VirtualBox

Changeset 64935 in vbox


Ignore:
Timestamp:
Dec 16, 2016 11:47:16 PM (8 years ago)
Author:
vboxsync
Message:

Additions/win: Don't depend on the checked in certificate, but rather extract the code signing certificates from VBoxGuest.sys and VBoxCertUtil.exe.

Location:
trunk/src/VBox/Additions
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/Additions/Makefile.kmk

    r63489 r64935  
    242242ifdef VBOX_WITH_ADDITIONS_ISO.win.amd64
    243243 VBOX_PATH_ADDITIONS.win.amd64 = $(PATH_OUT_BASE)/win.amd64/$(KBUILD_TYPE)/bin/additions
     244 VBOX_PATH_ADDITIONS.win = $(VBOX_PATH_ADDITIONS.win.amd64)
    244245 GUESTADDITIONS_FILESPEC.win.amd64 = \
    245246        VBoxWindowsAdditions-amd64.exe=$(VBOX_PATH_ADDITIONS.win.amd64)/VBoxWindowsAdditions-amd64.exe
    246247 ifndef VBOX_WITH_ADDITIONS_ISO.win.x86
    247248  GUESTADDITIONS_FILESPEC.win.amd64 += \
    248         cert/oracle-vbox.cer=$(VBOX_PATH_ADDITIONS_SRC)/WINNT/tools/oracle-vbox.cer \
    249249        cert/VBoxCertUtil.exe=$(VBOX_PATH_ADDITIONS.win.amd64)/VBoxCertUtil.exe
    250250 endif
     
    253253ifdef VBOX_WITH_ADDITIONS_ISO.win.x86
    254254 VBOX_PATH_ADDITIONS.win.x86 = $(PATH_OUT_BASE)/win.x86/$(KBUILD_TYPE)/bin/additions
     255 VBOX_PATH_ADDITIONS.win = $(VBOX_PATH_ADDITIONS.win.x86)
    255256 GUESTADDITIONS_FILESPEC.win.x86 = \
    256257        VBoxWindowsAdditions-x86.exe=$(VBOX_PATH_ADDITIONS.win.x86)/VBoxWindowsAdditions-x86.exe \
     
    259260        32Bit/Readme.txt=$(VBOX_PATH_ADDITIONS_SRC)/WINNT/Installer/ISO/ReadmeDrivers.txt \
    260261        64Bit/Readme.txt=$(VBOX_PATH_ADDITIONS_SRC)/WINNT/Installer/ISO/ReadmeDrivers.txt \
    261         cert/oracle-vbox.cer=$(VBOX_PATH_ADDITIONS_SRC)/WINNT/tools/oracle-vbox.cer \
    262262        cert/VBoxCertUtil.exe=$(VBOX_PATH_ADDITIONS.win.x86)/VBoxCertUtil.exe
    263263endif # win.x86
    264264
     265if defined(VBOX_WITH_ADDITIONS_ISO.win.amd64) || defined(VBOX_WITH_ADDITIONS_ISO.win.x86)
     266 ifndef VBOX_SIGNING_MODE
     267 GUESTADDITIONS_FILESPEC.win = cert/oracle-vbox.cer=$(VBOX_PATH_ADDITIONS_SRC)/WINNT/tools/oracle-vbox.cer
     268 else if "$(VBOX_WITH_CORP_CODE_SIGNING)" == "all" || (!defined(VBOX_CERTIFICATE_SHA2_SUBJECT_NAME) && !defined(VBOX_WITH_CORP_CODE_SIGNING))
     269 GUESTADDITIONS_FILESPEC.win = cert/oracle-vbox.cer=$(VBOX_PATH_ADDITIONS.win)/oracle-vbox.cer
     270 else
     271  GUESTADDITIONS_FILESPEC.win = \
     272        cert/oracle-vbox1.cer=$(VBOX_PATH_ADDITIONS.win)/oracle-vbox1.cer \
     273        cert/oracle-vbox256.cer=$(VBOX_PATH_ADDITIONS.win)/oracle-vbox256.cer
     274  if defined(VBOX_CERTIFICATE_SHA2_SUBJECT_NAME) && defined(VBOX_WITH_CORP_CODE_SIGNING)
     275   GUESTADDITIONS_FILESPEC.win += cert/oracle-vbox256-r3.cer=$(VBOX_PATH_ADDITIONS.win)/oracle-vbox256-r3.cer
     276  endif
     277 endif
     278
     279endif
     280  $$(VBoxStub_0_OUTDIR)/VBoxStubPublicCert.h:  | $$(dir $$@) $(VBOX_RTSIGNTOOL) $(PATH_STAGE_SYS)/VBoxDrv.sys
     281        $(RM) -f -- "$@" "$@.cer0" "$@.cer1" "$@.cer2" "$@.array"
     282
     283        $(VBOX_RTSIGNTOOL) extract-exe-signer-cert --signature-index 0 --exe "$(PATH_STAGE_SYS)/VBoxDrv.sys" --output "$@.cer0" --der
     284        $(VBOX_BIN2C) -ascii --append VBoxStubTrustedCert0 "$@.cer0" $@
     285        $(APPEND) "$@.array" "    { g_abVBoxStubTrustedCert0, sizeof(g_abVBoxStubTrustedCert0) }, "
     286  if defined(VBOX_CERTIFICATE_SHA2_SUBJECT_NAME) && (!defined(VBOX_WITH_CORP_CODE_SIGNING) || "$(VBOX_WITH_CORP_CODE_SIGNING)" != "all")
     287        $(VBOX_RTSIGNTOOL) extract-exe-signer-cert --signature-index 1 --exe "$(PATH_STAGE_SYS)/VBoxDrv.sys" --output "$@.cer1" --der
     288        $(VBOX_BIN2C) -ascii --append VBoxStubTrustedCert1 "$@.cer1" $@
     289        $(APPEND) "$@.array" "    { g_abVBoxStubTrustedCert1, sizeof(g_abVBoxStubTrustedCert1) }, "
     290  endif
     291  if defined(VBOX_WITH_CORP_CODE_SIGNING) && "$(VBOX_WITH_CORP_CODE_SIGNING)" != "all" && "$(VBOX_SIGNING_MODE)" == "release"
     292        $(VBOX_RTSIGNTOOL) extract-exe-signer-cert --signature-index 1 --exe "$(VBOX_RTSIGNTOOL)" --output "$@.cer2" --der
     293        $(VBOX_BIN2C) -ascii --append g_abVBoxStubTrustedCert2 "$@.cer2" $@
     294        $(APPEND) "$@.array" "    { g_abVBoxStubTrustedCert2, sizeof(g_abVBoxStubTrustedCert2) }, "
     295  endif
     296        $(APPEND) -n "$@" \
     297                "" \
     298                "struct { uint8_t const *pab; uint32_t cb; }" "g_aVBoxStubTrustedCerts[] = " \
     299               "{"
     300        $(SED) --append "$@" -e "" "$@.array"
     301        $(APPEND) -n "$@" \
     302               "};"
     303        $(RM) -f -- "$@.cer0" "$@.cer1" "$@.cer2" "$@.array"
     304
     305  VBoxStubPublicCert.h:: $$(VBoxStub_0_OUTDIR)/VBoxStubPublicCert.h
     306
     307
     308# haiku
    265309ifdef VBOX_WITH_ADDITIONS_ISO.haiku.x86
    266310 VBOX_PATH_ADDITIONS.haiku.x86 = $(PATH_OUT_BASE)/haiku.x86/$(KBUILD_TYPE)/bin/additions
     
    278322                $(filter-out %=deleteme=,\
    279323                        $(subst =,=deleteme= ,\
     324                                $(GUESTADDITIONS_FILESPEC.win) \
    280325                                $(GUESTADDITIONS_FILESPEC.win.x86) \
    281326                                $(GUESTADDITIONS_FILESPEC.win.amd64) \

  • trunk/src/VBox/Additions/WINNT/tools/Makefile.kmk

    r63107 r64935  
    1818include $(KBUILD_PATH)/subheader.kmk
    1919
     20#
     21# Certificate utility.
     22#
    2023PROGRAMS += VBoxCertUtil
    2124
    2225VBoxCertUtil_TEMPLATE = VBoxGuestR3Exe
    2326VBoxCertUtil_SOURCES = \
    24     VBoxCertUtil.cpp \
    25     VBoxCertUtil.rc
     27        VBoxCertUtil.cpp \
     28        VBoxCertUtil.rc
    2629VBoxCertUtil_LIBS = \
    27     crypt32.lib
     30        crypt32.lib
    2831
    29 #
    3032# The icon is configurable.
    31 #
    3233VBoxCertUtil.rc_INCS = $(VBoxCertUtil_0_OUTDIR)
    3334VBoxCertUtil.rc_DEPS = $(VBoxCertUtil_0_OUTDIR)/VBoxCertUtil-win-icon.rc
     
    3940        $(APPEND) $@ 'IDI_VIRTUALBOX ICON DISCARDABLE "$(subst /,\\,$(VBOX_WINDOWS_ADDITIONS_ICON_FILE))"'
    4041
     42
     43#
     44# Install all the certificates we use here.
     45#
     46INSTALLS += AdditionsInstCertFiles
     47AdditionsInstCertFiles_TEMPLATE = VBoxGuestR3Exe
     48AdditionsInstCertFiles_SOURCES  =
     49AdditionsInstCertFiles_CLEAN    =
     50ifdef VBOX_SIGNING_MODE
     51 define def_VBoxAdditionsInstCertFiles
     52  AdditionsInstCertFiles_SOURCES += $$(AdditionsInstCertFiles_0_OUTDIR)/$(1)=>$1
     53  AdditionsInstCertFiles_CLEAN   += $$(AdditionsInstCertFiles_0_OUTDIR)/$(1)
     54  $$$$(AdditionsInstCertFiles_0_OUTDIR)/$(1): $$(2) | $$$$(dir $$$$@)
     55        $(QUIET)$(RM) -f -- "$$@"
     56        $(VBOX_RTSIGNTOOL) extract-exe-signer-cert --signature-index $3 --exe "$$<" --output "$$@" --der
     57 endef
     58
     59 if "$(VBOX_WITH_CORP_CODE_SIGNING)" == "all" || (!defined(VBOX_CERTIFICATE_SHA2_SUBJECT_NAME) && !defined(VBOX_WITH_CORP_CODE_SIGNING))
     60  $(evalcall2 def_VBoxAdditionsInstCertFiles,oracle-vbox.cer,$(VBOX_PATH_ADDITIONS)/VBoxGuest.sys,0)
     61 else
     62  $(evalcall2 def_VBoxAdditionsInstCertFiles,oracle-vbox-sha1.cer,$(VBOX_PATH_ADDITIONS)/VBoxGuest.sys,0)
     63  $(evalcall2 def_VBoxAdditionsInstCertFiles,oracle-vbox-sha256.cer,$(VBOX_PATH_ADDITIONS)/VBoxGuest.sys,1)
     64  if defined(VBOX_CERTIFICATE_SHA2_SUBJECT_NAME) && defined(VBOX_WITH_CORP_CODE_SIGNING)
     65   $(evalcall2 def_VBoxAdditionsInstCertFiles,oracle-vbox-sha256-r3.cer,$(VBOX_PATH_ADDITIONS)/VBoxCertUtil.exe,1)
     66  endif
     67 endif
     68endif
     69
    4170include $(FILE_KBUILD_SUB_FOOTER)
    4271
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette