LBRYFoundation/LBRY-Vault
1
0
Fork 0
mirror of https://github.com/LBRYFoundation/LBRY-Vault.git synced 2025-08-23 17:47:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

winbuilds: update README. Do not sign in unsign.sh

Browse source
This commit is contained in:
ThomasV 2018-06-30 13:22:46 +02:00
parent d467a5a8ec
commit 0119ab9ee1
2 changed files with 11 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
contrib/build-wine/README.md
View file

@ -52,15 +52,16 @@ certificate/key) and one or multiple trusted verifiers:
| Signer | Verifier | | Signer | Verifier |
|-----------------------------------------------------------|-----------------------------------| |-----------------------------------------------------------|-----------------------------------|
| Build .exe files using `build.sh` | | | Build .exe files using `build.sh` | |
| Sign .exe with `./sign.sh` | |
| Upload signed files to download server | |
| | Build .exe files using `build.sh` | | | Build .exe files using `build.sh` |
| | Sign .exe files using `gpg -b` | | | Compare files using `unsign.sh` |
| | Send signatures to signer | | | Sign .exe file using `gpg -b` |
| Place signatures as `$filename.$builder.asc` in `./dist` | |
| Run `./sign.sh` | | | Signer and verifiers:
| Upload signatures to 'electrum-signatures' repo, as `$version/$filename.$builder.asc` |
`sign.sh` will check if the signatures match the signer's files. This ensures that the signer's
build environment is not compromised and that the binaries can be reproduced by anyone.
Verify Integrity of signed binary Verify Integrity of signed binary

10
contrib/build-wine/unsign.sh
View file

@ -17,12 +17,11 @@ cd signed
echo "Found $(ls *.exe | wc -w) files to verify." echo "Found $(ls *.exe | wc -w) files to verify."
for signed in $(ls *.exe); do for signed in $(ls *.exe); do
echo $signed
mine="../dist/$signed" mine="../dist/$signed"
out="../stripped/$signed" out="../stripped/$signed"
size=$( wc -c < $mine ) size=$( wc -c < $mine )
# Step 1: Remove PE signature from signed binary # Step 1: Remove PE signature from signed binary
osslsigncode remove-signature -in $signed -out $out osslsigncode remove-signature -in $signed -out $out > /dev/null 2>&1
# Step 2: Remove checksum and padding from signed binary # Step 2: Remove checksum and padding from signed binary
python3 <<EOF python3 <<EOF
pe_file = "$out" pe_file = "$out"
@ -37,16 +36,15 @@ l = len(binary)
n = l - size n = l - size
if n > 0: if n > 0:
assert binary[-n:] == bytearray(n) assert binary[-n:] == bytearray(n)
print("removing %d null bytes"% n)
binary = binary[:size] binary = binary[:size]
with open(pe_file, "wb") as f: with open(pe_file, "wb") as f:
f.write(binary) f.write(binary)
EOF EOF
chmod +x $out chmod +x $out
if [ ! $(diff $out $mine) ]; then if [ ! $(diff $out $mine) ]; then
echo "Success!" echo "Success: $signed"
gpg --sign --armor --detach $signed #gpg --sign --armor --detach $signed
else else
echo "failure" echo "Failure: $signed"
fi fi
done done