aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2019-04-25 08:17:28 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2019-04-25 08:42:44 +0200
commitdf72b4a9a12ddecf07a8450b2b854ff39b2406ce (patch)
treef003c77154fe15d73b5f9212571b5e005c94dd8d
parentui: simpler wireguard window name (diff)
downloadwireguard-windows-df72b4a9a12ddecf07a8450b2b854ff39b2406ce.tar.xz
wireguard-windows-df72b4a9a12ddecf07a8450b2b854ff39b2406ce.zip
build: improve signature and version situation
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat
-rw-r--r--README.md9
-rw-r--r--build.bat12
-rw-r--r--installer/build.bat20
3 files changed, 32 insertions, 9 deletions
diff --git a/README.md b/README.md
index ca9c35ce..9b020b63 100644
--- a/README.md
+++ b/README.md
@@ -36,3 +36,12 @@ After you've built the application, run `wireguard.exe` to install the manager s
```
C:\Projects\wireguard-windows> wireguard
```
+
+### Signing Binaries
+
+Add a file called `sign.bat` in the root of this repository with these contents, or similar:
+
+```
+set SigningCertificate=DF98E075A012ED8C86FBCF14854B8F9555CB3D45
+set TimestampServer=http://timestamp.digicert.com
+```
diff --git a/build.bat b/build.bat
index 4c65f803..f8a43b54 100644
--- a/build.bat
+++ b/build.bat
@@ -1,4 +1,7 @@
@echo off
+rem SPDX-License-Identifier: MIT
+rem Copyright (C) 2019 WireGuard LLC. All Rights Reserved.
+
set STARTDIR=%cd%
set OLDPATH=%PATH%
@@ -38,6 +41,15 @@ if exist .deps\prepared goto :build
windres.exe -i resources.rc -o resources.syso -O coff || goto :error
echo [+] Building program
go build -ldflags="-H windowsgui -s -w" -v -o wireguard.exe || goto :error
+
+:sign
+ if exist .\sign.bat call .\sign.bat
+ if "%SigningCertificate%"=="" goto :success
+ if "%TimestampServer%"=="" goto :success
+ echo [+] Signing
+ signtool.exe sign /sha1 "%SigningCertificate%" /fd sha256 /tr "%TimestampServer%" /td sha256 /d WireGuard wireguard.exe || goto :error
+
+:success
echo [+] Success. Launch wireguard.exe.
:out
diff --git a/installer/build.bat b/installer/build.bat
index 36760291..3842e411 100644
--- a/installer/build.bat
+++ b/installer/build.bat
@@ -1,8 +1,9 @@
@echo off
-rem SPDX-License-Identifier: GPL-2.0
-rem (C) 2019 WireGuard LLC. All Rights Reserved.
+rem SPDX-License-Identifier: MIT
+rem Copyright (C) 2019 WireGuard LLC. All Rights Reserved.
-set WIREGUARD_VERSION=0.1
+for /f "tokens=3" %%a in ('findstr /r "[0-9.]*" ..\version.h') do set WIREGUARD_VERSION=%%a
+set WIREGUARD_VERSION=%WIREGUARD_VERSION:"=%
set STARTDIR=%cd%
set OLDWIX=%WIX%
@@ -22,10 +23,10 @@ if exist .deps\prepared goto :build
rem curl -#fo wintun-x86.msm https://www.wintun.net/builds/wintun-x86-0.1.msm || goto :error
rem echo [+] Verifying wintun-x86
rem for /f %%a in ('CertUtil -hashfile wintun-x86.msm SHA256 ^| findstr /r "^[0-9a-f]*$"') do if not "%%a"=="5390762183e181804b28eb13815b6210f85a1280057b815f749b06768215f817" goto :error
- rem echo [+] Downloading wintun-amd64
- rem curl -#fo wintun-amd64.msm https://www.wintun.net/builds/wintun-amd64-0.1.msm || goto :error
- rem echo [+] Verifying wintun-amd64
- rem for /f %%a in ('CertUtil -hashfile wintun-amd64.msm SHA256 ^| findstr /r "^[0-9a-f]*$"') do if not "%%a"=="5390762183e181804b28eb13815b6210f85a1280057b815f749b06768215f817" goto :error
+ echo [+] Downloading wintun-amd64
+ curl -#fo wintun-amd64.msm https://www.wintun.net/builds/wintun-amd64-0.1.msm || goto :error
+ echo [+] Verifying wintun-amd64
+ for /f %%a in ('CertUtil -hashfile wintun-amd64.msm SHA256 ^| findstr /r "^[0-9a-f]*$"') do if not "%%a"=="850b8e76ced2b1bbbfd601b04726b6e491d14b583694d139855c1d337ee48590" goto :error
echo [+] Extracting wix-binaries
mkdir wix\bin || goto :error
tar -xf wix-binaries.zip -C wix\bin || goto :error
@@ -38,10 +39,11 @@ if exist .deps\prepared goto :build
set WIX=%STARTDIR%\.deps\wix\
call :msi x86 x86 || goto :error
call :msi amd64 x64 || goto :error
+ if exist ..\sign.bat call ..\sign.bat
if "%SigningCertificate%"=="" goto :build_sfx
- if "%TimeStampServer%"=="" goto :build_sfx
+ if "%TimestampServer%"=="" goto :build_sfx
echo [+] Signing
- signtool.exe sign /sha1 "%SigningCertificate%" /fd sha256 /tr "%TimeStampServer%" /td sha256 /d "WireGuard Setup" "dist\wireguard-*-%WIREGUARD_VERSION%.msi" || goto :error
+ signtool.exe sign /sha1 "%SigningCertificate%" /fd sha256 /tr "%TimestampServer%" /td sha256 /d "WireGuard Setup" "dist\wireguard-*-%WIREGUARD_VERSION%.msi" || goto :error
:build_sfx
rem TODO: Build SFX bundle with all MSIs.
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.