From 417f6fdd7ba0e286c7ac049340f537de19387ef6 Mon Sep 17 00:00:00 2001 From: dmiller Date: Thu, 20 Oct 2016 15:31:33 +0000 Subject: [PATCH] Add code signing and timestamps to windows build --- mswin32/Makefile | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/mswin32/Makefile b/mswin32/Makefile index c7d2bb5f5..068f13f6a 100644 --- a/mswin32/Makefile +++ b/mswin32/Makefile @@ -1,5 +1,6 @@ MAKENSIS="/cygdrive/c/Program Files/NSIS/makensis.exe" VCEXPRESS := $(shell reg query "HKEY_CLASSES_ROOT\\Applications\\devenv.exe\\shell\\edit\\command" | egrep -i '[A-Z]:\\' | cut -d\" -f2 | sed 's%\\%/%g' | tr -d '\n') +SIGNTOOL := $(shell reg query "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Microsoft SDKs\\Windows\\v8.1" /v "InstallationFolder" | egrep InstallationFolder | cut -d ' ' -f13- | sed 's%\\%/%g' | tr -d '\n' | sed 's%$$%bin/x86/signtool.exe%') export NMAP_VERSION := $(shell grep '^\#[ \t]*define[ \t]\+NMAP_VERSION' ../nmap.h | sed -e 's/.*"\(.*\)".*/\1/' -e 'q') export NMAP_NUM_VERSION := $(shell grep '^\#[ \t]*define[ \t]\+NMAP_NUM_VERSION' ../nmap.h | sed -e 's/.*"\(.*\)".*/\1/' -e 'q') export NPCAP_VERSION := $(shell ls npcap-*.exe | sed -e 's/npcap-\([-r0-9.]*\)\.exe/\1/' -e 'q') @@ -7,6 +8,7 @@ COMMA_VERSION=$(shell echo $(NMAP_NUM_VERSION) | tr '.' ',') LOGLOC=c:nmapbuild.log NSE_FILES = scripts/script.db scripts/*.nse NMAP_MSWIN32_AUX = ../../nmap-mswin32-aux +SIGNTOOL_ARGS = sign /a /n "Insecure.Com LLC" /tr http://timestamp.digicert.com /td sha256 /fd sha256 winbuild: nmap.rc nsis/Nmap.nsi LICENSE # VCExpress.exe is devenv.com with the commercial Visual Studio suite instead of VC++ Express @@ -17,6 +19,7 @@ winbuild: nmap.rc nsis/Nmap.nsi LICENSE rm -f nmap-$(NMAP_VERSION)-win32.zip mkdir nmap-$(NMAP_VERSION) cd Release && cp -r ../../CHANGELOG ../../COPYING nmap-mac-prefixes nmap-os-db nmap-payloads nmap-protocols nmap-rpc nmap-service-probes nmap-services nmap.exe nmap.xsl nse_main.lua ../nmap_performance.reg ../../README-WIN32 ../../docs/3rd-party-licenses.txt ../nmap-$(NMAP_VERSION)/ + "$(SIGNTOOL)" $(SIGNTOOL_ARGS) nmap-$(NMAP_VERSION)/nmap.exe # Use "cmd /c copy" rather than "cp" to preserve Windows ACLs. Using # "cp" means that the copied DLLs don't have the same ACL and cause an # error on startup: 0xc0000022. @@ -35,9 +38,12 @@ winbuild: nmap.rc nsis/Nmap.nsi LICENSE cp $(NMAP_MSWIN32_AUX)/vcredist_x86.exe nmap-$(NMAP_VERSION) cp $(NMAP_MSWIN32_AUX)/vcredist2008_x86.exe nmap-$(NMAP_VERSION) cp ../ncat/Release/ncat.exe nmap-$(NMAP_VERSION) + "$(SIGNTOOL)" $(SIGNTOOL_ARGS) nmap-$(NMAP_VERSION)/ncat.exe cp ../ncat/Release/ca-bundle.crt nmap-$(NMAP_VERSION) cp ../nping/Release/nping.exe nmap-$(NMAP_VERSION) + "$(SIGNTOOL)" $(SIGNTOOL_ARGS) nmap-$(NMAP_VERSION)/nping.exe cp ../nmap-update/Release/nmap-update.exe nmap-$(NMAP_VERSION) + "$(SIGNTOOL)" $(SIGNTOOL_ARGS) nmap-$(NMAP_VERSION)/nmap-update.exe # Install the ndiff batch file wrapper in the zip distribution. cp ../ndiff/ndiff.py nmap-$(NMAP_VERSION)/ndiff.py cp python-wrap.bat nmap-$(NMAP_VERSION)/ndiff.bat @@ -46,12 +52,15 @@ winbuild: nmap.rc nsis/Nmap.nsi LICENSE rm -f nmap-$(NMAP_VERSION)/ndiff.py nmap-$(NMAP_VERSION)/ndiff.bat cd ../zenmap && install_scripts/windows/copy_and_compile.bat cp -R ../zenmap/dist/* nmap-$(NMAP_VERSION)/ + "$(SIGNTOOL)" $(SIGNTOOL_ARGS) nmap-$(NMAP_VERSION)/ndiff.exe + "$(SIGNTOOL)" $(SIGNTOOL_ARGS) nmap-$(NMAP_VERSION)/zenmap.exe cp ../zenmap/README nmap-$(NMAP_VERSION)/ZENMAP_README cp ../zenmap/COPYING_HIGWIDGETS nmap-$(NMAP_VERSION) cp ../ndiff/README nmap-$(NMAP_VERSION)/NDIFF_README cp nsis/AddToPath.nsh nsis/Nmap.nsi nsis/shortcuts.ini nsis/final.ini nmap-$(NMAP_VERSION) $(MAKENSIS) nmap-$(NMAP_VERSION)/Nmap.nsi mv nmap-$(NMAP_VERSION)/NmapInstaller.exe nmap-$(NMAP_VERSION)-setup.exe + "$(SIGNTOOL)" $(SIGNTOOL_ARGS) nmap-$(NMAP_VERSION)-setup.exe nmap.rc: nmap.rc.in ../nmap.h sed -e '1i// Automatically generated from $<.' \