diff --git a/common/windows/delphi/ext/sentry/test/Makefile b/common/windows/delphi/ext/sentry/test/Makefile
index 63fc664b011..b2e92bb8964 100644
--- a/common/windows/delphi/ext/sentry/test/Makefile
+++ b/common/windows/delphi/ext/sentry/test/Makefile
@@ -4,7 +4,8 @@
!include ..\..\..\Defines.mak
-build: dirs # version.res manifest.res
+build: dirs
+# version.res manifest.res
$(DELPHI_MSBUILD) SentryClientTest.dproj "/p:Platform=Win32"
$(DELPHI_MSBUILD) SentryClientVclTest.dproj "/p:Platform=Win32"
diff --git a/common/windows/delphi/tools/Makefile b/common/windows/delphi/tools/Makefile
index a9c1151473a..2ea11ab2372 100644
--- a/common/windows/delphi/tools/Makefile
+++ b/common/windows/delphi/tools/Makefile
@@ -7,7 +7,7 @@ NOTARGET_SIGNCODE=yes
!ifdef NODELPHI
TARGETS=.virtual
!else
-TARGETS=build_standards_data buildunidata devtools sentrytool test-klog
+TARGETS=build_standards_data buildunidata devtools sentrytool test-klog verify_signatures
!endif
CLEANS=clean-tools
@@ -28,6 +28,10 @@ buildunidata: .virtual
cd $(COMMON_ROOT)\tools\buildunidata
$(MAKE) $(TARGET)
+verify_signatures: .virtual
+ cd $(COMMON_ROOT)\tools\verify_signatures
+ $(MAKE) $(TARGET)
+
devtools: .virtual
!ifdef NODELPHI
echo Skipping devtools
diff --git a/common/windows/delphi/tools/verify_signatures/Makefile b/common/windows/delphi/tools/verify_signatures/Makefile
new file mode 100644
index 00000000000..0f67747665e
--- /dev/null
+++ b/common/windows/delphi/tools/verify_signatures/Makefile
@@ -0,0 +1,13 @@
+#
+# test for signatures and version information being correct in ?install directory or ?bin directory
+#
+
+!include ..\..\Defines.mak
+
+build:
+ $(DELPHI_MSBUILD) verify_signatures.dproj
+ copy sigcheck.bin $(WIN32_TARGET_PATH)\sigcheck.exe
+
+clean: def-clean
+
+!include ..\..\Target.mak
diff --git a/windows/src/test/test_i3633/sigcheck.bin b/common/windows/delphi/tools/verify_signatures/sigcheck.bin
similarity index 100%
rename from windows/src/test/test_i3633/sigcheck.bin
rename to common/windows/delphi/tools/verify_signatures/sigcheck.bin
diff --git a/windows/src/test/test_i3633/verify.dpr b/common/windows/delphi/tools/verify_signatures/verify_signatures.dpr
similarity index 86%
rename from windows/src/test/test_i3633/verify.dpr
rename to common/windows/delphi/tools/verify_signatures/verify_signatures.dpr
index b3707d84617..49478ac3edf 100644
--- a/windows/src/test/test_i3633/verify.dpr
+++ b/common/windows/delphi/tools/verify_signatures/verify_signatures.dpr
@@ -1,4 +1,4 @@
-program verify;
+program verify_signatures;
{$APPTYPE CONSOLE}
@@ -36,6 +36,7 @@ begin
Delete(s,1,1);
end;
+ // TODO: sign these files and move the check down to the EndsWith node test
if str[0].ToLower.Contains('sentry.') or str[0].ToLower.Contains('crashpad_handler') or str[0].ToLower.Contains('keymanmc') then
// We don't verify sentry.dll or sentry.x64.dll or crashpad_handler.exe because they're not our files
// We don't verify keymanmc.dll because it has no version resources, as it is mc-generated
@@ -62,6 +63,14 @@ begin
end;
end;
+ if str[0].ToLower.EndsWith('node') then
+ begin
+ // It's one of the node addons -- in developer server at time of writing
+ // we don't have a version resource but we have signed it, so treat it
+ // as valid
+ Exit('');
+ end;
+
if str[3] <> 'SIL International' then
begin
Exit('File has wrong company name');
@@ -90,7 +99,7 @@ begin
if (ParamStr(1) = '-?') or (ParamCount < 1) then
begin
- writeln('verify [-d] VERSION.md: Verify the output of sigcheck to ensure all executables are signed and have proper version.');
+ writeln('verify_signatures [-d] VERSION.md: Verify the output of sigcheck to ensure all executables are signed and have proper version.');
writeln(' -d: Check the timestamp on the signature is less than 2 days old.');
writeln(' VERSION.md: path to the version to verify against');
Halt(2);
diff --git a/windows/src/test/test_i3633/verify.dproj b/common/windows/delphi/tools/verify_signatures/verify_signatures.dproj
similarity index 99%
rename from windows/src/test/test_i3633/verify.dproj
rename to common/windows/delphi/tools/verify_signatures/verify_signatures.dproj
index e23aeb3a4d8..323353c79b9 100644
--- a/windows/src/test/test_i3633/verify.dproj
+++ b/common/windows/delphi/tools/verify_signatures/verify_signatures.dproj
@@ -3,7 +3,7 @@
{A6DCA558-8DD0-4FFF-8DAE-F305AB8D2AF4}
18.8
None
- verify.dpr
+ verify_signatures.dpr
True
Debug
Win32
@@ -45,7 +45,7 @@
true
- verify
+ verify_signatures
$(BDS)\bin\delphi_PROJECTICNS.icns
$(BDS)\bin\delphi_PROJECTICON.ico
bindcompfmx;fmx;rtl;dbrtl;DbxClientDriver;bindcomp;inetdb;DBXInterBaseDriver;xmlrtl;DbxCommonDriver;DBXMySQLDriver;dbxcds;soaprtl;bindengine;CustomIPTransport;dsnap;fmxase;inet;fmxobj;inetdbxpress;fmxdae;dbexpress;$(DCC_UsePackage)
@@ -161,7 +161,7 @@
Microsoft Office 2000 Sample Automation Server Wrapper Components
diff --git a/windows/src/test/test_i3633/verify.res b/common/windows/delphi/tools/verify_signatures/verify_signatures.res
similarity index 100%
rename from windows/src/test/test_i3633/verify.res
rename to common/windows/delphi/tools/verify_signatures/verify_signatures.res
diff --git a/developer/src/Makefile b/developer/src/Makefile
index 0c6c81ece6b..6a1cf398e51 100644
--- a/developer/src/Makefile
+++ b/developer/src/Makefile
@@ -153,6 +153,8 @@ do-build-release:
$(MAKE) build-release-dependencies
$(MAKE) "SIGNCODE_BUILD=SIGNCODE_BUILD" build test
$(MAKE) signcode
+ cd $(DEVELOPER_ROOT)\src\tools\verify_signatures
+ $(MAKE) test
cd $(DEVELOPER_ROOT)\src\inst
$(MAKE)
diff --git a/developer/src/inst/download.in.mak b/developer/src/inst/download.in.mak
index eeadd67ac0a..871f4b012c0 100644
--- a/developer/src/inst/download.in.mak
+++ b/developer/src/inst/download.in.mak
@@ -26,6 +26,9 @@ copykmdev: makeinstaller make-kmcomp-install-zip
-mkdir $(DEVELOPER_ROOT)\release\$Version
copy /Y $(DEVELOPER_ROOT)\src\inst\keymandeveloper.msi $(DEVELOPER_ROOT)\release\$Version\keymandeveloper.msi
copy /Y $(DEVELOPER_ROOT)\src\inst\keymandeveloper-$Version.exe $(DEVELOPER_ROOT)\release\$Version\keymandeveloper-$Version.exe
+ $(SIGCHECK) $(DEVELOPER_ROOT)\release\$Version\* > sig1
+ $(VERIFY_SIGNATURES) < sig1
+ -del sig1
test-releaseexists:
if exist $(DEVELOPER_ROOT)\release\$Version\keymandeveloper*.msi echo. & echo Release $Version already exists. Delete it or update VERSION.md and try again & exit 1
diff --git a/developer/src/server/Makefile b/developer/src/server/Makefile
index eef73908049..9c865755740 100644
--- a/developer/src/server/Makefile
+++ b/developer/src/server/Makefile
@@ -14,7 +14,10 @@ clean: .virtual
-del tsconfig.tsbuildinfo
signcode:
- @rem nothing to do
+ $(SIGNCODE) /d "Keyman Developer" $(DEVELOPER_PROGRAM)\server\dist\win32\console\node-hide-console-window.node
+ $(SIGNCODE) /d "Keyman Developer" $(DEVELOPER_PROGRAM)\server\dist\win32\console\node-hide-console-window.x64.node
+ $(SIGNCODE) /d "Keyman Developer" $(DEVELOPER_PROGRAM)\server\dist\win32\trayicon\addon.node
+ $(SIGNCODE) /d "Keyman Developer" $(DEVELOPER_PROGRAM)\server\dist\win32\trayicon\addon.x64.node
wrap-symbols:
@rem nothing to do
diff --git a/developer/src/tools/verify_signatures/Makefile b/developer/src/tools/verify_signatures/Makefile
new file mode 100644
index 00000000000..003f6aa5d50
--- /dev/null
+++ b/developer/src/tools/verify_signatures/Makefile
@@ -0,0 +1,19 @@
+#
+# test for signatures and version information being correct in bin folder
+#
+
+!include ..\..\Defines.mak
+
+test: prereq
+ $(SIGCHECK) $(DEVELOPER_PROGRAM)\* > sig1
+ $(VERIFY_SIGNATURES) < sig1
+
+# prereq may not be needed?
+prereq:
+ cd $(VERIFY_SIGNATURES_PATH)
+ $(MAKE)
+
+clean: def-clean
+ -del sig1
+
+!include ..\..\Target.mak
diff --git a/windows/src/Defines.mak b/windows/src/Defines.mak
index bf8f77b9987..9506dfa6df0 100644
--- a/windows/src/Defines.mak
+++ b/windows/src/Defines.mak
@@ -322,3 +322,12 @@ SYMSTORE="C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\symstore.exe" add
/compress /f
CLEAN=-del /S /Q
+
+#
+# Signature checks
+#
+
+VERIFY_SIGNATURES_PATH=$(KEYMAN_ROOT)\common\windows\delphi\tools\verify_signatures
+# Note: hyphen prefix is important to ignore return value from sigcheck
+SIGCHECK=-$(VERIFY_SIGNATURES_PATH)\$(WIN32_TARGET_PATH)\sigcheck -q -s -e -v -accepteula
+VERIFY_SIGNATURES=$(VERIFY_SIGNATURES_PATH)\$(WIN32_TARGET_PATH)\verify_signatures -d $(KEYMAN_ROOT)\VERSION.md
diff --git a/windows/src/Makefile b/windows/src/Makefile
index 7dda8852632..e9048fcf71b 100644
--- a/windows/src/Makefile
+++ b/windows/src/Makefile
@@ -81,7 +81,7 @@ support: global
$(MAKE) $(TARGET)
cd $(ROOT)\src
-test:
+test: .virtual
cd $(ROOT)\src\test
$(MAKE) $(TARGET)
cd $(ROOT)\src
diff --git a/windows/src/desktop/inst/download.in b/windows/src/desktop/inst/download.in
index 0bf062eeba4..17b832210cc 100644
--- a/windows/src/desktop/inst/download.in
+++ b/windows/src/desktop/inst/download.in
@@ -17,6 +17,10 @@ copyredist-desktop:
copy /Y keymandesktop.exe $(ROOT)\release\$Version\keyman-$Version.exe
copy /Y $(ROOT)\bin\desktop\setup.exe $(ROOT)\release\$Version\setup.exe
+ $(SIGCHECK) $(ROOT)\release\$Version\* > sig1
+ $(VERIFY_SIGNATURES) < sig1
+ -del sig1
+
# Copy the unsigned setup.exe for use in bundling scenarios; zip it up for clarity
$(WZZIP) $(ROOT)\release\$Version\setup-redist.zip $(ROOT)\bin\desktop\setup-redist.exe
diff --git a/windows/src/desktop/insthelp/Makefile b/windows/src/desktop/insthelp/Makefile
index b3d4dcdf070..b1ca957636e 100644
--- a/windows/src/desktop/insthelp/Makefile
+++ b/windows/src/desktop/insthelp/Makefile
@@ -11,9 +11,9 @@ build: version.res dirs
$(COPY) $(WIN32_TARGET_PATH)\insthelp.exe $(ROOT)\bin\desktop\insthelp.exe
test-manifest:
- # test that (a) linked manifest exists and correct, and (b) has uiAccess=true
+# test that (a) linked manifest exists and correct, and (b) has uiAccess=true
@rem $(MT) -nologo -inputresource:$(PROGRAM)\desktop\insthelp.exe -validate_manifest
- # TODO: Investigate why no manifest included?
+# TODO: Investigate why no manifest included?
clean: def-clean
diff --git a/windows/src/desktop/kmconfig/Makefile b/windows/src/desktop/kmconfig/Makefile
index d7f308f9d65..98028758335 100644
--- a/windows/src/desktop/kmconfig/Makefile
+++ b/windows/src/desktop/kmconfig/Makefile
@@ -21,7 +21,7 @@ wrap-symbols:
$(SYMSTORE) $(DEBUGPATH)\desktop\kmconfig.dbg /t keyman-windows
test-manifest:
- # test that linked manifest exists and correct
+# test that linked manifest exists and correct
$(MT) -nologo -inputresource:$(PROGRAM)\desktop\kmconfig.exe -validate_manifest
install:
diff --git a/windows/src/desktop/kmshell/Makefile b/windows/src/desktop/kmshell/Makefile
index caaa7da54e0..773942d0a1b 100644
--- a/windows/src/desktop/kmshell/Makefile
+++ b/windows/src/desktop/kmshell/Makefile
@@ -39,7 +39,7 @@ wrap-symbols:
$(SYMSTORE) $(DEBUGPATH)\desktop\kmshell.dbg /t keyman-windows
test-manifest:
- # test that (a) linked manifest exists and correct, and (b) has uiAccess=true
+# test that (a) linked manifest exists and correct, and (b) has uiAccess=true
$(MT) -nologo -inputresource:$(PROGRAM)\desktop\kmshell.exe -validate_manifest
install: .virtual
diff --git a/windows/src/support/charident/Makefile b/windows/src/support/charident/Makefile
index dd6721c5c0a..cff67416776 100644
--- a/windows/src/support/charident/Makefile
+++ b/windows/src/support/charident/Makefile
@@ -15,6 +15,6 @@ signcode:
wrap-symbols:
$(SYMSTORE) $(PROGRAM)\support\charident.exe /t keyman-windows
- #TODO: $(SYMSTORE) $(DEBUGPATH)\support\charident.dbg /t keyman-windows
+#TODO: $(SYMSTORE) $(DEBUGPATH)\support\charident.dbg /t keyman-windows
!include ..\..\Target.mak
diff --git a/windows/src/support/km_yim/Makefile b/windows/src/support/km_yim/Makefile
index f0f93e6fe22..1aef5f80f02 100644
--- a/windows/src/support/km_yim/Makefile
+++ b/windows/src/support/km_yim/Makefile
@@ -4,12 +4,13 @@
!include ..\..\Defines.mak
-build: # version.res
+build:
+# version.res
$(DCC32) km_yim.dpr
rem $(TDSPACK) $(PROGRAM)\desktop\km_yim.exe km_yim.tds
rem $(TDS2DBG) $(PROGRAM)\desktop\km_yim.exe
$(WZZIP) inst_km_yim.zip km_yim.exe
- # $(WZSE) inst_km_yim -setup -t inst_km_yim.dialog.txt -st "Tavultesoft Keyman Desktop Yahoo Messenger Addin" -c km_yim.exe
+# $(WZSE) inst_km_yim -setup -t inst_km_yim.dialog.txt -st "Tavultesoft Keyman Desktop Yahoo Messenger Addin" -c km_yim.exe
clean: def-clean
if exist inst_km_yim.zip del inst_km_yim.zip
diff --git a/windows/src/test/Makefile b/windows/src/test/Makefile
index 5df2892dfad..2087f3d8a00 100644
--- a/windows/src/test/Makefile
+++ b/windows/src/test/Makefile
@@ -4,12 +4,14 @@
# ----------------------------------------------------------------------
+# TODO: both test-manifest-exec and verify_signatures are really part of buildtools
+
!ifdef NODELPHI
TARGETS=.virtual
!else
-TARGETS=test_i3633
+TARGETS=verify_signatures
!endif
-CLEAN=test_i3633
+CLEAN=verify_signatures
test: test-manifest-exec
$(MAKE) "TARGET=test" $(TARGETS)
@@ -22,10 +24,10 @@ test-manifest-exec:
$(MAKE) test-manifest
cd test
-# test_i3633: validate certificates and binary metadata on executables
-# TODO: Move this to buildtools
-test_i3633:
- cd $(ROOT)\src\test\test_i3633
+# validate certificates and binary metadata on executables
+# TODO: move to buildtools?
+verify_signatures: .virtual
+ cd $(ROOT)\src\test\verify_signatures
$(MAKE) $(TARGET)
# ----------------------------------------------------------------------
diff --git a/windows/src/test/test_i3633/Makefile b/windows/src/test/test_i3633/Makefile
deleted file mode 100644
index 575d77e7e83..00000000000
--- a/windows/src/test/test_i3633/Makefile
+++ /dev/null
@@ -1,31 +0,0 @@
-#
-# test for signatures and version information being correct in ?install directory or ?bin directory
-#
-
-!include ..\..\Defines.mak
-
-SIGCHECK=-$(WIN32_TARGET_PATH)\sigcheck -q -s -e -v -accepteula
-VERIFY=$(WIN32_TARGET_PATH)\verify -d $(KEYMAN_ROOT)\VERSION.md
-
-test: test-bin
-
-test-bin: prereq
- $(SIGCHECK) $(ROOT)\bin\desktop\* > sig1
- $(SIGCHECK) $(ROOT)\bin\developer\* >> sig1
- $(SIGCHECK) $(ROOT)\bin\engine\* >> sig1
- $(SIGCHECK) $(ROOT)\bin\inst\* >> sig1
- $(VERIFY) < sig1
-
-test-install: prereq
-
-
-prereq:
- $(DELPHI_MSBUILD) verify.dproj "/p:Platform=Win32"
- copy sigcheck.bin $(WIN32_TARGET_PATH)\sigcheck.exe
-
-
-clean: def-clean
- -del sig1
- -del sig2
-
-!include ..\..\Target.mak
diff --git a/windows/src/test/verify_signatures/Makefile b/windows/src/test/verify_signatures/Makefile
new file mode 100644
index 00000000000..607e5d22cf9
--- /dev/null
+++ b/windows/src/test/verify_signatures/Makefile
@@ -0,0 +1,21 @@
+#
+# test for signatures and version information being correct in bin folder
+#
+
+!include ..\..\Defines.mak
+
+test: prereq
+ $(SIGCHECK) $(ROOT)\bin\desktop\* > sig1
+ $(SIGCHECK) $(ROOT)\bin\engine\* >> sig1
+ $(SIGCHECK) $(ROOT)\bin\inst\* >> sig1
+ $(VERIFY_SIGNATURES) < sig1
+
+# prereq may not be needed?
+prereq:
+ cd $(VERIFY_SIGNATURES_PATH)
+ $(MAKE)
+
+clean: def-clean
+ -del sig1
+
+!include ..\..\Target.mak