Commit a34879eb authored by unknown's avatar unknown

Bug#24732 Executables do not include Vista manifests

- Sign executables with MySQL AB security certificate.


BitKeeper/etc/ignore:
  Bug#24732 Executables do not include Vista manifests
  - Ignore security catalog descriptions
CMakeLists.txt:
  Bug#24732 Executables do not include Vista manifests
  - Search for additional tools necessary to embed, catalog and sign
  targets.
win/README:
  Bug#24732 Executables do not include Vista manifests
  - Add internal only note to EMBED_MANIFESTS option.
win/create_manifest.js:
  Bug#24732 Executables do not include Vista manifests
  - Added publicKeyToken attribute to manifest.
win/mysql_manifest.cmake:
  Bug#24732 Executables do not include Vista manifests
  - Add additional commands to create security catalog and sign 
  targets.
  - Add parameters to add appropiate hash attribute to manifest
  and create security content description of the security catalog.
parent 1370b325
...@@ -6,6 +6,7 @@ ...@@ -6,6 +6,7 @@
*.bin *.bin
*.vcproj.cmake *.vcproj.cmake
cmake_install.cmake cmake_install.cmake
*.cdf
*.core *.core
*.d *.d
*.da *.da
......
...@@ -139,21 +139,47 @@ ENDIF(CMAKE_GENERATOR MATCHES "Visual Studio 7" OR ...@@ -139,21 +139,47 @@ ENDIF(CMAKE_GENERATOR MATCHES "Visual Studio 7" OR
ADD_DEFINITIONS("-D_WINDOWS -D__WIN__ -D _CRT_SECURE_NO_DEPRECATE") ADD_DEFINITIONS("-D_WINDOWS -D__WIN__ -D _CRT_SECURE_NO_DEPRECATE")
IF(EMBED_MANIFESTS) IF(EMBED_MANIFESTS)
# Search for the Manifest tool. CMake will first search it's defaults # Search for the tools (mt, makecat, signtool) necessary for embedding
# (CMAKE_FRAMEWORK_PATH, CMAKE_APPBUNDLE_PATH, CMAKE_PROGRAM_PATH and # manifests and signing executables with the MySQL AB authenticode cert.
# the system PATH) followed by the listed paths which are the current #
# possible defaults and should be updated when necessary. The custom # CMake will first search it's defaults (CMAKE_FRAMEWORK_PATH,
# manifests are designed to be compatible with all mt versions. # CMAKE_APPBUNDLE_PATH, CMAKE_PROGRAM_PATH and the system PATH) followed
# by the listed paths which are the current possible defaults and should be
# updated when necessary.
#
# The custom manifests are designed to be compatible with all mt versions.
# The MySQL AB Authenticode certificate is available only internally.
# Others should store a single signing certificate in a local cryptographic
# service provider and alter the signtool command as necessary.
FIND_PROGRAM(HAVE_MANIFEST_TOOL NAMES mt FIND_PROGRAM(HAVE_MANIFEST_TOOL NAMES mt
PATHS PATHS
"$ENV{PROGRAMFILES}/Microsoft Visual Studio 8/VC/bin" "$ENV{PROGRAMFILES}/Microsoft Visual Studio 8/VC/bin"
"$ENV{PROGRAMFILES}/Microsoft Visual Studio 8/Common7/Tools/Bin" "$ENV{PROGRAMFILES}/Microsoft Visual Studio 8/Common7/Tools/Bin"
"$ENV{PROGRAMFILES}/Microsoft Visual Studio 8/SDK/v2.0/Bin") "$ENV{PROGRAMFILES}/Microsoft Visual Studio 8/SDK/v2.0/Bin")
FIND_PROGRAM(HAVE_CATALOG_TOOL NAMES makecat
PATHS
"$ENV{PROGRAMFILES}/Microsoft Visual Studio 8/Common7/Tools/Bin")
FIND_PROGRAM(HAVE_SIGN_TOOL NAMES signtool
PATHS
"$ENV{PROGRAMFILES}/Microsoft Visual Studio 8/Common7/Tools/Bin"
"$ENV{PROGRAMFILES}/Microsoft Visual Studio 8/SDK/v2.0/Bin")
IF(HAVE_MANIFEST_TOOL) IF(HAVE_MANIFEST_TOOL)
MESSAGE(STATUS "Found Mainfest Tool. Embedding custom manifests.") MESSAGE(STATUS "Found Mainfest Tool.")
ELSE(HAVE_MANIFEST_TOOL) ELSE(HAVE_MANIFEST_TOOL)
MESSAGE(FATAL_ERROR "Manifest tool, mt.exe, can't be found.") MESSAGE(FATAL_ERROR "Manifest tool, mt.exe, can't be found.")
ENDIF(HAVE_MANIFEST_TOOL) ENDIF(HAVE_MANIFEST_TOOL)
IF(HAVE_CATALOG_TOOL)
MESSAGE(STATUS "Found Catalog Tool.")
ELSE(HAVE_CATALOG_TOOL)
MESSAGE(FATAL_ERROR "Catalog tool, makecat.exe, can't be found.")
ENDIF(HAVE_CATALOG_TOOL)
IF(HAVE_SIGN_TOOL)
MESSAGE(STATUS "Found Sign Tool. Embedding custom manifests and signing executables.")
ELSE(HAVE_SIGN_TOOL)
MESSAGE(FATAL_ERROR "Sign tool, signtool.exe, can't be found.")
ENDIF(HAVE_SIGN_TOOL)
# Disable automatic manifest generation. # Disable automatic manifest generation.
STRING(REPLACE "/MANIFEST" "/MANIFEST:NO" CMAKE_EXE_LINKER_FLAGS STRING(REPLACE "/MANIFEST" "/MANIFEST:NO" CMAKE_EXE_LINKER_FLAGS
${CMAKE_EXE_LINKER_FLAGS}) ${CMAKE_EXE_LINKER_FLAGS})
......
...@@ -51,7 +51,8 @@ The options right now are ...@@ -51,7 +51,8 @@ The options right now are
DISABLE_GRANT_OPTIONS Disables the use of --init-file and --skip-grant-tables DISABLE_GRANT_OPTIONS Disables the use of --init-file and --skip-grant-tables
options of mysqld.exe options of mysqld.exe
EMBED_MANIFESTS Embed custom manifests into final exes, otherwise VS EMBED_MANIFESTS Embed custom manifests into final exes, otherwise VS
default will be used. default will be used. (Note - This option should only be
used by MySQL AB.)
So the command line could look like: So the command line could look like:
......
...@@ -56,7 +56,7 @@ try ...@@ -56,7 +56,7 @@ try
manifest_xml+= "\t<assemblyIdentity name=\'" + app_name + "\'"; manifest_xml+= "\t<assemblyIdentity name=\'" + app_name + "\'";
manifest_xml+= " version=\'" + app_version + "\'"; manifest_xml+= " version=\'" + app_version + "\'";
manifest_xml+= " processorArchitecture=\'" + app_arch + "\'"; manifest_xml+= " processorArchitecture=\'" + app_arch + "\'";
// TOADD - Add publicKeyToken attribute once we have Authenticode key. manifest_xml+= " publicKeyToken=\'02ad33b422233ae3\'";
manifest_xml+= " type=\'win32\' />\r\n"; manifest_xml+= " type=\'win32\' />\r\n";
// Identify the application security requirements. // Identify the application security requirements.
manifest_xml+= "\t<trustInfo xmlns=\'urn:schemas-microsoft-com:asm.v2\'>\r\n"; manifest_xml+= "\t<trustInfo xmlns=\'urn:schemas-microsoft-com:asm.v2\'>\r\n";
......
...@@ -14,7 +14,8 @@ MACRO(MYSQL_EMBED_MANIFEST _target_name _required_privs) ...@@ -14,7 +14,8 @@ MACRO(MYSQL_EMBED_MANIFEST _target_name _required_privs)
ADD_CUSTOM_COMMAND( ADD_CUSTOM_COMMAND(
TARGET ${_target_name} TARGET ${_target_name}
POST_BUILD POST_BUILD
COMMAND mt.exe COMMAND mt.exe ARGS -nologo -hashupdate -makecdfs -manifest $(IntDir)\\$(TargetFileName).intermediate.manifest -outputresource:$(TargetPath)
ARGS -nologo -manifest $(IntDir)\\$(TargetFileName).intermediate.manifest -outputresource:$(TargetPath) COMMAND makecat.exe ARGS $(IntDir)\\$(TargetFileName).intermediate.manifest.cdf
COMMENT "Embeds the manifest contents.") COMMAND signtool.exe ARGS sign /a /t http://timestamp.verisign.com/scripts/timstamp.dll $(TargetPath)
COMMENT "Embeds the manifest contents, creates a cryptographic catalog, signs the target with Authenticode certificate.")
ENDMACRO(MYSQL_EMBED_MANIFEST) ENDMACRO(MYSQL_EMBED_MANIFEST)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment