From ee79ff0579e25eca9189d72019e5361404437794 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Mon, 22 Mar 2021 07:59:32 +0100 Subject: Windows: first implementation of MSI installer for silent mode deployment (ACCEPTLICENSE=YES must be set in msiexec command line) --- src/Signing/sign-sha256.bat | 27 ++++++++++++++++----------- src/Signing/sign.bat | 38 ++++++++++++++++++++++++-------------- src/Signing/sign_test.bat | 33 ++++++++++++++++++++++----------- src/Signing/sign_test_debug.bat | 33 ++++++++++++++++++++++----------- 4 files changed, 84 insertions(+), 47 deletions(-) (limited to 'src/Signing') diff --git a/src/Signing/sign-sha256.bat b/src/Signing/sign-sha256.bat index 99cad96d..7902e66c 100644 --- a/src/Signing/sign-sha256.bat +++ b/src/Signing/sign-sha256.bat @@ -1,6 +1,7 @@ PATH=%PATH%;%WSDK81%\bin\x86;C:\Program Files\7-Zip;C:\Program Files (x86)\7-Zip set VC_VERSION=1.24-Update9 +set VC_VERSION_NBRE=1.24.25 set SIGNINGPATH=%~dp0 cd %SIGNINGPATH% @@ -9,47 +10,51 @@ call "..\..\doc\chm\create_chm.bat" cd %SIGNINGPATH% rem sign using SHA-1 -signtool sign /v /sha1 85aa2e55cfb9c38fe474c58b38e9521450cd9306 /ac DigiCert_Assured_ID_MS_Cross_Cert.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" +signtool sign /v /sha1 85aa2e55cfb9c38fe474c58b38e9521450cd9306 /ac DigiCert_Assured_ID_MS_Cross_Cert.crt /fd sha1 /t http://timestamp.digicert.com "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" timeout /t 10 rem sign using SHA-256 signtool sign /v /sha1 04141E4EA6D9343CEC994F6C099DC09BDD8937C9 /ac GlobalSign_R3Cross.cer /as /fd sha256 /tr http://rfc3161timestamp.globalsign.com/advanced /td SHA256 "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" signtool sign /v /sha1 04141E4EA6D9343CEC994F6C099DC09BDD8937C9 /ac GlobalSign_R3Cross.cer /fd sha256 /tr http://rfc3161timestamp.globalsign.com/advanced /td SHA256 "..\Release\Setup Files\veracrypt-arm64.sys" -signtool sign /v /sha1 04141E4EA6D9343CEC994F6C099DC09BDD8937C9 /ac GlobalSign_SHA256_EV_CodeSigning_CA.cer /fd sha256 /tr http://rfc3161timestamp.globalsign.com/advanced /td SHA256 "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe" "..\Release\Setup Files\VeraCrypt-arm64.exe" "..\Release\Setup Files\VeraCrypt Format-arm64.exe" "..\Release\Setup Files\VeraCryptExpander-arm64.exe" - +signtool sign /v /sha1 04141E4EA6D9343CEC994F6C099DC09BDD8937C9 /ac GlobalSign_SHA256_EV_CodeSigning_CA.cer /fd sha256 /tr http://rfc3161timestamp.globalsign.com/advanced /td SHA256 "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe" "..\Release\Setup Files\VeraCrypt-arm64.exe" "..\Release\Setup Files\VeraCrypt Format-arm64.exe" "..\Release\Setup Files\VeraCryptExpander-arm64.exe" "..\Release\Setup Files\VeraCrypt COMReg.exe" +rem create setup and MSI cd "..\Release\Setup Files\" - copy ..\..\LICENSE . copy ..\..\License.txt . copy ..\..\NOTICE . - +copy ..\..\Resources\Texts\License.rtf . +copy ..\..\Common\VeraCrypt.ico . +copy ..\..\Setup\VeraCrypt_setup_background.bmp . +copy ..\..\Setup\VeraCrypt_setup.bmp . +copy ..\..\Setup\Setup.ico . del *.xml rmdir /S /Q Languages mkdir Languages copy /V /Y ..\..\..\Translations\*.xml Languages\. del Languages.zip 7z a -y Languages.zip Languages - rmdir /S /Q docs mkdir docs\html\en mkdir docs\EFI-DCS copy /V /Y ..\..\..\doc\html\* docs\html\en\. copy "..\..\..\doc\chm\VeraCrypt User Guide.chm" docs\. copy "..\..\..\doc\EFI-DCS\*.pdf" docs\EFI-DCS\. - del docs.zip 7z a -y docs.zip docs - "VeraCrypt Setup.exe" /p "VeraCrypt Portable.exe" /p - +call build_msi_x64.bat %VC_VERSION_NBRE% del LICENSE del License.txt del NOTICE +del License.rtf +del VeraCrypt.ico +del VeraCrypt_setup_background.bmp +del VeraCrypt_setup.bmp +del Setup.ico del "VeraCrypt User Guide.chm" - del Languages.zip del docs.zip rmdir /S /Q Languages @@ -58,6 +63,6 @@ rmdir /S /Q docs cd %SIGNINGPATH% rem sign using SHA-256 -signtool sign /v /sha1 04141E4EA6D9343CEC994F6C099DC09BDD8937C9 /ac GlobalSign_SHA256_EV_CodeSigning_CA.cer /fd sha256 /tr http://rfc3161timestamp.globalsign.com/advanced /td SHA256 "..\Release\Setup Files\VeraCrypt Setup %VC_VERSION%.exe" "..\Release\Setup Files\VeraCrypt Portable %VC_VERSION%.exe" +signtool sign /v /sha1 04141E4EA6D9343CEC994F6C099DC09BDD8937C9 /ac GlobalSign_SHA256_EV_CodeSigning_CA.cer /fd sha256 /tr http://rfc3161timestamp.globalsign.com/advanced /td SHA256 "..\Release\Setup Files\VeraCrypt Setup %VC_VERSION%.exe" "..\Release\Setup Files\VeraCrypt Portable %VC_VERSION%.exe" "..\Release\Setup Files\bin\VeraCrypt_%VC_VERSION_NBRE%_Setup_x64.msi" "..\Release\Setup Files\bin\VeraCrypt_%VC_VERSION_NBRE%_Setup_x64_en-us.msi" pause diff --git a/src/Signing/sign.bat b/src/Signing/sign.bat index f4efacdd..15dca15d 100644 --- a/src/Signing/sign.bat +++ b/src/Signing/sign.bat @@ -1,6 +1,7 @@ PATH=%PATH%;%WSDK81%\bin\x86;C:\Program Files\7-Zip;C:\Program Files (x86)\7-Zip set VC_VERSION=1.24-Update9 +set VC_VERSION_NBRE=1.24.25 set SIGNINGPATH=%~dp0 cd %SIGNINGPATH% @@ -9,47 +10,51 @@ call "..\..\doc\chm\create_chm.bat" cd %SIGNINGPATH% rem sign using SHA-1 -signtool sign /v /sha1 85aa2e55cfb9c38fe474c58b38e9521450cd9306 /ac DigiCert_Assured_ID_MS_Cross_Cert.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" -signtool sign /v /sha1 85aa2e55cfb9c38fe474c58b38e9521450cd9306 /ac DigiCert_Assured_ID_Code_Signing_CA.cer /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe" +signtool sign /v /sha1 85aa2e55cfb9c38fe474c58b38e9521450cd9306 /ac DigiCert_Assured_ID_MS_Cross_Cert.crt /fd sha1 /t http://timestamp.digicert.com "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" +signtool sign /v /sha1 85aa2e55cfb9c38fe474c58b38e9521450cd9306 /ac DigiCert_Assured_ID_Code_Signing_CA.cer /fd sha1 /t http://timestamp.digicert.com "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe" "..\Release\Setup Files\VeraCrypt COMReg.exe" timeout /t 10 rem sign using SHA-256 signtool sign /v /sha1 04141E4EA6D9343CEC994F6C099DC09BDD8937C9 /ac GlobalSign_R3Cross.cer /as /fd sha256 /tr http://rfc3161timestamp.globalsign.com/advanced /td SHA256 "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" -signtool sign /v /sha1 04141E4EA6D9343CEC994F6C099DC09BDD8937C9 /ac GlobalSign_SHA256_EV_CodeSigning_CA.cer /as /fd sha256 /tr http://rfc3161timestamp.globalsign.com/advanced /td SHA256 "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe" - +signtool sign /v /sha1 04141E4EA6D9343CEC994F6C099DC09BDD8937C9 /ac GlobalSign_SHA256_EV_CodeSigning_CA.cer /as /fd sha256 /tr http://rfc3161timestamp.globalsign.com/advanced /td SHA256 "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe" "..\Release\Setup Files\VeraCrypt COMReg.exe" +rem create setup and MSI cd "..\Release\Setup Files\" - copy ..\..\LICENSE . copy ..\..\License.txt . copy ..\..\NOTICE . - +copy ..\..\Resources\Texts\License.rtf . +copy ..\..\Common\VeraCrypt.ico . +copy ..\..\Setup\VeraCrypt_setup_background.bmp . +copy ..\..\Setup\VeraCrypt_setup.bmp . +copy ..\..\Setup\Setup.ico . del *.xml rmdir /S /Q Languages mkdir Languages copy /V /Y ..\..\..\Translations\*.xml Languages\. del Languages.zip 7z a -y Languages.zip Languages - rmdir /S /Q docs mkdir docs\html\en mkdir docs\EFI-DCS copy /V /Y ..\..\..\doc\html\* docs\html\en\. copy "..\..\..\doc\chm\VeraCrypt User Guide.chm" docs\. copy "..\..\..\doc\EFI-DCS\*.pdf" docs\EFI-DCS\. - del docs.zip 7z a -y docs.zip docs - "VeraCrypt Setup.exe" /p "VeraCrypt Portable.exe" /p - +call build_msi_x64.bat %VC_VERSION_NBRE% del LICENSE del License.txt del NOTICE +del License.rtf +del VeraCrypt.ico +del VeraCrypt_setup_background.bmp +del VeraCrypt_setup.bmp +del Setup.ico del "VeraCrypt User Guide.chm" - del Languages.zip del docs.zip rmdir /S /Q Languages @@ -57,13 +62,18 @@ rmdir /S /Q docs cd %SIGNINGPATH% +rem Can't dual-sign MSI files when using signtool (only jsign / osslsigncode can do that) + rem sign using SHA-1 -signtool sign /v /sha1 85aa2e55cfb9c38fe474c58b38e9521450cd9306 /ac DigiCert_Assured_ID_Code_Signing_CA.cer /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup %VC_VERSION%.exe" "..\Release\Setup Files\VeraCrypt Portable %VC_VERSION%.exe" +signtool sign /v /sha1 85aa2e55cfb9c38fe474c58b38e9521450cd9306 /ac DigiCert_Assured_ID_Code_Signing_CA.cer /fd sha1 /t http://timestamp.digicert.com "..\Release\Setup Files\VeraCrypt Setup %VC_VERSION%.exe" "..\Release\Setup Files\VeraCrypt Portable %VC_VERSION%.exe" timeout /t 10 -rem sign using SHA-256 -signtool sign /v /sha1 04141E4EA6D9343CEC994F6C099DC09BDD8937C9 /ac GlobalSign_SHA256_EV_CodeSigning_CA.cer /as /fd sha256 /tr http://rfc3161timestamp.globalsign.com/advanced /td SHA256 "..\Release\Setup Files\VeraCrypt Setup %VC_VERSION%.exe" "..\Release\Setup Files\VeraCrypt Portable %VC_VERSION%.exe" +rem dual sign Setup using SHA-256 +signtool sign /v /sha1 04141E4EA6D9343CEC994F6C099DC09BDD8937C9 /ac GlobalSign_SHA256_EV_CodeSigning_CA.cer /as /fd sha256 /tr http://rfc3161timestamp.globalsign.com/advanced /td SHA256 "..\Release\Setup Files\VeraCrypt Setup %VC_VERSION%.exe" "..\Release\Setup Files\VeraCrypt Portable %VC_VERSION%.exe" "..\Release\Setup Files\bin\VeraCrypt_%VC_VERSION_NBRE%_Setup_x64.msi" "..\Release\Setup Files\bin\VeraCrypt_%VC_VERSION_NBRE%_Setup_x64_en-us.msi" + +rem single sign MSI using SHA-256 +signtool sign /v /sha1 04141E4EA6D9343CEC994F6C099DC09BDD8937C9 /ac GlobalSign_SHA256_EV_CodeSigning_CA.cer /fd sha256 /tr http://rfc3161timestamp.globalsign.com/advanced /td SHA256 "..\Release\Setup Files\bin\VeraCrypt_%VC_VERSION_NBRE%_Setup_x64.msi" "..\Release\Setup Files\bin\VeraCrypt_%VC_VERSION_NBRE%_Setup_x64_en-us.msi" move "..\Release\Setup Files\VeraCrypt Setup %VC_VERSION%.exe" "..\Release\Setup Files\VeraCrypt Legacy Setup %VC_VERSION%.exe" move "..\Release\Setup Files\VeraCrypt Portable %VC_VERSION%.exe" "..\Release\Setup Files\VeraCrypt Legacy Portable %VC_VERSION%.exe" diff --git a/src/Signing/sign_test.bat b/src/Signing/sign_test.bat index 858e545f..9e4b2e87 100644 --- a/src/Signing/sign_test.bat +++ b/src/Signing/sign_test.bat @@ -1,5 +1,6 @@ PATH=%PATH%;%WSDK81%\bin\x86;C:\Program Files\7-Zip;C:\Program Files (x86)\7-Zip set VC_VERSION=1.24-Update9 +set VC_VERSION_NBRE=1.24.25 set PFXNAME=TestCertificate\idrix_codeSign.pfx set PFXPASSWORD=idrix set PFXCA=TestCertificate\idrix_TestRootCA.crt @@ -15,43 +16,48 @@ call "..\..\doc\chm\create_chm.bat" cd %SIGNINGPATH% rem sign using SHA-1 -signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac %PFXCA% /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe" +signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac %PFXCA% /fd sha1 /t http://timestamp.digicert.com "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe" "..\Release\Setup Files\VeraCrypt COMReg.exe" timeout /t 10 rem sign using SHA-256 -signtool sign /v /a /f %SHA256PFXNAME% /p %SHA256PFXPASSWORD% /ac %SHA256PFXCA% /as /fd sha256 /tr http://rfc3161timestamp.globalsign.com/advanced /td SHA256 "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\veracrypt-arm64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe" "..\Release\Setup Files\VeraCrypt-arm64.exe" "..\Release\Setup Files\VeraCrypt Format-arm64.exe" "..\Release\Setup Files\VeraCryptExpander-arm64.exe" +signtool sign /v /a /f %SHA256PFXNAME% /p %SHA256PFXPASSWORD% /ac %SHA256PFXCA% /as /fd sha256 /tr http://rfc3161timestamp.globalsign.com/advanced /td SHA256 "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\veracrypt-arm64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe" "..\Release\Setup Files\VeraCrypt-arm64.exe" "..\Release\Setup Files\VeraCrypt Format-arm64.exe" "..\Release\Setup Files\VeraCryptExpander-arm64.exe" "..\Release\Setup Files\VeraCrypt COMReg.exe" +rem create setup and MSI cd "..\Release\Setup Files\" - copy ..\..\LICENSE . copy ..\..\License.txt . copy ..\..\NOTICE . - +copy ..\..\Resources\Texts\License.rtf . +copy ..\..\Common\VeraCrypt.ico . +copy ..\..\Setup\VeraCrypt_setup_background.bmp . +copy ..\..\Setup\VeraCrypt_setup.bmp . +copy ..\..\Setup\Setup.ico . del *.xml rmdir /S /Q Languages mkdir Languages copy /V /Y ..\..\..\Translations\*.xml Languages\. del Languages.zip 7z a -y Languages.zip Languages - rmdir /S /Q docs mkdir docs\html\en mkdir docs\EFI-DCS copy /V /Y ..\..\..\doc\html\* docs\html\en\. copy "..\..\..\doc\chm\VeraCrypt User Guide.chm" docs\. copy "..\..\..\doc\EFI-DCS\*.pdf" docs\EFI-DCS\. - del docs.zip 7z a -y docs.zip docs - "VeraCrypt Setup.exe" /p - +call build_msi_x64.bat %VC_VERSION_NBRE% del LICENSE del License.txt del NOTICE +del License.rtf +del VeraCrypt.ico +del VeraCrypt_setup_background.bmp +del VeraCrypt_setup.bmp +del Setup.ico del "VeraCrypt User Guide.chm" - del Languages.zip del docs.zip rmdir /S /Q Languages @@ -59,12 +65,17 @@ rmdir /S /Q docs cd %SIGNINGPATH% +rem Can't dual-sign MSI files when using signtool (only jsign / osslsigncode can do that) + rem sign using SHA-1 -signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac %PFXCA% /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup %VC_VERSION%.exe" +signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac %PFXCA% /fd sha1 /t http://timestamp.digicert.com "..\Release\Setup Files\VeraCrypt Setup %VC_VERSION%.exe" timeout /t 10 -rem sign using SHA-256 +rem dual-sign Setup using SHA-256 signtool sign /v /a /f %SHA256PFXNAME% /p %SHA256PFXPASSWORD% /ac %SHA256PFXCA% /as /fd sha256 /tr http://rfc3161timestamp.globalsign.com/advanced /td SHA256 "..\Release\Setup Files\VeraCrypt Setup %VC_VERSION%.exe" +rem single sign MSI using SHA-256 +signtool sign /v /a /f %SHA256PFXNAME% /p %SHA256PFXPASSWORD% /ac %SHA256PFXCA% /fd sha256 /tr http://rfc3161timestamp.globalsign.com/advanced /td SHA256 "..\Release\Setup Files\bin\VeraCrypt_%VC_VERSION_NBRE%_Setup_x64.msi" "..\Release\Setup Files\bin\VeraCrypt_%VC_VERSION_NBRE%_Setup_x64_en-us.msi" + pause \ No newline at end of file diff --git a/src/Signing/sign_test_debug.bat b/src/Signing/sign_test_debug.bat index 9cf8e562..4b5e33ac 100644 --- a/src/Signing/sign_test_debug.bat +++ b/src/Signing/sign_test_debug.bat @@ -1,5 +1,6 @@ PATH=%PATH%;%WSDK81%\bin\x86;C:\Program Files\7-Zip;C:\Program Files (x86)\7-Zip set VC_VERSION=1.24-Update9 +set VC_VERSION_NBRE=1.24.25 set PFXNAME=TestCertificate\idrix_codeSign.pfx set PFXPASSWORD=idrix set PFXCA=TestCertificate\idrix_TestRootCA.crt @@ -15,26 +16,29 @@ call "..\..\doc\chm\create_chm.bat" cd %SIGNINGPATH% rem sign using SHA-1 -signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac %PFXCA% /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Debug\Setup Files\veracrypt.sys" "..\Debug\Setup Files\veracrypt-x64.sys" "..\Debug\Setup Files\VeraCrypt.exe" "..\Debug\Setup Files\VeraCrypt Format.exe" "..\Debug\Setup Files\VeraCryptExpander.exe" "..\Debug\Setup Files\VeraCrypt-x64.exe" "..\Debug\Setup Files\VeraCrypt Format-x64.exe" "..\Debug\Setup Files\VeraCryptExpander-x64.exe" +signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac %PFXCA% /fd sha1 /t http://timestamp.digicert.com "..\Debug\Setup Files\veracrypt.sys" "..\Debug\Setup Files\veracrypt-x64.sys" "..\Debug\Setup Files\VeraCrypt.exe" "..\Debug\Setup Files\VeraCrypt Format.exe" "..\Debug\Setup Files\VeraCryptExpander.exe" "..\Debug\Setup Files\VeraCrypt-x64.exe" "..\Debug\Setup Files\VeraCrypt Format-x64.exe" "..\Debug\Setup Files\VeraCryptExpander-x64.exe" "..\Debug\Setup Files\VeraCrypt COMReg.exe" timeout /t 10 rem sign using SHA-256 -signtool sign /v /a /f %SHA256PFXNAME% /p %SHA256PFXPASSWORD% /ac %SHA256PFXCA% /as /fd sha256 /tr http://rfc3161timestamp.globalsign.com/advanced /td SHA256 "..\Debug\Setup Files\veracrypt.sys" "..\Debug\Setup Files\veracrypt-x64.sys" "..\Debug\Setup Files\veracrypt-arm64.sys" "..\Debug\Setup Files\VeraCrypt.exe" "..\Debug\Setup Files\VeraCrypt Format.exe" "..\Debug\Setup Files\VeraCryptExpander.exe" "..\Debug\Setup Files\VeraCrypt-x64.exe" "..\Debug\Setup Files\VeraCrypt Format-x64.exe" "..\Debug\Setup Files\VeraCryptExpander-x64.exe" "..\Debug\Setup Files\VeraCrypt-arm64.exe" "..\Debug\Setup Files\VeraCrypt Format-arm64.exe" "..\Debug\Setup Files\VeraCryptExpander-arm64.exe" +signtool sign /v /a /f %SHA256PFXNAME% /p %SHA256PFXPASSWORD% /ac %SHA256PFXCA% /as /fd sha256 /tr http://rfc3161timestamp.globalsign.com/advanced /td SHA256 "..\Debug\Setup Files\veracrypt.sys" "..\Debug\Setup Files\veracrypt-x64.sys" "..\Debug\Setup Files\veracrypt-arm64.sys" "..\Debug\Setup Files\VeraCrypt.exe" "..\Debug\Setup Files\VeraCrypt Format.exe" "..\Debug\Setup Files\VeraCryptExpander.exe" "..\Debug\Setup Files\VeraCrypt-x64.exe" "..\Debug\Setup Files\VeraCrypt Format-x64.exe" "..\Debug\Setup Files\VeraCryptExpander-x64.exe" "..\Debug\Setup Files\VeraCrypt-arm64.exe" "..\Debug\Setup Files\VeraCrypt Format-arm64.exe" "..\Debug\Setup Files\VeraCryptExpander-arm64.exe" "..\Debug\Setup Files\VeraCrypt COMReg.exe" +rem create setup and MSI cd "..\Debug\Setup Files\" - copy ..\..\LICENSE . copy ..\..\License.txt . copy ..\..\NOTICE . - +copy ..\..\Resources\Texts\License.rtf . +copy ..\..\Common\VeraCrypt.ico . +copy ..\..\Setup\VeraCrypt_setup_background.bmp . +copy ..\..\Setup\VeraCrypt_setup.bmp . +copy ..\..\Setup\Setup.ico . del *.xml rmdir /S /Q Languages mkdir Languages copy /V /Y ..\..\..\Translations\*.xml Languages\. del Languages.zip 7z a -y Languages.zip Languages - rmdir /S /Q docs mkdir docs\html\en mkdir docs\EFI-DCS @@ -43,17 +47,19 @@ copy "..\..\..\doc\chm\VeraCrypt User Guide.chm" docs\. copy "..\..\..\doc\EFI-DCS\*.pdf" docs\EFI-DCS\. copy "..\..\Release\Setup Files\*.cat" . copy "..\..\Release\Setup Files\veracrypt.inf" . - del docs.zip 7z a -y docs.zip docs - "VeraCrypt Setup.exe" /p - +call build_msi_x64.bat %VC_VERSION_NBRE% del LICENSE del License.txt del NOTICE +del License.rtf +del VeraCrypt.ico +del VeraCrypt_setup_background.bmp +del VeraCrypt_setup.bmp +del Setup.ico del "VeraCrypt User Guide.chm" - del Languages.zip del docs.zip rmdir /S /Q Languages @@ -61,12 +67,17 @@ rmdir /S /Q docs cd %SIGNINGPATH% +rem Can't dual-sign MSI files when using signtool (only jsign / osslsigncode can do that) + rem sign using SHA-1 -signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac %PFXCA% /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Debug\Setup Files\VeraCrypt Setup %VC_VERSION%.exe" +signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac %PFXCA% /fd sha1 /t http://timestamp.digicert.com "..\Debug\Setup Files\VeraCrypt Setup %VC_VERSION%.exe" timeout /t 10 -rem sign using SHA-256 +rem dual-sign Setup using SHA-256 signtool sign /v /a /f %SHA256PFXNAME% /p %SHA256PFXPASSWORD% /ac %SHA256PFXCA% /as /fd sha256 /tr http://rfc3161timestamp.globalsign.com/advanced /td SHA256 "..\Debug\Setup Files\VeraCrypt Setup %VC_VERSION%.exe" +rem single sign MSI using SHA-256 +signtool sign /v /a /f %SHA256PFXNAME% /p %SHA256PFXPASSWORD% /ac %SHA256PFXCA% /fd sha256 /tr http://rfc3161timestamp.globalsign.com/advanced /td SHA256 "..\Debug\Setup Files\bin\VeraCrypt_%VC_VERSION_NBRE%_Setup_x64.msi" "..\Debug\Setup Files\bin\VeraCrypt_%VC_VERSION_NBRE%_Setup_x64_en-us.msi" + pause \ No newline at end of file -- cgit v1.2.3