zoukankan      html  css  js  c++  java
  • [BuildRelease]数字签名digital sign

    Digital signing is to confirm the software author and guarantee that the binaries have not been altered or corrupted after they are released.

    Digital signing don’t not impact the function of the binaries. Digital signing can be checked by right-click -> property - > digital signatures:

    As I understand, we should sign all binaries which are generated by us. For 3rd party binaries the providers should sign them.

    python脚本:

    import optparse
    import sys
    import subprocess
    import os
    import time
    import stat


    # ---------------------------------------------------------------------------- #
    SIGNTOOL = r'C:\Program Files\Microsoft SDKs\Windows\v6.0A\bin\signtool.exe'
    USAGE 
    = "usage: %prog [options] keyfile password|dummy"
    TIME_SERVER 
    = r'http://timestamp.verisign.com/scripts/timstamp.dll' 
    # ---------------------------------------------------------------------------- #


    def main():

        p 
    = optparse.OptionParser(
            description
    ="Digitally signs a list of files",
            prog
    ='signer',
            version
    ='%prog 0.0.1',
            usage
    =USAGE
            )

        p.add_option(
    '-t','--timestamp',action='store',type="string",
            dest
    ='time_server')
        p.add_option(
    '-s','--signfile',action='store',type="string",
            dest
    ='sign_file')
        p.add_option(
    '-r','--root',action='store',type="string",
            dest
    ='root')
        p.add_option(
    '-p','--passfile',action='store',type="string",
            dest
    ='passfile')

        options, arguments 
    = p.parse_args()
        
    if len(arguments) != 2:
            p.error(
    "not enough arguments => add dummy password if using a passfile")

        
    if options.sign_file:
            sign_file 
    = options.sign_file
        
    else:
            sign_file 
    = "signme.txt"

        
    if options.root:
            path 
    = options.root
        
    else:
            path 
    = os.getcwd()
            
        
    if options.time_server:
            time_server 
    = options.time_server
        
    else:
            time_server 
    = TIME_SERVER        

        key 
    = arguments[0]
        password 
    = arguments[1]

        
    if options.passfile:
            fd 
    = open(options.passfile)
            password 
    = fd.read().strip()
            fd.close()


        ret 
    = process_files(path,sign_file,key,password,time_server)
        
    if ret != 0:
            sys.stderr.write(
    "Something went wrong during the signing process.\n")
        sys.exit(ret)


    def get_files(top_level):
        
    for root, dirs, files in os.walk(top_level):
            
    for name in files:
                
    yield os.path.abspath(os.path.join(root, name))

    def sign(key,password,time_server,path):
        params 
    = [SIGNTOOL, r'sign', r'/f', key, r'/p', password,
            r
    '/v', r'/t', time_server, path]
        cmd 
    = subprocess.list2cmdline(params)
        
    return subprocess.call(cmd)

    def load_endings(string_list):
        endings 
    = set()
        
    for file_ in file(string_list).readlines():
            pattern 
    = file_.strip()
            
    if pattern != "":
                endings.add(pattern)
        
    return endings


    def process_files(top_level,string_list,key,password,time_server):
        file_endings 
    = load_endings(string_list)
        ret 
    = 0
        
    for path in get_files(top_level):
            
    for ending in file_endings:
                
    if path.endswith(ending):
                    
    if not os.access(path,os.W_OK):
                        os.chmod(path,stat.S_IWRITE)
                    ret 
    = sign(key,password,time_server,path)
                    
    if ret != 0:
                        
    return ret
        
    return ret



    if __name__ == "__main__":
        main()

    使用:

    python signer.py -r c:\masterroot -s signme.txt mypfx.pfx pfxpassword

    signme.txt 包含要sign的dll和exe的名字,也可以如下:

    .exe

    .dll

    完!


    作者:iTech
    微信公众号: cicdops
    出处:http://itech.cnblogs.com/
    github:https://github.com/cicdops/cicdops

  • 相关阅读:
    Cocos2d-x 3.0 事件系统【转】
    cocos2d-x中false,setSwallowTouches,stopPropagation的区别
    类成员函数指针 ->*语法剖析
    cocos2d-lua 3.5 ios搭建步骤
    cocos2d-lua 3.5 android搭建步骤
    cocos2d-lua 3.5 android搭建常见错误
    结构体
    乒乓球(0)<P2003_1>
    不高兴的津津(0)<P2004_1>
    陶陶摘苹果(0)<P2005_1>
  • 原文地址:https://www.cnblogs.com/itech/p/1904256.html
Copyright © 2011-2022 走看看