			if (--argc < 1) usage(argv0);
- 			turl[nturl++] = *(++argv);
--		} else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-ts")) {
-+		} else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-ts")) {
- 			if (--argc < 1) usage(argv0);
- 			tsurl[ntsurl++] = *(++argv);
--		} else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-p")) {
-+		} else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-p")) {
- 			if (--argc < 1) usage(argv0);
- 			proxy = *(++argv);
--		} else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-noverifypeer")) {
-+		} else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-noverifypeer")) {
- 			noverifypeer = 1;
- #endif
- 		} else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-addUnauthenticatedBlob")) {
---
-2.7.0
-
-
-From 8159546dfa270da0e3512dcba983ce15029111d0 Mon Sep 17 00:00:00 2001
-From: Georg Koppen <gk at torproject.org>
-Date: Sat, 11 Apr 2020 05:50:36 +0000
-Subject: [PATCH] fixup! Allow timestamping with the 'add' command
-
-
-diff --git a/osslsigncode.c b/osslsigncode.c
-index 3797458..4f4b897 100644
---- a/osslsigncode.c
-+++ b/osslsigncode.c
-@@ -2447,7 +2447,7 @@ int main(int argc, char **argv)
- 		} else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-n")) {
- 			if (--argc < 1) usage(argv0);
- 			desc = *(++argv);
--		} else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-h")) {
-+		} else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-h")) {
- 			if (--argc < 1) usage(argv0);
- 			++argv;
- 			if (!strcmp(*argv, "md5")) {
---
-2.26.0


=====================================
tools/signing/authenticode-timestamping.sh
=====================================
@@ -35,7 +35,7 @@ set -e
 script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 source "$script_dir/functions"
 
-osslsigncode_file="$script_dir/../../out/osslsigncode/osslsigncode-e72a1937d1a1-25066d.tar.gz"
+osslsigncode_file="$script_dir/../../out/osslsigncode/osslsigncode-d6f94d71f731-3a61fb.tar.gz"
 
 test -f "$osslsigncode_file" ||
   exit_error "$osslsigncode_file is missing." \


=====================================
tools/signing/do-all-signing
=====================================
@@ -17,9 +17,9 @@ echo
 test -f "$steps_dir/linux-signer-signmars.done" ||
   read -sp "Enter nssdb7 (mar signing) passphrase: " NSSPASS
 echo
-#test -f "$steps_dir/linux-signer-authenticode-signing.done" ||
-#  read -sp "Enter windows authenticode (yubihsm) passphrase: " YUBIPASS
-#echo
+test -f "$steps_dir/linux-signer-authenticode-signing.done" ||
+  read -sp "Enter windows authenticode passphrase: " YUBIPASS
+echo
 test -f "$steps_dir/linux-signer-gpg-sign.done" ||
   read -sp "Enter gpg passphrase: " GPG_PASS
 echo
@@ -193,10 +193,10 @@ do_step dmg2mar
 do_step sync-scripts-to-linux-signer
 do_step linux-signer-signmars
 do_step sync-after-signmars
-#do_step linux-signer-authenticode-signing
-#do_step sync-after-authenticode-signing
-#do_step authenticode-timestamping
-#do_step sync-after-authenticode-timestamping
+do_step linux-signer-authenticode-signing
+do_step sync-after-authenticode-signing
+do_step authenticode-timestamping
+do_step sync-after-authenticode-timestamping
 do_step hash_signed_bundles
 do_step sync-after-hash
 do_step linux-signer-gpg-sign



View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/96f42c6fddf1c28200e54ed503c621586a74bbc1...2cdecd5b80a5056e8567a488fff1048abbdec14e

-- 
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/96f42c6fddf1c28200e54ed503c621586a74bbc1...2cdecd5b80a5056e8567a488fff1048abbdec14e
You're receiving this email because of your account on gitlab.torproject.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-commits/attachments/20230609/e8f0b826/attachment-0001.htm>
