Mercurial > trustbridge > trustbridge
changeset 783:e65e2a0be7c8
Merged
| author | Sascha Wilde <wilde@intevation.de> |
|---|---|
| date | Mon, 14 Jul 2014 12:48:46 +0200 |
| parents | 60d3f59f0803 (diff) 20ca94680003 (current diff) |
| children | d92264e9e08f |
| files | ui/mainwindow.cpp |
| diffstat | 13 files changed, 176 insertions(+), 123 deletions(-) [+] |
line wrap: on
line diff
--- a/INSTALL Mon Jul 14 12:46:47 2014 +0200 +++ b/INSTALL Mon Jul 14 12:48:46 2014 +0200 @@ -13,17 +13,17 @@ export YOURPREFIX=<Prefix of your choice (default /usr)> export PATH=$YOURPREFIX/bin:$PATH - curl https://download.qt-project.org/official_releases/qt/5.3/5.3.0/single/qt-everywhere-opensource-src-5.3.0.tar.xz.mirrorlist | grep SHA-256 - -e6f47e69a5ce707452dd4bad1fd1919201a71e88be1b06afe1d302a3935daf1f + curl https://download.qt-project.org/official_releases/qt/5.3/5.3.1/single/qt-everywhere-opensource-src-5.3.1.tar.xz.mirrorlist | grep SHA-256 - http://qt-mirror.dannhauer.de/official_releases/qt/5.3/5.3.0/single/qt-everywhere-opensource-src-5.3.0.tar.xz +29d2ab3b1aef87e2dd806b278802e357274016475a513341348040468bf233ac - sha256sum qt-everywhere-opensource-src-5.3.0.tar.xz + http://qt-mirror.dannhauer.de/official_releases/qt/5.3/5.3.1/single/qt-everywhere-opensource-src-5.3.1.tar.xz - tar -xvmlf qt-everywhere-opensource-src-5.3.0.tar.xz + sha256sum qt-everywhere-opensource-src-5.3.1.tar.xz - cd qt-everywhere-opensource-src-5.3.0/qtbase + tar -xf qt-everywhere-opensource-src-5.3.1.tar.xz + + cd qt-everywhere-opensource-src-5.3.1/qtbase build dependencies have to to be installed at this point, see ../qtbase/src/plugins/platforms/xcb/README @@ -32,14 +32,14 @@ -opensource \ -release -nomake tests -nomake examples -confirm-license \ -static -no-cups -no-nis -no-icu -fontconfig \ - -no-directfb -opengl desktop -no-kms -no-eglfs -no-egl -no-openssl -no-glib \ - -system-libpng -qpa xcb -xcb -no-nis -no-libjpeg -no-gif - nice make -j8 + -no-directfb -no-opengl -no-kms -no-eglfs -no-egl -no-openssl -no-glib \ + -system-libpng -qpa xcb -xcb -no-nis -no-libjpeg -no-gif && \ + nice make && \ make install - cd qttools/src/designer/uitools - qmake - nice make -j8 + cd qttools/src/designer/uitools && \ + qmake && \ + nice make -j8 && \ make install cd qttools/src/linguist
--- a/common/binverify.c Mon Jul 14 12:46:47 2014 +0200 +++ b/common/binverify.c Mon Jul 14 12:48:46 2014 +0200 @@ -10,7 +10,6 @@ #include "strhelp.h" #include "logging.h" - #ifdef RELEASE_BUILD #include "pubkey-release.h" #else @@ -232,6 +231,8 @@ #include <polarssl/pk.h> #include <polarssl/base64.h> #include <polarssl/sha256.h> +#include <polarssl/error.h> +#include <polarssl/x509_crt.h> #pragma GCC diagnostic pop bin_verify_result @@ -247,7 +248,7 @@ hash[32]; bin_verify_result retval = VerifyUnknownError; - pk_context pub_key_ctx; + x509_crt codesign_cert; if (strnlen(filename, name_len + 1) != name_len || name_len == 0) { @@ -264,24 +265,24 @@ } /* Fetch the signature from the end of data */ - if (data_size < sig_b64_size + 4) + if (data_size < sig_b64_size + 5) { ERRORPRINTF ("File to small to contain a signature.\n"); retval = VerifyInvalidSignature; goto done; } - if (data[data_size - sig_b64_size - 1] != ':' || - data[data_size - sig_b64_size - 2] != 'S' || - data[data_size - sig_b64_size - 3] != '\n'|| - data[data_size - sig_b64_size - 4] != '\r') + if (data[data_size - sig_b64_size - 2] != ':' || + data[data_size - sig_b64_size - 3] != 'S' || + data[data_size - sig_b64_size - 4] != '\n'|| + data[data_size - sig_b64_size - 5] != '\r') { ERRORPRINTF ("Failed to find valid signature line.\n"); retval = VerifyInvalidSignature; goto done; } - strncpy(signature_b64, data - sig_b64_size, sig_b64_size); + strncpy(signature_b64, data + (data_size - sig_b64_size - 1), sig_b64_size); signature_b64[sig_b64_size] = '\0'; ret = base64_decode(signature, &sig_size, @@ -289,33 +290,45 @@ if (ret != 0 || sig_size != TRUSTBRIDGE_RSA_KEY_SIZE / 8) { + ERRORPRINTF ("Base 64 decode failed with error: %i\n", ret); goto done; } /* Hash is calculated over the data without the signature at the end. */ - sha256((unsigned char *)data, data_size - sig_b64_size - 4, hash, 0); + sha256((unsigned char *)data, data_size - sig_b64_size - 5, hash, 0); - pk_init(&pub_key_ctx); + x509_crt_init(&codesign_cert); - ret = pk_parse_public_key(&pub_key_ctx, public_key_codesign_pem, - public_key_codesign_pem_size); + /* Parse the pinned certificate */ + ret = x509_crt_parse(&codesign_cert, + public_key_codesign_pem, + public_key_codesign_pem_size); if (ret != 0) { - ERRORPRINTF ("pk_parse_public_key failed with -0x%04x\n\n", -ret); - pk_free(&pub_key_ctx); + char errbuf[1020]; + polarssl_strerror(ret, errbuf, 1020); + errbuf[1019] = '\0'; /* Just to be sure */ + ERRORPRINTF ("x509_crt_parse failed with -0x%04x\n%s\n", -ret, errbuf); + x509_crt_free(&codesign_cert); return VerifyUnknownError; } - ret = pk_verify(&pub_key_ctx, POLARSSL_MD_SHA256, hash, 0, + ret = pk_verify(&codesign_cert.pk, POLARSSL_MD_SHA256, hash, 0, signature, sig_size); if (ret != 0) { - ERRORPRINTF ("pk_verify failed with -0x%04x\n\n", -ret); + char errbuf[1020]; + polarssl_strerror(ret, errbuf, 1020); + errbuf[1019] = '\0'; /* Just to be sure */ + ERRORPRINTF ("pk_verify failed with -0x%04x\n %s\n", -ret, errbuf); + x509_crt_free(&codesign_cert); + retval = VerifyInvalidSignature; + goto done; } - pk_free(&pub_key_ctx); + x509_crt_free(&codesign_cert); - return VerifyValid; + retval = VerifyValid; done: xfree (data);
--- a/common/binverify.h Mon Jul 14 12:46:47 2014 +0200 +++ b/common/binverify.h Mon Jul 14 12:48:46 2014 +0200 @@ -43,10 +43,12 @@ * embedded PKCS 7 "authenticode" signatures embedded into the * file. * - * On Linux the last pattern of \r\nS: (0x0d0a533A) is looked up and - * afterwards a 3072 Bit Base64 encoded RSA signature is expected. + * On Linux the file is epxected to and with the pattern of + * \r\nS: (0x0d0a533A) followed by a 3072 Bit Base64 encoded RSA + * signature. * The signature is verified against the built in codesigning key in * the same certificate that is used for windows verification. + * If the pattern is not found the verification fails. * * @param[in] filename absolute null terminated UTF-8 encoded path to the file. * @param[in] name_len length of the filename.
--- a/packaging/linux-installer.inc.in Mon Jul 14 12:46:47 2014 +0200 +++ b/packaging/linux-installer.inc.in Mon Jul 14 12:48:46 2014 +0200 @@ -66,7 +66,7 @@ -f, --force install to given prefix, even when a current installation with different prefix exists. -d, --deinstall deinstall files from current installation - -s, --system=PATH make an system wide (de)installation + -s, --system=PATH create a system wide (de)installation --help display this help and exit --version output version information and exit EOF @@ -265,12 +265,21 @@ echo "Removing configuration files:" rm_files "${tbcfg_files[@]}" rm_empty_dirs "$instcfg_path" + + echo "Removing TrustBridge from autostart" + if [ "${SUDO_USER+X}" ] ; then + homedir=$(getent passwd "${SUDO_USER}" | cut -d ':' -f 6) + rm_files "${homedir}/.config/autostart/tustbridge.desktop" + else + config_home=${XDG_CONFIG_HOME:-~/.config} + rm_files "${config_home}/autostart/tustbridge.desktop" + fi } deinstall() { if [ "${oldinstcfg[PREFIX]}" ] ; then - echo "Really deinstall TrustBridge from '${oldinstcfg[PREFIX]}'?" + echo "Really deinstall TrustBridge from '${oldinstcfg[PREFIX]}'? [y/n]" yorn || exit 0 deinstall_certs local deinstdir="${oldinstcfg[PREFIX]}/bin" @@ -288,6 +297,41 @@ fi } +write_autostart() +{ + cat > "$1" << EOF +[Desktop Entry] +Type=Application +Name=TrustBridge +Exec="${instcfg[PREFIX]}/bin/trustbridge" --tray +EOF + chown "${SUDO_USER:-${USER}}" "$1" + chmod 700 "$1" +} + +setup_autostart() +{ + # Supported desktop environments: Unity, GNOME, XFCE, LXDE, KDE + + if [ $SYSINST -eq 1 -a "${SUDO_USER+X}" ] ; then + homedir=$(getent passwd "${SUDO_USER}" | cut -d ':' -f 6) + install -d "${instcfg[PREFIX]}" || fatal "Could not create '${instcfg[PREFIX]}'!" + if [ ! -d "${homedir}/.config/autostart/" ]; then + install -d "${homedir}/.config/autostart/" || \ + fatal "Failed to create autostart directory: '${homedir}/.config/autostart/'" + fi + write_autostart "${homedir}/.config/autostart/tustbridge.desktop" + # System wide installation with a nonstandard XDG_CONFIG_HOME or KDEHOME is not + # respected with regards to autostart. + else + config_home=${XDG_CONFIG_HOME:-~/.config} + if [ ! -d "${config_home}/autostart" ]; then + install -d "${config_home}/autostart" || \ + fatal "Failed to create autostart directory: '${config_home}/autostart'" + fi + write_autostart "${config_home}/autostart/tustbridge.desktop" + fi +} #====================================================================== # main() @@ -358,6 +402,9 @@ echo "Setting up cronjob ..." setup_cronjob +echo "Setting up autostart ..." +setup_autostart + echo "Writing installation configuration to: $instcfg_file ..." write_instcfg exit 0
--- a/ui/certificateitemwidget.cpp Mon Jul 14 12:46:47 2014 +0200 +++ b/ui/certificateitemwidget.cpp Mon Jul 14 12:48:46 2014 +0200 @@ -55,6 +55,10 @@ mLabel->setTextFormat(Qt::RichText); mLabel->setSizePolicy(QSizePolicy::Expanding, QSizePolicy::Expanding); + + mLabel->setTextInteractionFlags( + Qt::TextSelectableByMouse | + Qt::TextSelectableByKeyboard); mComboBox->setSizePolicy(QSizePolicy::Minimum, QSizePolicy::Minimum); connect(mComboBox, SIGNAL(currentIndexChanged(int)), this, SLOT(currentStateChanged(int)));
--- a/ui/createinstallerdialog.cpp Mon Jul 14 12:46:47 2014 +0200 +++ b/ui/createinstallerdialog.cpp Mon Jul 14 12:48:46 2014 +0200 @@ -235,7 +235,7 @@ /* Sign the linux installer */ QDir linuxDir(binDir.path() + "/linux"); if (!linuxDir.exists()) { - showErrorMessage(tr("Failed to find the directory for linux binaries: %s") + showErrorMessage(tr("Failed to find the directory for linux binaries: %1") .arg(linuxDir.path())); return; } @@ -243,12 +243,12 @@ nameFilter << "*.sh"; QStringList candidates = linuxDir.entryList(nameFilter, QDir::Files | QDir::Readable); if (candidates.isEmpty()) { - showErrorMessage(tr("Failed to find a readable *.sh file in: %s") + showErrorMessage(tr("Failed to find a readable *.sh file in: %1") .arg(linuxDir.path())); return; } if (candidates.size() > 1) { - showErrorMessage(tr("Unexpected additional .sh files in: %s") + showErrorMessage(tr("Unexpected additional .sh files in: %1") .arg(linuxDir.path())); return; }
--- a/ui/l10n/administrator_de_DE.ts Mon Jul 14 12:46:47 2014 +0200 +++ b/ui/l10n/administrator_de_DE.ts Mon Jul 14 12:48:46 2014 +0200 @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE TS> -<TS version="2.1" language="de_DE"> +<TS version="2.0" language="de_DE"> <context> <name>AboutDialog</name> <message> @@ -15,7 +15,7 @@ </message> <message> <source>TrustBridge is a secure root certificate installer for Windows and Linux.</source> - <translation type="vanished">TrustBridge ist ein sicherer Wurzelzertifikatsinstaller für Windows und Linux.</translation> + <translation>TrustBridge ist ein sicherer Wurzelzertifikatsinstaller für Windows und Linux.</translation> </message> <message> <location filename="../aboutdialog.cpp" line="53"/> @@ -130,41 +130,31 @@ </message> <message> <location filename="../administratorwindow.cpp" line="267"/> - <source>signing certificate: + <source>signing certificate: </source> - <translation type="unfinished"></translation> + <translation>Signaturzertifikat: </translation> </message> <message> <location filename="../administratorwindow.cpp" line="270"/> - <source> -new certificates: + <source> +new certificates: </source> - <translation type="unfinished"></translation> + <translation>Neue Zertifikate:</translation> </message> <message> <location filename="../administratorwindow.cpp" line="284"/> - <source>certificates marked to remove: -</source> - <translation type="unfinished"></translation> - </message> - <message> - <source>signing certificate: -</source> - <translation type="obsolete">Signiertes Zertifikat: </translation> - </message> - <message> <source>certificates marked to remove: </source> - <translation type="obsolete">Zertifikate als gelöscht markiert:</translation> + <translation>Zertifikate zum löschen markiert:</translation> </message> <message> <source>new certificates: </source> - <translation type="vanished">Neues Zertifikat:</translation> + <translation>Neues Zertifikat:</translation> </message> <message> <source>All managed root certificates of the certificate list:</source> - <translation type="vanished">Alle verwalteten Wurzelzertifikate der Zertifikatsliste:</translation> + <translation>Alle verwalteten Wurzelzertifikate der Zertifikatsliste:</translation> </message> <message> <location filename="../administratorwindow.cpp" line="104"/> @@ -193,7 +183,7 @@ </message> <message> <source>Select certificate file</source> - <translation type="vanished">Zertifikatslistendatei auswählen</translation> + <translation>Zertifikatslistendatei auswählen</translation> </message> <message> <location filename="../administratorwindow.cpp" line="171"/> @@ -253,11 +243,11 @@ </message> <message> <source>Issuer CN</source> - <translation type="vanished">Aussteller CN</translation> + <translation>Aussteller CN</translation> </message> <message> <source>Issuer O</source> - <translation type="vanished">Aussteller O</translation> + <translation>Aussteller O</translation> </message> <message> <location filename="../certificatetablemodel.cpp" line="18"/> @@ -271,7 +261,7 @@ </message> <message> <source>SHA1 Fingerprint</source> - <translation type="vanished">SHA1 Fingerabdruck</translation> + <translation>SHA1 Fingerabdruck</translation> </message> </context> <context> @@ -297,12 +287,12 @@ </message> <message> <source>Save all managed root certificates in a new, signed certificate list</source> - <translation type="vanished">Alle verwalteten Wurzelzertifikate in einer neuen, signierten Zertifikatsliste speichern</translation> + <translation>Alle verwalteten Wurzelzertifikate in einer neuen, signierten Zertifikatsliste speichern</translation> </message> <message> <source>In addition, each certificate list will be savedautomatically in the archive directory: </source> - <translation type="vanished">Zusätzlich wird jede Zertifikatsliste automatisch im folgenden Archiv-Verzeichnis gespeichert:</translation> + <translation>Zusätzlich wird jede Zertifikatsliste automatisch im folgenden Archiv-Verzeichnis gespeichert:</translation> </message> <message> <source>Sign list</source> @@ -403,7 +393,7 @@ <message> <location filename="../createcertlistdialog.cpp" line="284"/> <source>Failed to calculate key hash.</source> - <translation type="unfinished"></translation> + <translation>Fehler bei der Berechnung des Schlüsselfingerabdrucks.</translation> </message> <message> <location filename="../createcertlistdialog.cpp" line="302"/> @@ -422,15 +412,15 @@ </message> <message> <source>Create and signed a TrustBridge binary installer from source.</source> - <translation type="vanished">Ein TrustBridge-Installationspaket aus den Quellen erstellen und signieren.</translation> + <translation>Ein TrustBridge-Installationspaket aus den Quellen erstellen und signieren.</translation> </message> <message> <source>Select source archive:</source> - <translation type="vanished">Quellcode-Archiv auswählen:</translation> + <translation>Quellcode-Archiv auswählen:</translation> </message> <message> <source>Select code signing certificate (secret key):</source> - <translation type="vanished">Code Signing Zertifikat auswählen (privater Schlüssel):</translation> + <translation>Code Signing Zertifikat auswählen (privater Schlüssel):</translation> </message> <message> <location filename="../createinstallerdialog.cpp" line="74"/> @@ -519,23 +509,27 @@ </message> <message> <location filename="../createinstallerdialog.cpp" line="238"/> - <source>Failed to find the directory for linux binaries: %s</source> - <translation type="unfinished"></translation> + <source>Failed to find the directory for linux binaries: %1</source> + <translation>Verzeichnis der Linux Anwendung '%1' konnte nicht gefunden werden.</translation> </message> <message> <location filename="../createinstallerdialog.cpp" line="246"/> - <source>Failed to find a readable *.sh file in: %s</source> - <translation type="unfinished"></translation> + <source>Failed to find a readable *.sh file in: %1</source> + <translation>Keine lesbare *.sh Datei in '%1' gefunden.</translation> </message> <message> <location filename="../createinstallerdialog.cpp" line="251"/> - <source>Unexpected additional .sh files in: %s</source> - <translation type="unfinished"></translation> + <source>Unexpected additional .sh files in: %1</source> + <translation>Mehrere .sh Dateien in: %1</translation> + </message> + <message> + <source>Failed to find the directory for linux binaries: %s</source> + <translation type="obsolete">Das Verzeichnis für Linux Binärdaten %1 konnte nicht gefunden werden.</translation> </message> <message> <location filename="../createinstallerdialog.cpp" line="255"/> <source>Signing Linux package...</source> - <translation type="unfinished"></translation> + <translation>Signieren des Linux Pakets...</translation> </message> <message> <location filename="../createinstallerdialog.cpp" line="278"/> @@ -570,26 +564,26 @@ <message> <location filename="../createinstallerdialog.cpp" line="411"/> <source>Failed to load certificate: %1</source> - <translation type="unfinished">Fehler beim laden des Schlüssels: %1</translation> + <translation>Fehler beim laden des Schlüssels: %1</translation> </message> <message> <location filename="../createinstallerdialog.cpp" line="423"/> <source>Only 3072 bit RSA keys are supported by the current format.</source> - <translation type="unfinished">Nur 3027 bit RSA Schlüssel werden vom aktuellen Format unterstützt.</translation> + <translation>Nur 3072 bit RSA Schlüssel werden vom aktuellen Format unterstützt.</translation> </message> <message> <location filename="../createinstallerdialog.cpp" line="429"/> <source>Failed to open input file: %1</source> - <translation type="unfinished"></translation> + <translation>Fehler beim öffnen der Datei: %1</translation> </message> <message> <location filename="../createinstallerdialog.cpp" line="438"/> <source>Failed to read input file: %1</source> - <translation type="unfinished"></translation> + <translation>Fehler beim lesen der Datei: %1</translation> </message> <message> <source>Select source archive</source> - <translation type="vanished">Archiv auswählen</translation> + <translation>Archiv auswählen</translation> </message> <message> <location filename="../createinstallerdialog.cpp" line="170"/> @@ -601,12 +595,12 @@ <name>FinishedDialog</name> <message> <source>Success!</source> - <translation type="vanished">Erfolgreich!</translation> + <translation>Erfolgreich!</translation> </message> <message> <location filename="../createinstallerdialog.cpp" line="474"/> <source>Successfully created installation package</source> - <translation type="unfinished"></translation> + <translation>Installationspaket erfolgreich erstellt.</translation> </message> <message> <location filename="../createinstallerdialog.cpp" line="478"/> @@ -628,7 +622,7 @@ <name>QObject</name> <message> <source>Failed to parse certificate</source> - <translation type="vanished">Fehler beim Parsen des Zertifikats</translation> + <translation>Fehler beim Parsen des Zertifikats</translation> </message> </context> </TS>
--- a/ui/l10n/trustbridge_de_DE.ts Mon Jul 14 12:46:47 2014 +0200 +++ b/ui/l10n/trustbridge_de_DE.ts Mon Jul 14 12:48:46 2014 +0200 @@ -52,21 +52,21 @@ <message> <location filename="../certificateitemwidget.cpp" line="48"/> <source>Valid: %1 until %2</source> - <translation type="unfinished"></translation> + <translation>Gültig von: %1 bis %2</translation> </message> <message> <location filename="../certificateitemwidget.cpp" line="51"/> <source>Fingerprint (SHA1): &lt;%1&gt;</source> - <translation type="unfinished"></translation> + <translation>Fingerabdruck (SHA1): &lt;%1&gt; </translation> </message> <message> - <location filename="../certificateitemwidget.cpp" line="82"/> - <location filename="../certificateitemwidget.cpp" line="104"/> + <location filename="../certificateitemwidget.cpp" line="86"/> + <location filename="../certificateitemwidget.cpp" line="108"/> <source>uninstall</source> <translation>Deinstallieren</translation> </message> <message> - <location filename="../certificateitemwidget.cpp" line="83"/> + <location filename="../certificateitemwidget.cpp" line="87"/> <source>keep</source> <translation>Behalten</translation> </message> @@ -187,22 +187,22 @@ <message> <location filename="../mainwindow.cpp" line="519"/> <source>Installed certificates from:</source> - <translation type="unfinished"></translation> + <translation>Installierte Zertifikate vom:</translation> </message> <message> <location filename="../mainwindow.cpp" line="524"/> <source>TrustBridge Version:</source> - <translation type="unfinished"></translation> + <translation>TrustBridge Version:</translation> + </message> + <message> + <source>Last sucessful update check:</source> + <translation type="vanished">Zuletzt nach Aktualisierungen gesucht:</translation> </message> <message> <location filename="../mainwindow.cpp" line="530"/> - <source>Last sucessful update check:</source> - <translation type="unfinished"></translation> - </message> - <message> <location filename="../mainwindow.cpp" line="533"/> <source>Last successful update check:</source> - <translation type="unfinished"></translation> + <translation>Zuletzt nach Aktualisierungen gesucht:</translation> </message> <message> <location filename="../mainwindow.cpp" line="788"/>
--- a/ui/mainwindow.cpp Mon Jul 14 12:46:47 2014 +0200 +++ b/ui/mainwindow.cpp Mon Jul 14 12:48:46 2014 +0200 @@ -527,7 +527,7 @@ if (lastCheck.isValid()) { const QString lastUpdateCheck = QLocale::system().toString(lastCheck, DATETIME_FORMAT); mLastUpdateCheck = - new QLabel(tr("Last sucessful update check:")); + new QLabel(tr("Last successful update check:")); mLastUpdateCheckContents = new QLabel(lastUpdateCheck); } else { mLastUpdateCheck = new QLabel(tr("Last successful update check:"));
--- a/ui/tests/CMakeLists.txt Mon Jul 14 12:46:47 2014 +0200 +++ b/ui/tests/CMakeLists.txt Mon Jul 14 12:48:46 2014 +0200 @@ -121,31 +121,19 @@ COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/append-sig.sh ${CMAKE_CURRENT_SOURCE_DIR}/data/codesign/codesigning.key ${CMAKE_CURRENT_BINARY_DIR}/fakeinst ${CMAKE_CURRENT_BINARY_DIR}/fakeinst-signed ) -# add_custom_command( -# TARGET binverifytest -# POST_BUILD -# COMMAND ${OSSLSIGNCODE_EXECUTABLE} sign -certs ${CMAKE_CURRENT_SOURCE_DIR}/data/codesign/codesigning.pem -# -key ${CMAKE_CURRENT_SOURCE_DIR}/data/codesign/codesigning-other.key -# -h sha256 -in ${CMAKE_CURRENT_BINARY_DIR}/fakeinst.exe -# -out ${CMAKE_CURRENT_BINARY_DIR}/fakeinst-other-key.exe -# ) -# add_custom_command( -# TARGET binverifytest -# POST_BUILD -# COMMAND ${OSSLSIGNCODE_EXECUTABLE} sign -certs ${CMAKE_CURRENT_SOURCE_DIR}/data/codesign/codesigning-other.pem -# -key ${CMAKE_CURRENT_SOURCE_DIR}/data/codesign/codesigning-other.key -# -h sha256 -in ${CMAKE_CURRENT_BINARY_DIR}/fakeinst.exe -# -out ${CMAKE_CURRENT_BINARY_DIR}/fakeinst-other-cert.exe -# ) -# add_custom_command( -# TARGET binverifytest -# POST_BUILD -# COMMAND ${OSSLSIGNCODE_EXECUTABLE} sign -certs ${CMAKE_CURRENT_SOURCE_DIR}/data/codesign/codesigning.pem -# -key ${CMAKE_CURRENT_SOURCE_DIR}/data/codesign/codesigning.key -# -h sha256 -in ${CMAKE_CURRENT_BINARY_DIR}/fakeinst.exe -# -out ${CMAKE_CURRENT_BINARY_DIR}/fakeinst-invalid.exe && -# ${CMAKE_STRIP} ${CMAKE_CURRENT_BINARY_DIR}/fakeinst-invalid.exe -# ) + add_custom_command( + TARGET binverifytest + POST_BUILD + COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/append-sig.sh ${CMAKE_CURRENT_SOURCE_DIR}/data/codesign/codesigning-other.key + ${CMAKE_CURRENT_BINARY_DIR}/fakeinst ${CMAKE_CURRENT_BINARY_DIR}/fakeinst-other-key + ) + add_custom_command( + TARGET binverifytest + POST_BUILD + COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/append-sig.sh ${CMAKE_CURRENT_SOURCE_DIR}/data/codesign/codesigning.key + ${CMAKE_CURRENT_BINARY_DIR}/fakeinst ${CMAKE_CURRENT_BINARY_DIR}/fakeinst-invalid && + sed -i s/Fakeinstaller/Bakeinstaller/g ${CMAKE_CURRENT_BINARY_DIR}/fakeinst-invalid + ) endif() endif ()
--- a/ui/tests/append-sig.sh Mon Jul 14 12:46:47 2014 +0200 +++ b/ui/tests/append-sig.sh Mon Jul 14 12:48:46 2014 +0200 @@ -1,3 +1,3 @@ #!/bin/bash cp $2 $3 -echo \\r\\nS:$(openssl dgst -sha256 -sign $1 < $2 | base64 -w0) >> $3 +echo -e \\r\\nS:$(openssl dgst -sha256 -sign $1 < $2 | base64 -w0) >> $3
--- a/ui/tests/binverifytest.cpp Mon Jul 14 12:46:47 2014 +0200 +++ b/ui/tests/binverifytest.cpp Mon Jul 14 12:48:46 2014 +0200 @@ -47,12 +47,15 @@ strlen("fakeinst-invalid" EXE_SUFFIX))); } -/* Check that a signature with a different (valid) certificate is not validated */ +#ifdef Q_OS_WIN +/* Check that a signature with a different (valid) certificate is not validated + * on Linux only the key is checked not the certificate */ void BinVerifyTest::testOtherCert() { QVERIFY(VerifyInvalidCertificate == verify_binary ("fakeinst-other-cert" EXE_SUFFIX, strlen("fakeinst-other-cert" EXE_SUFFIX))); } +#endif /* Check that no signature is not validated */ void BinVerifyTest::testNoSignature()