From ee79ff0579e25eca9189d72019e5361404437794 Mon Sep 17 00:00:00 2001
From: Mounir IDRASSI <mounir.idrassi@idrix.fr>
Date: Mon, 22 Mar 2021 07:59:32 +0100
Subject: Windows: first implementation of MSI installer for silent mode
 deployment (ACCEPTLICENSE=YES must be set in msiexec command line)

---
 src/Signing/sign_test.bat | 33 ++++++++++++++++++++++-----------
 1 file changed, 22 insertions(+), 11 deletions(-)

(limited to 'src/Signing/sign_test.bat')

diff --git a/src/Signing/sign_test.bat b/src/Signing/sign_test.bat
index 858e545f..9e4b2e87 100644
--- a/src/Signing/sign_test.bat
+++ b/src/Signing/sign_test.bat
@@ -1,5 +1,6 @@
 PATH=%PATH%;%WSDK81%\bin\x86;C:\Program Files\7-Zip;C:\Program Files (x86)\7-Zip
 set VC_VERSION=1.24-Update9
+set VC_VERSION_NBRE=1.24.25
 set PFXNAME=TestCertificate\idrix_codeSign.pfx
 set PFXPASSWORD=idrix
 set PFXCA=TestCertificate\idrix_TestRootCA.crt
@@ -15,43 +16,48 @@ call "..\..\doc\chm\create_chm.bat"
 cd %SIGNINGPATH%
 
 rem sign using SHA-1
-signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac %PFXCA% /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
+signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac %PFXCA% /fd sha1 /t http://timestamp.digicert.com "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe" "..\Release\Setup Files\VeraCrypt COMReg.exe"
 
 timeout /t 10
 
 rem sign using SHA-256
-signtool sign /v /a /f %SHA256PFXNAME% /p %SHA256PFXPASSWORD% /ac %SHA256PFXCA% /as /fd sha256 /tr http://rfc3161timestamp.globalsign.com/advanced /td SHA256 "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\veracrypt-arm64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe" "..\Release\Setup Files\VeraCrypt-arm64.exe" "..\Release\Setup Files\VeraCrypt Format-arm64.exe" "..\Release\Setup Files\VeraCryptExpander-arm64.exe"
+signtool sign /v /a /f %SHA256PFXNAME% /p %SHA256PFXPASSWORD% /ac %SHA256PFXCA% /as /fd sha256 /tr http://rfc3161timestamp.globalsign.com/advanced /td SHA256 "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\veracrypt-arm64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe" "..\Release\Setup Files\VeraCrypt-arm64.exe" "..\Release\Setup Files\VeraCrypt Format-arm64.exe" "..\Release\Setup Files\VeraCryptExpander-arm64.exe" "..\Release\Setup Files\VeraCrypt COMReg.exe"
 
+rem create setup and MSI
 cd "..\Release\Setup Files\"
-
 copy ..\..\LICENSE .
 copy ..\..\License.txt .
 copy ..\..\NOTICE .
-
+copy ..\..\Resources\Texts\License.rtf .
+copy ..\..\Common\VeraCrypt.ico .
+copy ..\..\Setup\VeraCrypt_setup_background.bmp .
+copy ..\..\Setup\VeraCrypt_setup.bmp .
+copy ..\..\Setup\Setup.ico .
 del *.xml
 rmdir /S /Q Languages
 mkdir Languages
 copy /V /Y ..\..\..\Translations\*.xml Languages\.
 del Languages.zip
 7z a -y Languages.zip Languages
-
 rmdir /S /Q docs
 mkdir docs\html\en
 mkdir docs\EFI-DCS
 copy /V /Y ..\..\..\doc\html\* docs\html\en\.
 copy "..\..\..\doc\chm\VeraCrypt User Guide.chm" docs\.
 copy "..\..\..\doc\EFI-DCS\*.pdf" docs\EFI-DCS\.
-
 del docs.zip
 7z a -y docs.zip docs
-
 "VeraCrypt Setup.exe" /p
-
+call build_msi_x64.bat %VC_VERSION_NBRE%
 del LICENSE
 del License.txt
 del NOTICE
+del License.rtf
+del VeraCrypt.ico
+del VeraCrypt_setup_background.bmp
+del VeraCrypt_setup.bmp
+del Setup.ico
 del "VeraCrypt User Guide.chm"
-
 del Languages.zip
 del docs.zip
 rmdir /S /Q Languages
@@ -59,12 +65,17 @@ rmdir /S /Q docs
 
 cd %SIGNINGPATH%
 
+rem Can't dual-sign MSI files when using signtool (only jsign / osslsigncode can do that)
+
 rem sign using SHA-1
-signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac %PFXCA% /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup %VC_VERSION%.exe"
+signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac %PFXCA% /fd sha1 /t http://timestamp.digicert.com "..\Release\Setup Files\VeraCrypt Setup %VC_VERSION%.exe"
 
 timeout /t 10
 
-rem sign using SHA-256
+rem dual-sign Setup using SHA-256
 signtool sign /v /a /f %SHA256PFXNAME% /p %SHA256PFXPASSWORD% /ac %SHA256PFXCA% /as /fd sha256 /tr http://rfc3161timestamp.globalsign.com/advanced /td SHA256 "..\Release\Setup Files\VeraCrypt Setup %VC_VERSION%.exe"
 
+rem single sign MSI using SHA-256
+signtool sign /v /a /f %SHA256PFXNAME% /p %SHA256PFXPASSWORD% /ac %SHA256PFXCA% /fd sha256 /tr http://rfc3161timestamp.globalsign.com/advanced /td SHA256 "..\Release\Setup Files\bin\VeraCrypt_%VC_VERSION_NBRE%_Setup_x64.msi" "..\Release\Setup Files\bin\VeraCrypt_%VC_VERSION_NBRE%_Setup_x64_en-us.msi" 
+
 pause
\ No newline at end of file
-- 
cgit v1.2.3