diff --git a/tools/signing/linux-signer-authenticode-signing b/tools/signing/linux-signer-authenticode-signing index 68643ee7c798fdd260c3e65fb3eaf1e30bb353f6..31943af1e0c054bd57b6aa80ff46552ebfe23304 100755 --- a/tools/signing/linux-signer-authenticode-signing +++ b/tools/signing/linux-signer-authenticode-signing @@ -1,20 +1,34 @@ #!/bin/bash set -e -export YUBIHSM_PKCS11_CONF=~/yubihsm_pkcs11.conf +script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +source "$script_dir/functions" -read -sp "Enter passphrase: " pass +cd ~/"$tbb_version" + +test -n "${YUBIPASS:-}" || read -s -p "Authenticode (yubihsm) password:" YUBIPASS echo + +tmpdir=$(mktemp -d) +chgrp yubihsm "$tmpdir" +chmod g+rwx "$tmpdir" + +cwd=$(pwd) for i in `find . -name "*.exe" -print` do - /home/yubihsm/osslsigncode/osslsigncode \ + echo "Signing $i" + echo export 'YUBIHSM_PKCS11_CONF=~/yubihsm_pkcs11.conf' \; \ + /home/yubihsm/osslsigncode/osslsigncode \ -pkcs11engine /usr/lib/engines/engine_pkcs11.so \ -pkcs11module /usr/local/lib/yubihsm_pkcs11.so \ - -pass "$pass" \ + -pass "'$YUBIPASS'" \ -h sha256 \ -certs /home/yubihsm/tpo-cert.crt \ -key 1c40 \ - $i $i-signed + "$cwd/$i" "$tmpdir/$i" \ + | sudo su - yubihsm + mv -vf "$tmpdir/$i" "$cwd/$i" done -unset pass -rename -f 's/-signed//' *-signed + +unset YUBIPASS +rmdir "$tmpdir"