[BuildRelease]数字签名digital sign

zoukankan html css js c++ java

[BuildRelease]数字签名digital sign

Digital signing is to confirm the software author and guarantee that the binaries have not been altered or corrupted after they are released.

Digital signing don’t not impact the function of the binaries. Digital signing can be checked by right-click -> property - > digital signatures:

As I understand, we should sign all binaries which are generated by us. For 3^rd party binaries the providers should sign them.

python脚本：

import optparse
import sys
import subprocess
import os
import time
import stat

# ---------------------------------------------------------------------------- #
SIGNTOOL = r'C:\Program Files\Microsoft SDKs\Windows\v6.0A\bin\signtool.exe'
USAGE = "usage: %prog [options] keyfile password|dummy"
TIME_SERVER = r'http://timestamp.verisign.com/scripts/timstamp.dll'
# ---------------------------------------------------------------------------- #

def main():

    p = optparse.OptionParser(
        description="Digitally signs a list of files",
        prog='signer',
        version='%prog 0.0.1',
        usage=USAGE
        )

    p.add_option('-t','--timestamp',action='store',type="string",
        dest='time_server')
    p.add_option('-s','--signfile',action='store',type="string",
        dest='sign_file')
    p.add_option('-r','--root',action='store',type="string",
        dest='root')
    p.add_option('-p','--passfile',action='store',type="string",
        dest='passfile')

    options, arguments = p.parse_args()
    if len(arguments) != 2:
        p.error("not enough arguments => add dummy password if using a passfile")

    if options.sign_file:
        sign_file = options.sign_file
    else:
        sign_file = "signme.txt"

    if options.root:
        path = options.root
    else:
        path = os.getcwd()

    if options.time_server:
        time_server = options.time_server
    else:
        time_server = TIME_SERVER

    key = arguments[0]
    password = arguments[1]

    if options.passfile:
        fd = open(options.passfile)
        password = fd.read().strip()
        fd.close()

    ret = process_files(path,sign_file,key,password,time_server)
    if ret != 0:
        sys.stderr.write("Something went wrong during the signing process.\n")
    sys.exit(ret)

def get_files(top_level):
    for root, dirs, files in os.walk(top_level):
        for name in files:
            yield os.path.abspath(os.path.join(root, name))

def sign(key,password,time_server,path):
    params = [SIGNTOOL, r'sign', r'/f', key, r'/p', password,
        r'/v', r'/t', time_server, path]
    cmd = subprocess.list2cmdline(params)
    return subprocess.call(cmd)

def load_endings(string_list):
    endings = set()
    for file_ in file(string_list).readlines():
        pattern = file_.strip()
        if pattern != "":
            endings.add(pattern)
    return endings

def process_files(top_level,string_list,key,password,time_server):
    file_endings = load_endings(string_list)
    ret = 0
    for path in get_files(top_level):
        for ending in file_endings:
            if path.endswith(ending):
                if not os.access(path,os.W_OK):
                    os.chmod(path,stat.S_IWRITE)
                ret = sign(key,password,time_server,path)
                if ret != 0:
                    return ret
    return ret

if __name__ == "__main__":
    main()

使用：

python signer.py -r c:\masterroot -s signme.txt mypfx.pfx pfxpassword

signme.txt 包含要sign的dll和exe的名字，也可以如下：

.exe

.dll

完！

作者：iTech
微信公众号: cicdops
出处：http://itech.cnblogs.com/
github：https://github.com/cicdops/cicdops

查看全文

相关阅读:
MSSQL存储过程也玩“递归”
呼之欲出 WebMail 开发手记（二）数据库与软件设计分析
 PageRequestManagerServerError
呼之欲出 WebMail 开发手记（七）邮件发送
 呼之欲出 WebMail 开发手记（四）邮件收发准备
 呼之欲出 WebMail 开发手记（六）邮件收取
 增强 GridView 控件的功能 (二)
VS.NET 2003 制作安装部署程序时遇到的问题
 android手机定位
 网络错误的基本处理

原文地址：https://www.cnblogs.com/itech/p/1904256.html