Unverified Commit c0915fc6 authored by Georg Koppen's avatar Georg Koppen
Browse files

Bug 24561: Add our scripts to check the authenticode/mar signing

parent 813aefd1
#!/bin/sh
# Copyright (c) 2017, The Tor Project, Inc.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following disclaimer
# in the documentation and/or other materials provided with the
# distribution.
#
# * Neither the names of the copyright owners nor the names of its
# contributors may be used to endorse or promote products derived from
# this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Usage:
# 1) Let OSSLSIGNCODE point to your osslsigncode binary
# 2) Change into the directory containing the .exe files and the sha256sums-unsigned-build.txt
# 3) Run /path/to/authenticode_check.sh
if [ -z "$OSSLSIGNCODE" ]
then
echo "The path to your osslsigncode binary is missing!"
exit 1
fi
UNSIGNED_BUNDLES=0
BADSIGNED_BUNDLES=0
mkdir tmp
for f in `ls *.exe`; do
SHA256_TXT=`grep "$f" sha256sums-unsigned-build.txt`
# Test 1: Is the .exe file still unsigned? I.e. does its SHA-256 sum still
# match the one we had before we signed the .exe file? If so, notify us
# later and exit.
if [ "$SHA256_TXT" = "`sha256sum $f`" ]
then
echo "$f has still the SHA-256 sum of the unsigned bundle!"
UNSIGNED_BUNDLES=`expr $UNSIGNED_BUNDLES + 1`
fi
# Test 2: Do we get the old SHA-256 sum after stripping the authenticode
# signature? If not, notify us later and exit.
if [ "$UNSIGNED_BUNDLES" = "0" ]
then
# At least we seem to have attempted to sign the bundle. Let's see if we
# succeeded by stripping the signature. This behavior is reproducible.
# Thus, we know if we don't get the same SHA-256 sum we did not sign the
# bundle correctly.
echo "Trying to strip the authenticode signature of $f..."
${OSSLSIGNCODE} remove-signature $f tmp/$f
cd tmp
if ! [ "$SHA256_TXT" = "`sha256sum $f`" ]
then
echo "$f does not have the SHA-256 sum of the unsigned bundle!"
BADSIGNED_BUNDLES=`expr $BADSIGNED_BUNDLES + 1`
fi
cd ..
fi
done
rm -rf tmp/
if ! [ "$UNSIGNED_BUNDLES" = "0" ]
then
echo "We got $UNSIGNED_BUNDLES unsigned bundle(s), exiting..."
exit 1
fi
if ! [ "$BADSIGNED_BUNDLES" = "0" ]
then
echo "We got $BADSIGNED_BUNDLES badly signed bundle(s), exiting..."
exit 1
fi
echo "The signatures are fine."
exit 0
#!/bin/sh
# Copyright (c) 2016, The Tor Project, Inc.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following disclaimer
# in the documentation and/or other materials provided with the
# distribution.
#
# * Neither the names of the copyright owners nor the names of its
# contributors may be used to endorse or promote products derived from
# this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Usage:
# 1) Let SIGNMAR point to your signmar binary
# 2) Let LD_LIBRARY_PATH point to the mar-tools directory
# 3) Change into the directory containing the MAR files and the
# sha256sums-unsigned-build.txt/sha256sums-unsigned-build.incrementals.txt.
# 4) Run /path/to/marsigning_check.sh
if [ -z "$SIGNMAR" ]
then
echo "The path to your signmar binary is missing!"
exit 1
fi
if [ -z "$LD_LIBRARY_PATH" ]
then
echo "The library search path to your mar-tools directory is missing!"
exit 1
fi
UNSIGNED_MARS=0
BADSIGNED_MARS=0
mkdir tmp
for f in `ls *.mar`; do
case $f in
*.incremental.mar) SHA256_TXT=`grep "$f" \
sha256sums-unsigned-build.incrementals.txt`;;
*) SHA256_TXT=`grep "$f" sha256sums-unsigned-build.txt`;;
esac
# Test 1: Is the .mar file still unsigned? I.e. does its SHA-256 sum still
# match the one we had before we signed it? If so, notify us later and exit.
if [ "$SHA256_TXT" = "`sha256sum $f`" ]
then
echo "$f has still the SHA-256 sum of the unsigned MAR file!"
UNSIGNED_MARS=`expr $UNSIGNED_MARS + 1`
fi
# Test 2: Do we get the old SHA-256 sum after stripping the MAR signature? If
# not, notify us later and exit.
if [ "$UNSIGNED_MARS" = "0" ]
then
# At least we seem to have attempted to sign the MAR file. Let's see if we
# succeeded by stripping the signature. This behavior is reproducible.
# Thus, we know if we don't get the same SHA-256 sum we did not sign the
# bundle correctly.
echo "Trying to strip the MAR signature of $f..."
${SIGNMAR} -r $f tmp/$f
cd tmp
if ! [ "$SHA256_TXT" = "`sha256sum $f`" ]
then
echo "$f does not have the SHA-256 sum of the unsigned MAR file!"
BADSIGNED_MARS=`expr $BADSIGNED_MARS + 1`
fi
cd ..
fi
done
rm -rf tmp/
if ! [ "$UNSIGNED_MARS" = "0" ]
then
echo "We got $UNSIGNED_MARS unsigned MAR file(s), exiting..."
exit 1
fi
if ! [ "$BADSIGNED_MARS" = "0" ]
then
echo "We got $BADSIGNED_MARS badly signed MAR file(s), exiting..."
exit 1
fi
echo "The signatures are fine."
exit 0
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment