From: Eric Bollengier <eric@baculasystems.com>
Date: Thu, 4 Feb 2021 08:17:45 +0000 (+0100)
Subject: win32: backport sining tools
X-Git-Tag: Release-11.0.1~9
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=24abfdba0a38615e0f0c2f05e2212dd452223698;p=thirdparty%2Fbacula.git

win32: backport sining tools
---

diff --git a/bacula/src/win32/sign-binaries b/bacula/src/win32/sign-binaries
new file mode 100755
index 000000000..a7152180f
--- /dev/null
+++ b/bacula/src/win32/sign-binaries
@@ -0,0 +1,36 @@
+#!/bin/sh
+# Copyright (C) 2000-2021 Kern Sibbald
+# License: BSD 2-Clause; see file LICENSE-FOSS
+#
+# Sign binaries if possible with sign_exe script
+
+DIR=$1
+
+if [ "$DIR" = "" ]; then
+    echo "Usage: $0 <directory> | <file> <file> <file>"
+    exit 1
+fi
+
+if ! which sign_exe > /dev/null 2> /dev/null
+then
+   exit 0
+fi
+
+RET=0
+
+if [ -d "$DIR" ]; then
+    for F in "$DIR"/*.exe "$DIR"/*.dll
+    do
+        sign_exe "$F"
+        RET=`expr $RET + $?`
+    done
+
+else
+    for F in $*
+    do
+        sign_exe "$F"
+        RET=`expr $RET + $?`
+    done
+fi
+
+exit $RET
diff --git a/bacula/src/win32/sign-check b/bacula/src/win32/sign-check
new file mode 100755
index 000000000..4eb350688
--- /dev/null
+++ b/bacula/src/win32/sign-check
@@ -0,0 +1,53 @@
+#!/bin/sh
+# Copyright (C) 2000-2021 Kern Sibbald
+# License: BSD 2-Clause; see file LICENSE-FOSS
+#
+# Check if binaries are signed
+
+DIR=$1
+
+if [ "$DIR" = "" ]; then
+    echo "Usage: $0 <directory> | <file> <file> <file>"
+    exit 1
+fi
+
+if ! which osslsigncode > /dev/null 2> /dev/null
+then
+   echo "INFO: Not checking signature"
+   exit 0
+fi
+
+# Custom program to sign an executable
+if ! which sign_exe > /dev/null 2> /dev/null
+then
+   echo "INFO: Not checking signature"
+   exit 0
+fi
+
+RET=0
+
+if [ -d "$DIR" ]; then
+    for F in "$DIR"/*.exe "$DIR"/*.dll
+    do
+        osslsigncode verify "$F" | grep "Signature verification: ok"
+        if [ $? != 0 ]; then
+            echo "Signature verification: failed for $F"
+            RET=1
+        fi
+    done
+
+else
+    for F in $*
+    do
+        osslsigncode verify "$F" | grep "Signature verification: ok"
+        if [ $? != 0 ]; then
+            echo "Signature verification: failed for $F"
+            RET=1
+        fi
+    done
+fi
+
+if [ $RET != 0 ]; then
+    echo "ERROR: Some files are not signed correctly"
+fi
+exit $RET