From b75199a84d57e8af472333440f5d344acba01feb Mon Sep 17 00:00:00 2001 From: Bruce Dawson Date: Mon, 27 Mar 2017 20:32:34 -0700 Subject: [PATCH] Update packaging script to sign and create .cab The package_etw.bat script now signs UIforETW.exe and UIforETW32.exe. It then puts the .zip file in a .cab file so that the .cab file can be signed. This adds an extra step to downloading UIforETW, but should avoid Smart Screen problems and should allow greater trust. Having the two binaries that require elevation now signed is obviously a good thing. --- .gitignore | 2 ++ package_etw.bat | 11 +++++++++++ rename_to_version.py | 4 ++++ 3 files changed, 17 insertions(+) diff --git a/.gitignore b/.gitignore index 46718f05..2d264b0c 100644 --- a/.gitignore +++ b/.gitignore @@ -35,8 +35,10 @@ flamegraph.txt #Created by package_etw.bat etwpackage/ etwpackage*.zip +etwpackage*.cab etwsymbols*.zip sourceindex.txt +makeandsigncab.bat Debug/ Release/ diff --git a/package_etw.bat b/package_etw.bat index 7f6684b2..a0ae49a9 100644 --- a/package_etw.bat +++ b/package_etw.bat @@ -143,11 +143,18 @@ powershell ..\GitHub-Source-Indexer\github-sourceindexer.ps1 -symbolsFolder etws @echo %temp%\srcsrv\pdbstr -r -p:etwsymbols\UIforETWStatic_devrel32.pdb -s:srcsrv :NoSourceIndexing +@rem Sign the important (requiring elevation) binaries +set path=%path%;C:\Program Files (x86)\Windows Kits\10\bin\x64 +signtool sign /d "UIforETW" /du "https://github.com/google/UIforETW/releases" /n "Bruce Dawson" /tr http://timestamp.digicert.com /td SHA256 /fd SHA256 %~dp0bin\UIforETW.exe %~dp0bin\UIforETW32.exe +@if not %errorlevel% equ 0 goto signing_failure + del *.zip 2>nul call python make_zip_file.py etwpackage.zip etwpackage @echo on call python make_zip_file.py etwsymbols.zip etwsymbols +@echo on call python rename_to_version.py UIforETW\Version.h +call makeandsigncab.bat @echo on @echo Now upload the new etwpackage*.zip and etwsymbols*.zip @@ -178,3 +185,7 @@ call python rename_to_version.py UIforETW\Version.h :copyfailure @echo Failed to copy file. Aborting. @exit /b + +:signing_failure +@echo Failed to sign files. Aborting. +@exit /b diff --git a/rename_to_version.py b/rename_to_version.py index 0753e5c3..216bc01e 100644 --- a/rename_to_version.py +++ b/rename_to_version.py @@ -10,5 +10,9 @@ print 'Renaming zip files to version "%s"' % version os.rename('etwpackage.zip', 'etwpackage%s.zip' % version) os.rename('etwsymbols.zip', 'etwsymbols%s.zip' % version) + open('makeandsigncab.bat', 'wt').write( + 'makecab.exe etwpackage%s.zip etwpackage%s.cab\r\n' + 'signtool sign /d "UIforETW Package" /du "https://github.com/google/UIforETW/releases" /n "Bruce Dawson" /tr http://timestamp.digicert.com /td SHA256 /fd SHA256 etwpackage%s.cab\r\n' + % (version, version, version)) sys.exit(0) assert(0)