From a34879ebd2c6c02f77a2df080c4696f0039ebffa Mon Sep 17 00:00:00 2001 From: unknown <iggy@amd64.(none)> Date: Wed, 25 Jul 2007 13:18:12 -0400 Subject: [PATCH] Bug#24732 Executables do not include Vista manifests - Sign executables with MySQL AB security certificate. BitKeeper/etc/ignore: Bug#24732 Executables do not include Vista manifests - Ignore security catalog descriptions CMakeLists.txt: Bug#24732 Executables do not include Vista manifests - Search for additional tools necessary to embed, catalog and sign targets. win/README: Bug#24732 Executables do not include Vista manifests - Add internal only note to EMBED_MANIFESTS option. win/create_manifest.js: Bug#24732 Executables do not include Vista manifests - Added publicKeyToken attribute to manifest. win/mysql_manifest.cmake: Bug#24732 Executables do not include Vista manifests - Add additional commands to create security catalog and sign targets. - Add parameters to add appropiate hash attribute to manifest and create security content description of the security catalog. --- .bzrignore | 1 + CMakeLists.txt | 38 ++++++++++++++++++++++++++++++++------ win/README | 3 ++- win/create_manifest.js | 2 +- win/mysql_manifest.cmake | 7 ++++--- 5 files changed, 40 insertions(+), 11 deletions(-) diff --git a/.bzrignore b/.bzrignore index e7a7a1c27dc..759ca4a20bf 100644 --- a/.bzrignore +++ b/.bzrignore @@ -6,6 +6,7 @@ *.bin *.vcproj.cmake cmake_install.cmake +*.cdf *.core *.d *.da diff --git a/CMakeLists.txt b/CMakeLists.txt index cdd0cde8b8d..3703548ebc3 100755 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -139,21 +139,47 @@ ENDIF(CMAKE_GENERATOR MATCHES "Visual Studio 7" OR ADD_DEFINITIONS("-D_WINDOWS -D__WIN__ -D _CRT_SECURE_NO_DEPRECATE") IF(EMBED_MANIFESTS) - # Search for the Manifest tool. CMake will first search it's defaults - # (CMAKE_FRAMEWORK_PATH, CMAKE_APPBUNDLE_PATH, CMAKE_PROGRAM_PATH and - # the system PATH) followed by the listed paths which are the current - # possible defaults and should be updated when necessary. The custom - # manifests are designed to be compatible with all mt versions. + # Search for the tools (mt, makecat, signtool) necessary for embedding + # manifests and signing executables with the MySQL AB authenticode cert. + # + # CMake will first search it's defaults (CMAKE_FRAMEWORK_PATH, + # CMAKE_APPBUNDLE_PATH, CMAKE_PROGRAM_PATH and the system PATH) followed + # by the listed paths which are the current possible defaults and should be + # updated when necessary. + # + # The custom manifests are designed to be compatible with all mt versions. + # The MySQL AB Authenticode certificate is available only internally. + # Others should store a single signing certificate in a local cryptographic + # service provider and alter the signtool command as necessary. FIND_PROGRAM(HAVE_MANIFEST_TOOL NAMES mt PATHS "$ENV{PROGRAMFILES}/Microsoft Visual Studio 8/VC/bin" "$ENV{PROGRAMFILES}/Microsoft Visual Studio 8/Common7/Tools/Bin" "$ENV{PROGRAMFILES}/Microsoft Visual Studio 8/SDK/v2.0/Bin") + FIND_PROGRAM(HAVE_CATALOG_TOOL NAMES makecat + PATHS + "$ENV{PROGRAMFILES}/Microsoft Visual Studio 8/Common7/Tools/Bin") + FIND_PROGRAM(HAVE_SIGN_TOOL NAMES signtool + PATHS + "$ENV{PROGRAMFILES}/Microsoft Visual Studio 8/Common7/Tools/Bin" + "$ENV{PROGRAMFILES}/Microsoft Visual Studio 8/SDK/v2.0/Bin") + IF(HAVE_MANIFEST_TOOL) - MESSAGE(STATUS "Found Mainfest Tool. Embedding custom manifests.") + MESSAGE(STATUS "Found Mainfest Tool.") ELSE(HAVE_MANIFEST_TOOL) MESSAGE(FATAL_ERROR "Manifest tool, mt.exe, can't be found.") ENDIF(HAVE_MANIFEST_TOOL) + IF(HAVE_CATALOG_TOOL) + MESSAGE(STATUS "Found Catalog Tool.") + ELSE(HAVE_CATALOG_TOOL) + MESSAGE(FATAL_ERROR "Catalog tool, makecat.exe, can't be found.") + ENDIF(HAVE_CATALOG_TOOL) + IF(HAVE_SIGN_TOOL) + MESSAGE(STATUS "Found Sign Tool. Embedding custom manifests and signing executables.") + ELSE(HAVE_SIGN_TOOL) + MESSAGE(FATAL_ERROR "Sign tool, signtool.exe, can't be found.") + ENDIF(HAVE_SIGN_TOOL) + # Disable automatic manifest generation. STRING(REPLACE "/MANIFEST" "/MANIFEST:NO" CMAKE_EXE_LINKER_FLAGS ${CMAKE_EXE_LINKER_FLAGS}) diff --git a/win/README b/win/README index 118d619226a..d13f37965c1 100644 --- a/win/README +++ b/win/README @@ -51,7 +51,8 @@ The options right now are DISABLE_GRANT_OPTIONS Disables the use of --init-file and --skip-grant-tables options of mysqld.exe EMBED_MANIFESTS Embed custom manifests into final exes, otherwise VS - default will be used. + default will be used. (Note - This option should only be + used by MySQL AB.) So the command line could look like: diff --git a/win/create_manifest.js b/win/create_manifest.js index 8569bd508ff..dec8f6e62e2 100755 --- a/win/create_manifest.js +++ b/win/create_manifest.js @@ -56,7 +56,7 @@ try manifest_xml+= "\t<assemblyIdentity name=\'" + app_name + "\'"; manifest_xml+= " version=\'" + app_version + "\'"; manifest_xml+= " processorArchitecture=\'" + app_arch + "\'"; - // TOADD - Add publicKeyToken attribute once we have Authenticode key. + manifest_xml+= " publicKeyToken=\'02ad33b422233ae3\'"; manifest_xml+= " type=\'win32\' />\r\n"; // Identify the application security requirements. manifest_xml+= "\t<trustInfo xmlns=\'urn:schemas-microsoft-com:asm.v2\'>\r\n"; diff --git a/win/mysql_manifest.cmake b/win/mysql_manifest.cmake index 4c88be1d800..0d429e438d6 100755 --- a/win/mysql_manifest.cmake +++ b/win/mysql_manifest.cmake @@ -14,7 +14,8 @@ MACRO(MYSQL_EMBED_MANIFEST _target_name _required_privs) ADD_CUSTOM_COMMAND( TARGET ${_target_name} POST_BUILD - COMMAND mt.exe - ARGS -nologo -manifest $(IntDir)\\$(TargetFileName).intermediate.manifest -outputresource:$(TargetPath) - COMMENT "Embeds the manifest contents.") + COMMAND mt.exe ARGS -nologo -hashupdate -makecdfs -manifest $(IntDir)\\$(TargetFileName).intermediate.manifest -outputresource:$(TargetPath) + COMMAND makecat.exe ARGS $(IntDir)\\$(TargetFileName).intermediate.manifest.cdf + COMMAND signtool.exe ARGS sign /a /t http://timestamp.verisign.com/scripts/timstamp.dll $(TargetPath) + COMMENT "Embeds the manifest contents, creates a cryptographic catalog, signs the target with Authenticode certificate.") ENDMACRO(MYSQL_EMBED_MANIFEST)