Index: /trunk/src/VBox/Additions/Makefile.kmk =================================================================== --- /trunk/src/VBox/Additions/Makefile.kmk (revision 64934) +++ /trunk/src/VBox/Additions/Makefile.kmk (revision 64935) @@ -242,9 +242,9 @@ ifdef VBOX_WITH_ADDITIONS_ISO.win.amd64 VBOX_PATH_ADDITIONS.win.amd64 = $(PATH_OUT_BASE)/win.amd64/$(KBUILD_TYPE)/bin/additions + VBOX_PATH_ADDITIONS.win = $(VBOX_PATH_ADDITIONS.win.amd64) GUESTADDITIONS_FILESPEC.win.amd64 = \ VBoxWindowsAdditions-amd64.exe=$(VBOX_PATH_ADDITIONS.win.amd64)/VBoxWindowsAdditions-amd64.exe ifndef VBOX_WITH_ADDITIONS_ISO.win.x86 GUESTADDITIONS_FILESPEC.win.amd64 += \ - cert/oracle-vbox.cer=$(VBOX_PATH_ADDITIONS_SRC)/WINNT/tools/oracle-vbox.cer \ cert/VBoxCertUtil.exe=$(VBOX_PATH_ADDITIONS.win.amd64)/VBoxCertUtil.exe endif @@ -253,4 +253,5 @@ ifdef VBOX_WITH_ADDITIONS_ISO.win.x86 VBOX_PATH_ADDITIONS.win.x86 = $(PATH_OUT_BASE)/win.x86/$(KBUILD_TYPE)/bin/additions + VBOX_PATH_ADDITIONS.win = $(VBOX_PATH_ADDITIONS.win.x86) GUESTADDITIONS_FILESPEC.win.x86 = \ VBoxWindowsAdditions-x86.exe=$(VBOX_PATH_ADDITIONS.win.x86)/VBoxWindowsAdditions-x86.exe \ @@ -259,8 +260,51 @@ 32Bit/Readme.txt=$(VBOX_PATH_ADDITIONS_SRC)/WINNT/Installer/ISO/ReadmeDrivers.txt \ 64Bit/Readme.txt=$(VBOX_PATH_ADDITIONS_SRC)/WINNT/Installer/ISO/ReadmeDrivers.txt \ - cert/oracle-vbox.cer=$(VBOX_PATH_ADDITIONS_SRC)/WINNT/tools/oracle-vbox.cer \ cert/VBoxCertUtil.exe=$(VBOX_PATH_ADDITIONS.win.x86)/VBoxCertUtil.exe endif # win.x86 +if defined(VBOX_WITH_ADDITIONS_ISO.win.amd64) || defined(VBOX_WITH_ADDITIONS_ISO.win.x86) + ifndef VBOX_SIGNING_MODE + GUESTADDITIONS_FILESPEC.win = cert/oracle-vbox.cer=$(VBOX_PATH_ADDITIONS_SRC)/WINNT/tools/oracle-vbox.cer + else if "$(VBOX_WITH_CORP_CODE_SIGNING)" == "all" || (!defined(VBOX_CERTIFICATE_SHA2_SUBJECT_NAME) && !defined(VBOX_WITH_CORP_CODE_SIGNING)) + GUESTADDITIONS_FILESPEC.win = cert/oracle-vbox.cer=$(VBOX_PATH_ADDITIONS.win)/oracle-vbox.cer + else + GUESTADDITIONS_FILESPEC.win = \ + cert/oracle-vbox1.cer=$(VBOX_PATH_ADDITIONS.win)/oracle-vbox1.cer \ + cert/oracle-vbox256.cer=$(VBOX_PATH_ADDITIONS.win)/oracle-vbox256.cer + if defined(VBOX_CERTIFICATE_SHA2_SUBJECT_NAME) && defined(VBOX_WITH_CORP_CODE_SIGNING) + GUESTADDITIONS_FILESPEC.win += cert/oracle-vbox256-r3.cer=$(VBOX_PATH_ADDITIONS.win)/oracle-vbox256-r3.cer + endif + endif + +endif + $$(VBoxStub_0_OUTDIR)/VBoxStubPublicCert.h: | $$(dir $$@) $(VBOX_RTSIGNTOOL) $(PATH_STAGE_SYS)/VBoxDrv.sys + $(RM) -f -- "$@" "$@.cer0" "$@.cer1" "$@.cer2" "$@.array" + + $(VBOX_RTSIGNTOOL) extract-exe-signer-cert --signature-index 0 --exe "$(PATH_STAGE_SYS)/VBoxDrv.sys" --output "$@.cer0" --der + $(VBOX_BIN2C) -ascii --append VBoxStubTrustedCert0 "$@.cer0" $@ + $(APPEND) "$@.array" " { g_abVBoxStubTrustedCert0, sizeof(g_abVBoxStubTrustedCert0) }, " + if defined(VBOX_CERTIFICATE_SHA2_SUBJECT_NAME) && (!defined(VBOX_WITH_CORP_CODE_SIGNING) || "$(VBOX_WITH_CORP_CODE_SIGNING)" != "all") + $(VBOX_RTSIGNTOOL) extract-exe-signer-cert --signature-index 1 --exe "$(PATH_STAGE_SYS)/VBoxDrv.sys" --output "$@.cer1" --der + $(VBOX_BIN2C) -ascii --append VBoxStubTrustedCert1 "$@.cer1" $@ + $(APPEND) "$@.array" " { g_abVBoxStubTrustedCert1, sizeof(g_abVBoxStubTrustedCert1) }, " + endif + if defined(VBOX_WITH_CORP_CODE_SIGNING) && "$(VBOX_WITH_CORP_CODE_SIGNING)" != "all" && "$(VBOX_SIGNING_MODE)" == "release" + $(VBOX_RTSIGNTOOL) extract-exe-signer-cert --signature-index 1 --exe "$(VBOX_RTSIGNTOOL)" --output "$@.cer2" --der + $(VBOX_BIN2C) -ascii --append g_abVBoxStubTrustedCert2 "$@.cer2" $@ + $(APPEND) "$@.array" " { g_abVBoxStubTrustedCert2, sizeof(g_abVBoxStubTrustedCert2) }, " + endif + $(APPEND) -n "$@" \ + "" \ + "struct { uint8_t const *pab; uint32_t cb; }" "g_aVBoxStubTrustedCerts[] = " \ + "{" + $(SED) --append "$@" -e "" "$@.array" + $(APPEND) -n "$@" \ + "};" + $(RM) -f -- "$@.cer0" "$@.cer1" "$@.cer2" "$@.array" + + VBoxStubPublicCert.h:: $$(VBoxStub_0_OUTDIR)/VBoxStubPublicCert.h + + +# haiku ifdef VBOX_WITH_ADDITIONS_ISO.haiku.x86 VBOX_PATH_ADDITIONS.haiku.x86 = $(PATH_OUT_BASE)/haiku.x86/$(KBUILD_TYPE)/bin/additions @@ -278,4 +322,5 @@ $(filter-out %=deleteme=,\ $(subst =,=deleteme= ,\ + $(GUESTADDITIONS_FILESPEC.win) \ $(GUESTADDITIONS_FILESPEC.win.x86) \ $(GUESTADDITIONS_FILESPEC.win.amd64) \ Index: /trunk/src/VBox/Additions/WINNT/tools/Makefile.kmk =================================================================== --- /trunk/src/VBox/Additions/WINNT/tools/Makefile.kmk (revision 64934) +++ /trunk/src/VBox/Additions/WINNT/tools/Makefile.kmk (revision 64935) @@ -18,16 +18,17 @@ include $(KBUILD_PATH)/subheader.kmk +# +# Certificate utility. +# PROGRAMS += VBoxCertUtil VBoxCertUtil_TEMPLATE = VBoxGuestR3Exe VBoxCertUtil_SOURCES = \ - VBoxCertUtil.cpp \ - VBoxCertUtil.rc + VBoxCertUtil.cpp \ + VBoxCertUtil.rc VBoxCertUtil_LIBS = \ - crypt32.lib + crypt32.lib -# # The icon is configurable. -# VBoxCertUtil.rc_INCS = $(VBoxCertUtil_0_OUTDIR) VBoxCertUtil.rc_DEPS = $(VBoxCertUtil_0_OUTDIR)/VBoxCertUtil-win-icon.rc @@ -39,4 +40,32 @@ $(APPEND) $@ 'IDI_VIRTUALBOX ICON DISCARDABLE "$(subst /,\\,$(VBOX_WINDOWS_ADDITIONS_ICON_FILE))"' + +# +# Install all the certificates we use here. +# +INSTALLS += AdditionsInstCertFiles +AdditionsInstCertFiles_TEMPLATE = VBoxGuestR3Exe +AdditionsInstCertFiles_SOURCES = +AdditionsInstCertFiles_CLEAN = +ifdef VBOX_SIGNING_MODE + define def_VBoxAdditionsInstCertFiles + AdditionsInstCertFiles_SOURCES += $$(AdditionsInstCertFiles_0_OUTDIR)/$(1)=>$1 + AdditionsInstCertFiles_CLEAN += $$(AdditionsInstCertFiles_0_OUTDIR)/$(1) + $$$$(AdditionsInstCertFiles_0_OUTDIR)/$(1): $$(2) | $$$$(dir $$$$@) + $(QUIET)$(RM) -f -- "$$@" + $(VBOX_RTSIGNTOOL) extract-exe-signer-cert --signature-index $3 --exe "$$<" --output "$$@" --der + endef + + if "$(VBOX_WITH_CORP_CODE_SIGNING)" == "all" || (!defined(VBOX_CERTIFICATE_SHA2_SUBJECT_NAME) && !defined(VBOX_WITH_CORP_CODE_SIGNING)) + $(evalcall2 def_VBoxAdditionsInstCertFiles,oracle-vbox.cer,$(VBOX_PATH_ADDITIONS)/VBoxGuest.sys,0) + else + $(evalcall2 def_VBoxAdditionsInstCertFiles,oracle-vbox-sha1.cer,$(VBOX_PATH_ADDITIONS)/VBoxGuest.sys,0) + $(evalcall2 def_VBoxAdditionsInstCertFiles,oracle-vbox-sha256.cer,$(VBOX_PATH_ADDITIONS)/VBoxGuest.sys,1) + if defined(VBOX_CERTIFICATE_SHA2_SUBJECT_NAME) && defined(VBOX_WITH_CORP_CODE_SIGNING) + $(evalcall2 def_VBoxAdditionsInstCertFiles,oracle-vbox-sha256-r3.cer,$(VBOX_PATH_ADDITIONS)/VBoxCertUtil.exe,1) + endif + endif +endif + include $(FILE_KBUILD_SUB_FOOTER)