[Commented On] D10684: pyoxidizer: support code signing

baymax (Baymax, Your Personal Patch-care Companion) phabricator at mercurial-scm.org
Mon May 10 15:40:10 UTC 2021 

baymax added a comment.
baymax updated this revision to Diff 27792.


  ✅ refresh by Heptapod after a successful CI run (🐙 💚)

REPOSITORY
  rHG Mercurial

CHANGES SINCE LAST UPDATE
  https://phab.mercurial-scm.org/D10684?vs=27755&id=27792

BRANCH
  default

CHANGES SINCE LAST ACTION
  https://phab.mercurial-scm.org/D10684/new/

REVISION DETAIL
  https://phab.mercurial-scm.org/D10684

AFFECTED FILES
  rust/hgcli/pyoxidizer.bzl

CHANGE DETAILS

diff --git a/rust/hgcli/pyoxidizer.bzl b/rust/hgcli/pyoxidizer.bzl
--- a/rust/hgcli/pyoxidizer.bzl
+++ b/rust/hgcli/pyoxidizer.bzl
@@ -8,12 +8,29 @@
 #
 # EXTRA_MSI_FEATURES
 #   ; delimited string of extra features to advertise in the built MSA.
+#
+# SIGNING_PFX_PATH
+#   Path to code signing certificate to use.
+#
+# SIGNING_PFX_PASSWORD
+#   Password to code signing PFX file defined by SIGNING_PFX_PATH.
+#
+# SIGNING_SUBJECT_NAME
+#   String fragment in code signing certificate subject name used to find
+#   code signing certificate in Windows certificate store.
+#
+# TIME_STAMP_SERVER_URL
+#   URL of time-stamp token authority (RFC 3161) servers to stamp code signatures.
 
 ROOT = CWD + "/../.."
 
 VERSION = VARS.get("VERSION", "5.8")
 MSI_NAME = VARS.get("MSI_NAME", "mercurial")
 EXTRA_MSI_FEATURES = VARS.get("EXTRA_MSI_FEATURES")
+SIGNING_PFX_PATH = VARS.get("SIGNING_PFX_PATH")
+SIGNING_PFX_PASSWORD = VARS.get("SIGNING_PFX_PASSWORD", "")
+SIGNING_SUBJECT_NAME = VARS.get("SIGNING_SUBJECT_NAME")
+TIME_STAMP_SERVER_URL = VARS.get("TIME_STAMP_SERVER_URL", "http://timestamp.digicert.com")
 
 IS_WINDOWS = "windows" in BUILD_TARGET_TRIPLE
 
@@ -230,6 +247,24 @@
     return wix
 
 
+def register_code_signers():
+    if not IS_WINDOWS:
+        return
+
+    if SIGNING_PFX_PATH:
+        signer = code_signer_from_pfx_file(SIGNING_PFX_PATH, SIGNING_PFX_PASSWORD)
+    elif SIGNING_SUBJECT_NAME:
+        signer = code_signer_from_windows_store_subject(SIGNING_SUBJECT_NAME)
+    else:
+        signer = None
+
+    if signer:
+        signer.set_time_stamp_server(TIME_STAMP_SERVER_URL)
+        signer.activate()
+
+
+register_code_signers()
+
 register_target("distribution", make_distribution)
 register_target("exe", make_exe, depends = ["distribution"])
 register_target("app", make_manifest, depends = ["distribution", "exe"], default = True)



To: indygreg, #hg-reviewers
Cc: mercurial-patches
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mercurial-scm.org/pipermail/mercurial-patches/attachments/20210510/3a818e82/attachment-0002.html>

More information about the Mercurial-patches mailing list