[tbb-commits] [builders/tor-browser-build] 05/09: Bug 40476: Improve linux-signer-authenticode-signing
gitolite role
git at cupani.torproject.org
Mon May 9 18:49:24 UTC 2022
This is an automated email from the git hooks/post-receive script.
richard pushed a commit to branch master
in repository builders/tor-browser-build.
commit 830c290d102419dd3da3f168fb9931e04b200dd1
Author: Nicolas Vigier <boklm at torproject.org>
AuthorDate: Sat Apr 30 10:57:10 2022 +0200
Bug 40476: Improve linux-signer-authenticode-signing
- Automatically change to ~/$tbb_version directory
- Allow setting password with an environment variable (useful for
tor-browser-build#40476)
- Make it possible to run the script as any user, and only run the
osslsigncode command as the yubishm user
---
tools/signing/linux-signer-authenticode-signing | 28 ++++++++++++++++++-------
1 file changed, 21 insertions(+), 7 deletions(-)
diff --git a/tools/signing/linux-signer-authenticode-signing b/tools/signing/linux-signer-authenticode-signing
index 68643ee..31943af 100755
--- a/tools/signing/linux-signer-authenticode-signing
+++ b/tools/signing/linux-signer-authenticode-signing
@@ -1,20 +1,34 @@
#!/bin/bash
set -e
-export YUBIHSM_PKCS11_CONF=~/yubihsm_pkcs11.conf
+script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+source "$script_dir/functions"
-read -sp "Enter passphrase: " pass
+cd ~/"$tbb_version"
+
+test -n "${YUBIPASS:-}" || read -s -p "Authenticode (yubihsm) password:" YUBIPASS
echo
+
+tmpdir=$(mktemp -d)
+chgrp yubihsm "$tmpdir"
+chmod g+rwx "$tmpdir"
+
+cwd=$(pwd)
for i in `find . -name "*.exe" -print`
do
- /home/yubihsm/osslsigncode/osslsigncode \
+ echo "Signing $i"
+ echo export 'YUBIHSM_PKCS11_CONF=~/yubihsm_pkcs11.conf' \; \
+ /home/yubihsm/osslsigncode/osslsigncode \
-pkcs11engine /usr/lib/engines/engine_pkcs11.so \
-pkcs11module /usr/local/lib/yubihsm_pkcs11.so \
- -pass "$pass" \
+ -pass "'$YUBIPASS'" \
-h sha256 \
-certs /home/yubihsm/tpo-cert.crt \
-key 1c40 \
- $i $i-signed
+ "$cwd/$i" "$tmpdir/$i" \
+ | sudo su - yubihsm
+ mv -vf "$tmpdir/$i" "$cwd/$i"
done
-unset pass
-rename -f 's/-signed//' *-signed
+
+unset YUBIPASS
+rmdir "$tmpdir"
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the tbb-commits
mailing list