Commit a34879eb authored by unknown's avatar unknown

Bug#24732 Executables do not include Vista manifests

- Sign executables with MySQL AB security certificate.


BitKeeper/etc/ignore:
  Bug#24732 Executables do not include Vista manifests
  - Ignore security catalog descriptions
CMakeLists.txt:
  Bug#24732 Executables do not include Vista manifests
  - Search for additional tools necessary to embed, catalog and sign
  targets.
win/README:
  Bug#24732 Executables do not include Vista manifests
  - Add internal only note to EMBED_MANIFESTS option.
win/create_manifest.js:
  Bug#24732 Executables do not include Vista manifests
  - Added publicKeyToken attribute to manifest.
win/mysql_manifest.cmake:
  Bug#24732 Executables do not include Vista manifests
  - Add additional commands to create security catalog and sign 
  targets.
  - Add parameters to add appropiate hash attribute to manifest
  and create security content description of the security catalog.
parent 1370b325
......@@ -6,6 +6,7 @@
*.bin
*.vcproj.cmake
cmake_install.cmake
*.cdf
*.core
*.d
*.da
......
......@@ -139,21 +139,47 @@ ENDIF(CMAKE_GENERATOR MATCHES "Visual Studio 7" OR
ADD_DEFINITIONS("-D_WINDOWS -D__WIN__ -D _CRT_SECURE_NO_DEPRECATE")
IF(EMBED_MANIFESTS)
# Search for the Manifest tool. CMake will first search it's defaults
# (CMAKE_FRAMEWORK_PATH, CMAKE_APPBUNDLE_PATH, CMAKE_PROGRAM_PATH and
# the system PATH) followed by the listed paths which are the current
# possible defaults and should be updated when necessary. The custom
# manifests are designed to be compatible with all mt versions.
# Search for the tools (mt, makecat, signtool) necessary for embedding
# manifests and signing executables with the MySQL AB authenticode cert.
#
# CMake will first search it's defaults (CMAKE_FRAMEWORK_PATH,
# CMAKE_APPBUNDLE_PATH, CMAKE_PROGRAM_PATH and the system PATH) followed
# by the listed paths which are the current possible defaults and should be
# updated when necessary.
#
# The custom manifests are designed to be compatible with all mt versions.
# The MySQL AB Authenticode certificate is available only internally.
# Others should store a single signing certificate in a local cryptographic
# service provider and alter the signtool command as necessary.
FIND_PROGRAM(HAVE_MANIFEST_TOOL NAMES mt
PATHS
"$ENV{PROGRAMFILES}/Microsoft Visual Studio 8/VC/bin"
"$ENV{PROGRAMFILES}/Microsoft Visual Studio 8/Common7/Tools/Bin"
"$ENV{PROGRAMFILES}/Microsoft Visual Studio 8/SDK/v2.0/Bin")
FIND_PROGRAM(HAVE_CATALOG_TOOL NAMES makecat
PATHS
"$ENV{PROGRAMFILES}/Microsoft Visual Studio 8/Common7/Tools/Bin")
FIND_PROGRAM(HAVE_SIGN_TOOL NAMES signtool
PATHS
"$ENV{PROGRAMFILES}/Microsoft Visual Studio 8/Common7/Tools/Bin"
"$ENV{PROGRAMFILES}/Microsoft Visual Studio 8/SDK/v2.0/Bin")
IF(HAVE_MANIFEST_TOOL)
MESSAGE(STATUS "Found Mainfest Tool. Embedding custom manifests.")
MESSAGE(STATUS "Found Mainfest Tool.")
ELSE(HAVE_MANIFEST_TOOL)
MESSAGE(FATAL_ERROR "Manifest tool, mt.exe, can't be found.")
ENDIF(HAVE_MANIFEST_TOOL)
IF(HAVE_CATALOG_TOOL)
MESSAGE(STATUS "Found Catalog Tool.")
ELSE(HAVE_CATALOG_TOOL)
MESSAGE(FATAL_ERROR "Catalog tool, makecat.exe, can't be found.")
ENDIF(HAVE_CATALOG_TOOL)
IF(HAVE_SIGN_TOOL)
MESSAGE(STATUS "Found Sign Tool. Embedding custom manifests and signing executables.")
ELSE(HAVE_SIGN_TOOL)
MESSAGE(FATAL_ERROR "Sign tool, signtool.exe, can't be found.")
ENDIF(HAVE_SIGN_TOOL)
# Disable automatic manifest generation.
STRING(REPLACE "/MANIFEST" "/MANIFEST:NO" CMAKE_EXE_LINKER_FLAGS
${CMAKE_EXE_LINKER_FLAGS})
......
......@@ -51,7 +51,8 @@ The options right now are
DISABLE_GRANT_OPTIONS Disables the use of --init-file and --skip-grant-tables
options of mysqld.exe
EMBED_MANIFESTS Embed custom manifests into final exes, otherwise VS
default will be used.
default will be used. (Note - This option should only be
used by MySQL AB.)
So the command line could look like:
......
......@@ -56,7 +56,7 @@ try
manifest_xml+= "\t<assemblyIdentity name=\'" + app_name + "\'";
manifest_xml+= " version=\'" + app_version + "\'";
manifest_xml+= " processorArchitecture=\'" + app_arch + "\'";
// TOADD - Add publicKeyToken attribute once we have Authenticode key.
manifest_xml+= " publicKeyToken=\'02ad33b422233ae3\'";
manifest_xml+= " type=\'win32\' />\r\n";
// Identify the application security requirements.
manifest_xml+= "\t<trustInfo xmlns=\'urn:schemas-microsoft-com:asm.v2\'>\r\n";
......
......@@ -14,7 +14,8 @@ MACRO(MYSQL_EMBED_MANIFEST _target_name _required_privs)
ADD_CUSTOM_COMMAND(
TARGET ${_target_name}
POST_BUILD
COMMAND mt.exe
ARGS -nologo -manifest $(IntDir)\\$(TargetFileName).intermediate.manifest -outputresource:$(TargetPath)
COMMENT "Embeds the manifest contents.")
COMMAND mt.exe ARGS -nologo -hashupdate -makecdfs -manifest $(IntDir)\\$(TargetFileName).intermediate.manifest -outputresource:$(TargetPath)
COMMAND makecat.exe ARGS $(IntDir)\\$(TargetFileName).intermediate.manifest.cdf
COMMAND signtool.exe ARGS sign /a /t http://timestamp.verisign.com/scripts/timstamp.dll $(TargetPath)
COMMENT "Embeds the manifest contents, creates a cryptographic catalog, signs the target with Authenticode certificate.")
ENDMACRO(MYSQL_EMBED_MANIFEST)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment