VirtualBox

Changeset 93249 in vbox


Ignore:
Timestamp:
Jan 15, 2022 1:13:13 AM (3 years ago)
Author:
vboxsync
svn:sync-xref-src-repo-rev:
149311
Message:

/Config.kmk: Adjusted VBOX_SIGN_IMAGE_WITH_EV_FN to make it able to sign VBOX_RTSIGNTOOL itself. bugref:10162

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Config.kmk

    r93248 r93249  
    39803980  ## Local SHA-1 and SHA-256 signatures with EV SHA-256 signature from corp code signing.
    39813981  #
    3982   # This builds on Plan B, since the corp code signing always replaces existing signatures.
     3982  # This builds on Plan B, since the corp code signing always replaces existing
     3983  # signatures. Since we're signing more, though, we do things slightly differently
     3984  # so we can apply this to VBOX_RTSIGNTOOL as well.
     3985  #
    39833986  # So, here is what we do.
    3984   #   1. Sign $1 using local SHA-1 certificate.
    3985   #   2. Make temporary copy of $1 as $1.ccs
    3986   #   3. Do SHA-256 corp code signing of $1.ccs
    3987   #   4. Add the SHA-256 signature from $1.ccs to $1 using bldRTSignTool.
    3988   #   5. Delete $1.ccs.
     3987  #   1. Sign $1 using the regular signing, probably dual signing it using local certs.
     3988  #   2. Make temporary copy of $1 as $1.dual
     3989  #   3. Do SHA-256 corp code signing of $1
     3990  #   4. Add the SHA-256 signature from $1 to $1.dual using bldRTSignTool.
     3991  #   5. Replace $1 with $1.dual.
    39893992  #
    39903993  # @param 1  The file to sign.
     
    39923995  # @param 3  Additional parameters. Optional.
    39933996  # @param 4  Set to 2 if the expression will be expanded twice before chopped into commands (for _CMDS).
    3994   # @param 5  Disables dual signing if non-empty.
     3997  # @param 5  Disables dual & tripple signing if non-empty.
     3998  # @param 6  Disables tripple signing if non-empty.
    39953999  #
    39964000  # @remarks The parameters are the same as VBOX_SIGN_FILE_FN.
    39974001  VBOX_SIGN_IMAGE_WITH_EV_FN = $(call VBOX_SIGN_FILE_FN,$1,$2,$3,$4,$5)$(if-expr "$5" == "",\
    3998         $(if-expr "$4" == "2",$$(NLTAB),$(NLTAB))$(RM) -f -- "$1.ccs" \
    3999         $(if-expr "$4" == "2",$$(NLTAB),$(NLTAB))$(CP) -- "$1" "$1.ccs" \
    4000         $(if-expr "$4" == "2",$$(NLTAB),$(NLTAB))$(call VBOX_CCS_SIGN_CMD,microsoftev,$1.ccs,,-digest_algo SHA2) \
    4001         $(if-expr "$4" == "2",$$(NLTAB),$(NLTAB))$(VBOX_RTSIGNTOOL) add-nested-$(if-expr "$(suffix $1)" == ".cat",cat,exe)-signature -v "$1" "$1.ccs" \
    4002         $(if-expr "$4" == "2",$$(NLTAB),$(NLTAB))$(RM) -f -- "$1.ccs" \
     4002        $(if-expr "$4" == "2",$$(NLTAB),$(NLTAB))$(RM) -f -- "$1.dual" \
     4003        $(if-expr "$4" == "2",$$(NLTAB),$(NLTAB))$(CP) -- "$1" "$1.dual" \
     4004        $(if-expr "$4" == "2",$$(NLTAB),$(NLTAB))$(call VBOX_CCS_SIGN_CMD,microsoftev,$1,,-digest_algo SHA2) \
     4005        $(if-expr "$4" == "2",$$(NLTAB),$(NLTAB))$(VBOX_RTSIGNTOOL) add-nested-$(if-expr "$(suffix $1)" == ".cat",cat,exe)-signature -v "$1.dual" "$1" \
     4006        $(if-expr "$4" == "2",$$(NLTAB),$(NLTAB))$(MV) -f -- "$1.dual" "$1" \
    40034007        ,)
    40044008
Note: See TracChangeset for help on using the changeset viewer.

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette