aboutsummaryrefslogtreecommitdiffstats
path: root/build-aux/speedo.mk
diff options
context:
space:
mode:
Diffstat (limited to 'build-aux/speedo.mk')
-rw-r--r--build-aux/speedo.mk20
1 files changed, 20 insertions, 0 deletions
diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk
index d050457e6..94e663123 100644
--- a/build-aux/speedo.mk
+++ b/build-aux/speedo.mk
@@ -243,6 +243,9 @@ $(eval $(call READ_AUTOGEN_template,AUTHENTICODE_SIGNHOST))
$(eval $(call READ_AUTOGEN_template,AUTHENTICODE_TOOL))
$(eval $(call READ_AUTOGEN_template,AUTHENTICODE_KEY))
$(eval $(call READ_AUTOGEN_template,AUTHENTICODE_CERTS))
+$(eval $(call READ_AUTOGEN_template,OSSLSIGNCODE))
+$(eval $(call READ_AUTOGEN_template,OSSLPKCS11ENGINE))
+$(eval $(call READ_AUTOGEN_template,SCUTEMODULE))
# All files given in AUTHENTICODE_FILES are signed before
# they are put into the installer.
@@ -1431,6 +1434,15 @@ define AUTHENTICODE_sign
/fd sha256 /du https://gnupg.org a.exe ;\
scp "$(AUTHENTICODE_SIGNHOST):a.exe" $(2);\
echo "speedo: signed file is '$(2)'" ;\
+ elif [ "$(AUTHENTICODE_KEY)" = card ]; then \
+ echo "speedo: Signing using a card";\
+ $(OSSLSIGNCODE) sign \
+ -pkcs11engine $(OSSLPKCS11ENGINE) \
+ -pkcs11module $(SCUTEMODULE) \
+ -certs $(AUTHENTICODE_CERTS) \
+ -h sha256 -n GnuPG -i https://gnupg.org \
+ -ts http://rfc3161timestamp.globalsign.com/advanced \
+ -in $(1) -out $(2).tmp ; mv $(2).tmp $(2) ; \
elif [ -e "$(AUTHENTICODE_KEY)" ]; then \
echo "speedo: Signing using key $(AUTHENTICODE_KEY)";\
osslsigncode sign -certs $(AUTHENTICODE_CERTS) \
@@ -1443,6 +1455,14 @@ define AUTHENTICODE_sign
fi
endef
+# Help target for testing to sign a file.
+# Usage: make -f speedo.mk test-authenticode-sign TARGETOS=w32 FILE=foo.exe
+test-authenticode-sign:
+ (set -e; \
+ echo "Test signining of $(FILE)" ; \
+ $(call AUTHENTICODE_sign,"$(FILE)","$(FILE)");\
+ )
+
# Build the installer from the source tarball.
installer-from-source: dist-source
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 17:54:54 +0000