postprocess/signing/signing.pl

   1 :
   2 eval 'exec perl -wS $0 ${1+"$@"}'
   3     if 0;
   4 #
   5 # This file is part of the LibreOffice project.
   6 #
   7 # This Source Code Form is subject to the terms of the Mozilla Public
   8 # License, v. 2.0. If a copy of the MPL was not distributed with this
   9 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
  10 #
  11 # This file incorporates work covered by the following license notice:
  12 #
  13 #   Licensed to the Apache Software Foundation (ASF) under one or more
  14 #   contributor license agreements. See the NOTICE file distributed
  15 #   with this work for additional information regarding copyright
  16 #   ownership. The ASF licenses this file to you under the Apache
  17 #   License, Version 2.0 (the "License"); you may not use this file
  18 #   except in compliance with the License. You may obtain a copy of
  19 #   the License at http://www.apache.org/licenses/LICENSE-2.0 .
  20 #
  21
  22 use strict;
  23 use Getopt::Long;
  24
  25 my $debug = 0;
  26 my $max_files = 400;          # sign $max_files with one command line
  27
  28 #### globals #####
  29 my $myname      = "";
  30 my $opt_desc    = "";
  31 my $opt_exclude = "";         # file with a list of not signable dll and exe files
  32 my $opt_verbose = 0;
  33 my $opt_help    = 0;
  34 my $opt_log     = "";         # for logging
  35 my $opt_pass    = "";         # password for signing
  36 my $opt_pfxfile = "";         # Personal Information Exchange file
  37 my $opt_timestamp_url = "";   # timestamp url
  38 my %exclude_files = ();       # list of not signable dll and exe files
  39 my $signtool    = "signtool.exe sign";
  40 my @args        = ();
  41 my @files_to_sign = ();
  42
  43 #### main #####
  44 sleep(120);
  45 $myname = script_id();
  46 if ( $#ARGV < 2 ) {
  47     usage();
  48     exit(1);
  49 }
  50 @args = parse_options();
  51 get_exclude_files() if ($opt_exclude ne "");
  52 @files_to_sign = get_files(\@args);
  53 if ( $opt_log ) {               # logging
  54     open(LOG,">$opt_log") || die "Can't open log file $opt_log\n";
  55 }
  56 sign_files(\@files_to_sign);
  57 close LOG if ($opt_log);        # logging
  58 exit 0;
  59
  60
  61 #### subroutines ####
  62
  63 sub script_id
  64 {
  65     ( my $script_name = $0 ) =~ s/^.*[\\\/]([\w\.]+)$/$1/;
  66     return $script_name;
  67 }
  68
  69 ############################################################################
  70 sub parse_options       #09.07.2007 08:13
  71 ############################################################################
  72 {
  73     # e exclude list file
  74     # v verbose
  75     my $success = GetOptions('h' => \$opt_help,
  76          'd=s' => \$opt_desc, 'e=s'=>\$opt_exclude, 'f=s'=>\$opt_pfxfile, 'l=s'=>\$opt_log,
  77          'p=s'=>\$opt_pass,'v'=>\$opt_verbose, 't=s'=>\$opt_timestamp_url);
  78     if ( !$success || $opt_help ) {
  79         usage();
  80         exit(1);
  81     }
  82     return @ARGV;
  83 }   ##parse_options
  84
  85 ############################################################################
  86 sub get_exclude_files       #09.07.2007 10:12
  87 ############################################################################
  88 {
  89     if ( -e $opt_exclude ) {
  90             # get data from cache file
  91             open( IN, "<$opt_exclude") || die "Can't open exclude file $opt_exclude\n";
  92             while ( my $line = <IN> ) {
  93             chomp($line);
  94             $exclude_files{$line} = 1;          # fill hash
  95             print "$line - $exclude_files{$line}\n" if ($debug);
  96             }
  97         } else
  98         {
  99             print_error("Can't open $opt_exclude file!\n");
 100         }
 101 }   ##get_exclude_files
 102
 103 ############################################################################
 104 sub get_files       #10.07.2007 10:19
 105 ############################################################################
 106  {
 107     use File::Basename;
 108     my $target = shift;
 109     my $file_pattern;
 110     my $file;
 111     my @files = ();
 112     print "\n";
 113     foreach $file_pattern ( @$target )
 114     {
 115         print "Files: $file_pattern\n";
 116         foreach $file ( glob( $file_pattern ) )
 117         {
 118             my $lib = File::Basename::basename $file;
 119             if ( ! $exclude_files{$lib} ) {
 120                 push @files,$file;
 121             }
 122             else
 123             {
 124                 print "exclude=$lib\n" if ($opt_verbose);
 125             }
 126         }
 127     }
 128     print "\n";
 129     return @files;
 130 }   ##get_files
 131
 132 ############################################################################
 133 sub sign_files      #09.07.2007 10:36
 134 ############################################################################
 135 {
 136     my $files_to_sign = shift;
 137     my $commandline_base = ""; # contains whole stuff without the file name
 138     my $file = "";
 139     my $result = "";
 140
 141     if ( $opt_pass =~ /\.exe$/ ) {
 142         # get password by tool
 143         open(PIPE, "$opt_pass 2>&1 |") || die "Can't open PIPE!\n";
 144         my $pass = <PIPE>;
 145         close PIPE;
 146         print_error("Can't get password!\n") if ( !$pass ); # exit here
 147         $opt_pass = $pass;
 148     }
 149     $signtool .= " -v" if ($opt_verbose);
 150     $commandline_base = $signtool;
 151     $commandline_base .= " -fd sha256 -td sha256";
 152     $commandline_base .= " -f $opt_pfxfile" if ($opt_pfxfile ne "");
 153     $commandline_base .= " -p $opt_pass" if ($opt_pass ne "");
 154     $commandline_base .= " -tr $opt_timestamp_url" if ($opt_timestamp_url ne "");
 155     $commandline_base .= " -d \"$opt_desc\"" if ($opt_desc ne "");
 156
 157     # Here switch between:
 158     # one command line for multiple files (all doesn't work, too much) / for each file one command line
 159     if ( $max_files > 1 ) {
 160         exec_multi_sign($files_to_sign, $commandline_base);
 161     } else
 162     {
 163         exec_single_sign($files_to_sign, $commandline_base);
 164     }
 165 }   ##sign_files
 166
 167 ############################################################################
 168 sub exec_single_sign        #11.07.2007 09:05
 169 ############################################################################
 170 {
 171     my $files_to_sign    = shift;
 172     my $commandline_base = shift;                 # contains whole stuff without the file name
 173     my $file = "";
 174     my $commandline = "";
 175
 176     foreach $file (@$files_to_sign)
 177     {
 178         $commandline = $commandline_base . " $file";
 179         print "$commandline\n" if ($debug);
 180         execute($commandline);
 181     } #foreach
 182 }   ##exec_single_sign
 183
 184 ############################################################################
 185 sub exec_multi_sign     #11.07.2007 08:56
 186 ############################################################################
 187  {
 188     # sign multiple file with one command line
 189     my $files_to_sign    = shift;
 190     my $commandline_base = shift;                 # contains whole stuff without the file name
 191     my $commandline = $commandline_base;          # contains stuff which will be executed
 192     my $file = "";
 193     my $counter = 0;
 194
 195     foreach $file (@$files_to_sign)
 196     {
 197         $commandline .= " $file";
 198         ++$counter;
 199         if ( $counter >= $max_files ) {
 200             execute($commandline);
 201             $counter = 0;                        # reset counter
 202             $commandline = $commandline_base;    # reset command line
 203         }
 204     }
 205     execute($commandline) if ($counter > 0);
 206 }   ##exec_multi_sign
 207
 208 ############################################################################
 209 sub execute     #11.07.2007 10:02
 210 ############################################################################
 211 {
 212     my $commandline = shift;
 213     my $result = "";
 214     my $errorlines = "";
 215
 216     print "$commandline\n" if ($debug);
 217     open(PIPE, "$commandline 2>&1 |") || die "Error: Cannot execute '$commandline' - $!\n";
 218     while ( $result = <PIPE> ) {
 219         print LOG "$result" if ($opt_log);
 220         $errorlines .= $result if ($result =~ /SignTool Error\:/);
 221     } # while
 222     close PIPE;
 223     print_error( "$errorlines\n" ) if ($errorlines);
 224 }   ##execute
 225
 226 ############################################################################
 227 sub print_error     #09.07.2007 11:21
 228 ############################################################################
 229  {
 230     my $text = shift;
 231     print "ERROR: $text\n";
 232     print LOG "ERROR: $text\n" if ($opt_log);        # logging
 233     close LOG if ($opt_log);                         # logging
 234     exit(1);
 235 }   ##print_error
 236
 237 ############################################################################
 238 sub usage       #09.07.2007 08:39
 239 ############################################################################
 240  {
 241     print "Usage:\t $myname [-e filename] [-f filename] [-p password] [-t timestamp] [-l filename] [-v] <file[list]> \n";
 242     print "Options:\n";
 243     print "\t -e filename\t\t\tFile which contains a list of files which don't have to be signed.\n";
 244     print "\t -f pfx_filename\t\t\"Personal Information Exchange\" file.\n";
 245     print "\t -p password\t\t\tPassword for \"Personal Information Exchange\" file.\n";
 246     print "\t -t timestamp\t\t\tTimestamp URL e.g. \"http://timestamp.digicert.com/\"\n";
 247     print "\t -l log_filename\t\tFile for logging.\n";
 248     print "\t -v\t\t\t\tVerbose.\n";
 249 }   ##usage
 250
 251
 252
 253