[tor-commits] [tor-browser-spec/master] Bug 29614: Take SHA-256 timestamping into account

sysrqb at torproject.org sysrqb at torproject.org
Thu May 7 20:54:50 UTC 2020 

commit 26d833f346d9d7bf795fe1cec819555595d739f1
Author: Georg Koppen <gk at torproject.org>
Date:   Mon Apr 20 15:00:42 2020 +0000

    Bug 29614: Take SHA-256 timestamping into account
---
 processes/AuthenticodeSigning | 33 +++++++++++++++++++++++++++++++--
 1 file changed, 31 insertions(+), 2 deletions(-)

diff --git a/processes/AuthenticodeSigning b/processes/AuthenticodeSigning
index 7829ef9..69b73f2 100644
--- a/processes/AuthenticodeSigning
+++ b/processes/AuthenticodeSigning
@@ -56,6 +56,7 @@ Signing and timestamping
 
 - path/to/osslsigncode -pkcs11engine /usr/lib/engines/engine_pkcs11.so \
                        -pkcs11module /usr/lib/libeTPkcs11.so           \
+                       -h sha256                                       \
                        -certs tpo_cert.crt                             \
                        -key 29643b7ac0003d8a882f8a4a6e064110d96b980b   \
                        torbrowser-install-XXX.exe tb-XXX-signed.exe
@@ -65,13 +66,16 @@ process by using `-pass $pass` as an additional commandline parameter
 
 4) Timestamping the executable(s):
 
-- path/to/osslsigncode add -t http://timestamp.digicert.com \
+- path/to/osslsigncode add -ts http://timestamp.digicert.com \
+                           -h sha256 \
                            -p socks://127.0.0.1:9050 \
                            torbrowser-install-XXX.exe tb-XXX-timestamped.exe
 
 Note: the current tip of osslsigncode's master branch does not allow the
 decoupling of signing and timestamping. In order to do so one needs to apply
-the following patch:
+the following patches:
+
+1.
 
 From 28b384e77fa0d4dd38751a0c72ab5976d2e38f75 Mon Sep 17 00:00:00 2001
 From: Georg Koppen <gk at torproject.org>
@@ -107,4 +111,29 @@ index 32e37c8..2978c02 100644
 --
 2.7.0
 
+2.
+
+From 8159546dfa270da0e3512dcba983ce15029111d0 Mon Sep 17 00:00:00 2001
+From: Georg Koppen <gk at torproject.org>
+Date: Sat, 11 Apr 2020 05:50:36 +0000
+Subject: [PATCH] fixup! Allow timestamping with the 'add' command
+
+
+diff --git a/osslsigncode.c b/osslsigncode.c
+index 3797458..4f4b897 100644
+--- a/osslsigncode.c
++++ b/osslsigncode.c
+@@ -2447,7 +2447,7 @@ int main(int argc, char **argv)
+ 		} else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-n")) {
+ 			if (--argc < 1) usage(argv0);
+ 			desc = *(++argv);
+-		} else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-h")) {
++		} else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-h")) {
+ 			if (--argc < 1) usage(argv0);
+ 			++argv;
+ 			if (!strcmp(*argv, "md5")) {
+--
+2.26.0
 
+For compilation against OpenSSL 1.1.x see the patch(es) at:
+https://sourceforge.net/p/osslsigncode/patches/10/

More information about the tor-commits mailing list