diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk index a3047efee..e4aa97cba 100644 --- a/build-aux/speedo.mk +++ b/build-aux/speedo.mk @@ -1,5 +1,5 @@ # speedo.mk - Speedo rebuilds speedily. -# Copyright (C) 2008, 2014, 2019 g10 Code GmbH +# Copyright (C) 2008, 2014, 2019, 2024 g10 Code GmbH # # speedo is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -43,58 +43,7 @@ # # The information required to sign the tarballs and binaries # are expected in the developer specific file ~/.gnupg-autogen.rc". -# Here is an example: -#--8<---------------cut here---------------start------------->8--- -# # Location of the released tarball archives. Note that this is an -# # internal archive and before uploading this to the public server, -# # manual tests should be run and the git release tagged and pushed. -# # This is greped by the Makefile. -# RELEASE_ARCHIVE=foo@somehost:tarball-archive -# -# # The key used to sign the GnuPG sources. -# # This is greped by the Makefile. -# RELEASE_SIGNKEY=6DAA6E64A76D2840571B4902528897B826403ADA -# -# # The key used to sign the VERSION files of some MSI installers. -# VERSION_SIGNKEY=02F38DFF731FF97CB039A1DA549E695E905BA208 -# -# # For signing Windows binaries we need to employ a Windows machine. -# # We connect to this machine via ssh and take the connection -# # parameters via .ssh/config. For example a VM could be specified -# # like this: -# # -# # Host authenticode-signhost -# # HostName localhost -# # Port 27042 -# # User gpgsign -# # -# # Depending on the used token it might be necessary to allow single -# # signon and unlock the token before running the make. The following -# # variable references this entry. This is greped by the Makefile. -# AUTHENTICODE_SIGNHOST=authenticode-signhost -# -# # The name of the signtool as used on Windows. -# # This is greped by the Makefile. -# AUTHENTICODE_TOOL="C:\Program Files (x86)\Windows Kits\10\bin\signtool.exe" -# -# # The URL for the timestamping service -# AUTHENTICODE_TSURL=http://rfc3161timestamp.globalsign.com/advanced -# -# # To use osslsigncode the follwing entries are required and -# # an empty string must be given for AUTHENTICODE_SIGNHOST. -# # They are greped by the Makefile. -# AUTHENTICODE_KEY=/home/foo/.gnupg/my-authenticode-key.p12 -# AUTHENTICODE_CERTS=/home/foo/.gnupg/my-authenticode-certs.pem -# -# # If a smartcard is used for the Authenticode signature these -# # entries are required instead: -# AUTHENTICODE_KEY=card -# AUTHENTICODE_CERTS=/home/foo/.gnupg/my_authenticode_cert.pem -# OSSLSIGNCODE=/usr/bin/osslsigncode -# OSSLPKCS11ENGINE=/usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so -# SCUTEMODULE=/usr/local/lib/scute.so -# -#--8<---------------cut here---------------end--------------->8--- +# Use "gpg-authcode-sign.sh --template" to create a template. # We need to know our own name. @@ -124,6 +73,7 @@ help: @echo 'Use WIXPREFIX to provide the WIX binaries for the MSI package.' @echo ' Using WIX also requires wine with installed wine mono.' @echo ' See help-wixlib for more information' + @echo 'Set W32VERSION=w64 to build a 64 bit Windows version.' help-wixlib: @echo 'The buildsystem can create a wixlib to build MSI packages.' @@ -208,9 +158,12 @@ w32-release-offline: check-tools # to "this" from the unpacked sources. WHAT=git -# Set target to "native" or "w32" +# Set target to "native" or "w32". TARGETOS= +# To build a 64 bit Windows version also change this to "w64" +W32VERSION=w32 + # Set to 1 to use a pre-installed swdb.lst instead of the online version. CUSTOM_SWDB=0 @@ -227,33 +180,32 @@ STATIC=0 # external packages. TARBALLS=$(shell pwd)/../tarballs -# Number of parallel make jobs for each package -MAKE_J=6 +# Check if nproc is available, set MAKE_J accordingly +MAKE_J = $(shell if command -v nproc >/dev/null 2>&1; then \ + nproc; else echo 6; \ + fi) # Name to use for the w32 installer and sources + + INST_NAME=gnupg-w32 -# Use this to override the installaion directory for native builds. +# Use this to override the installation directory for native builds. INSTALL_PREFIX=none # Set this to the location of wixtools WIXPREFIX=$(shell readlink -f ~/w32root/wixtools) -# If patchelf(1) is not availale disable the command. +# If patchelf(1) is not available disable the command. PATCHELF := $(shell patchelf --version 2>/dev/null >/dev/null || echo "echo please run: ")patchelf +# Set this to 1 to get verbose output +VERBOSE=0 + # Read signing information from ~/.gnupg-autogen.rc define READ_AUTOGEN_template $(1) = $$(shell grep '^[[:blank:]]*$(1)[[:blank:]]*=' $$$$HOME/.gnupg-autogen.rc|cut -d= -f2|xargs) endef -$(eval $(call READ_AUTOGEN_template,AUTHENTICODE_SIGNHOST)) -$(eval $(call READ_AUTOGEN_template,AUTHENTICODE_TOOL)) -$(eval $(call READ_AUTOGEN_template,AUTHENTICODE_TSURL)) -$(eval $(call READ_AUTOGEN_template,AUTHENTICODE_KEY)) -$(eval $(call READ_AUTOGEN_template,AUTHENTICODE_CERTS)) -$(eval $(call READ_AUTOGEN_template,OSSLSIGNCODE)) -$(eval $(call READ_AUTOGEN_template,OSSLPKCS11ENGINE)) -$(eval $(call READ_AUTOGEN_template,SCUTEMODULE)) $(eval $(call READ_AUTOGEN_template,OVERRIDE_TARBALLS)) @@ -281,6 +233,7 @@ AUTHENTICODE_FILES= \ libgpgme-11.dll \ libksba-8.dll \ libnpth-0.dll \ + libntbtls-0.dll \ libsqlite3-0.dll \ pinentry-w32.exe \ scdaemon.exe \ @@ -330,7 +283,12 @@ endif # Packages which are additionally build for 64 bit Windows. They are # only used for gpgex and thus we need to build them only if we want # a full installer. -speedo_w64_spkgs = +ifeq ($(W32VERSION),w64) + # Keep this empty + speedo_w64_spkgs = +else + speedo_w64_spkgs = +endif # Packages which use the gnupg autogen.sh build style speedo_gnupg_style = \ @@ -409,7 +367,7 @@ sqlite_sha1 := $(shell awk '$$1=="sqlite_sha1_gz" {print $$2}' swdb.lst) sqlite_sha2 := $(shell awk '$$1=="sqlite_sha2_gz" {print $$2}' swdb.lst) -$(info Information from the version database) +$(info Information from the version database:) $(info GnuPG ..........: $(gnupg_ver) (building $(gnupg_ver_this))) $(info GpgRT ..........: $(libgpg_error_ver)) $(info Npth ...........: $(npth_ver)) @@ -424,14 +382,26 @@ $(info GPGME ..........: $(gpgme_ver)) $(info Pinentry .......: $(pinentry_ver)) endif +$(info Information for this run:) +$(info Build type .....: $(WHAT)) +$(info Target .........: $(TARGETOS)) +ifeq ($(TARGETOS),w32) + $(info Windows version : 32 bit) +ifneq ($(W32VERSION),w32) +# Noet that GnuPG 2.4 does not support 64 bit Windows - use GnuPG 2.6 + $(error W32VERSION is not set to a proper value: Use only w32) +endif +endif + + # Version number for external packages pkg_config_ver = 0.23 libiconv_ver = 1.14 gettext_ver = 0.18.2.1 -# The GIT repository. Using a local repo is much faster. -#gitrep = git://git.gnupg.org +# The GIT repository. Using a local repo is much faster and more secure. +# The default is to expect it below ~/s/ gitrep = ${HOME}/s # The tarball directories @@ -515,8 +485,8 @@ speedo_pkg_gettext_tar = $(pkg2rep)/gettext-$(gettext_ver).tar.gz speedo_pkg_npth_configure = --enable-static -speedo_pkg_libgpg_error_configure = --enable-static --enable-install-gpg-error-config -speedo_pkg_w64_libgpg_error_configure = --enable-static --enable-install-gpg-error-config +speedo_pkg_libgpg_error_configure = --enable-static +speedo_pkg_w64_libgpg_error_configure = --enable-static speedo_pkg_libgpg_error_extracflags = -D_WIN32_WINNT=0x0600 speedo_pkg_w64_libgpg_error_extracflags = -D_WIN32_WINNT=0x0600 @@ -527,9 +497,6 @@ speedo_pkg_libgcrypt_configure = --disable-static speedo_pkg_libksba_configure = --disable-static -speedo_pkg_ntbtls_configure = --enable-static - - ifeq ($(STATIC),1) speedo_pkg_npth_configure += --disable-shared @@ -542,9 +509,6 @@ speedo_pkg_libgcrypt_configure += --disable-shared speedo_pkg_libksba_configure += --disable-shared endif -# For now we build ntbtls only static -speedo_pkg_ntbtls_configure = --disable-shared - ifeq ($(TARGETOS),w32) speedo_pkg_gnupg_configure = \ --disable-g13 --enable-ntbtls --disable-tpm2d @@ -627,6 +591,9 @@ speedo_pkg_bzip2_make_args = \ speedo_pkg_bzip2_make_args_inst = \ PREFIX=$(idir) CC="$(host)-gcc" AR="$(host)-ar" RANLIB="$(host)-ranlib" +else +speedo_pkg_bzip2_make_args_inst = \ + PREFIX=$(idir) endif speedo_pkg_w64_libiconv_configure = \ @@ -654,12 +621,21 @@ report: report-speedo clean: clean-speedo + +ifeq ($(W32VERSION),w64) +W32CC_PREFIX = x86_64 +else +W32CC_PREFIX = i686 +endif + ifeq ($(TARGETOS),w32) -STRIP = i686-w64-mingw32-strip +STRIP = $(W32CC_PREFIX)-w64-mingw32-strip +W32STRIP32 = i686-w64-mingw32-strip else STRIP = strip endif -W32CC = i686-w64-mingw32-gcc +W32CC = $(W32CC_PREFIX)-w64-mingw32-gcc +W32CC32 = i686-w64-mingw32-gcc -include config.mk @@ -698,13 +674,24 @@ speedo_w64_build_list = $(speedo_w64_spkgs) # assignments), we check that the targetos has been given ifneq ($(TARGETOS),) +# Check for VERBOSE variable to conditionally set the silent option +ifeq ($(VERBOSE),1) + slient_flag = + autogen_sh_silent_flag = +else + slient_flag = --silent + autogen_sh_silent_flag = AUTOGEN_SH_SILENT=1 +endif + # Determine build and host system -build := $(shell $(topsrc)/autogen.sh --silent --print-build) +build := $(shell $(topsrc)/autogen.sh $(silent_flag) --print-build) ifeq ($(TARGETOS),w32) - speedo_autogen_buildopt := --build-w32 + speedo_autogen_buildopt := --build-$(W32VERSION) speedo_autogen_buildopt6 := --build-w64 - host := $(shell $(topsrc)/autogen.sh --silent --print-host --build-w32) - host6:= $(shell $(topsrc)/autogen.sh --silent --print-host --build-w64) + host := $(shell $(topsrc)/autogen.sh $(silent_flag) --print-host \ + --build-$(W32VERSION)) + host6:= $(shell $(topsrc)/autogen.sh $(silent_flag) --print-host \ + --build-w64) speedo_host_build_option := --host=$(host) --build=$(build) speedo_host_build_option6 := --host=$(host6) --build=$(build) speedo_w32_cflags := -mms-bitfields @@ -768,6 +755,9 @@ define SETVARS fi; \ pkgbdir="$(bdir)/$(1)"; \ pkgcfg="$(call GETVAR,speedo_pkg_$(1)_configure)"; \ + if [ "$(TARGETOS)" != native ]; then \ + pkgcfg="$(pkgcfg) --libdir=$(idir)/lib"; \ + fi; \ tmp="$(speedo_w32_cflags) \ $(call GETVAR,speedo_pkg_$(1)_extracflags)"; \ if [ x$$$$(echo "$$$$tmp" | tr -d '[:space:]')x != xx ]; then \ @@ -927,13 +917,14 @@ else ifneq ($(findstring $(1),$(speedo_gnupg_style)),) mkdir "$$$${pkgbdir}"; \ cd "$$$${pkgbdir}"; \ if [ -n "$(speedo_autogen_buildopt)" ]; then \ - eval AUTOGEN_SH_SILENT=1 w32root="$(idir)" \ + eval $(autogen_sh_silent_flag) \ + $(W32VERSION)root="$(idir)" \ "$$$${pkgsdir}/autogen.sh" \ $(speedo_autogen_buildopt) \ $$$${pkgcfg} $$$${pkgextracflags}; \ else \ eval "$$$${pkgsdir}/configure" \ - --silent \ + $(silent_flag) \ --enable-maintainer-mode \ --prefix="$(idir)" \ $$$${pkgcfg} $$$${pkgextracflags}; \ @@ -943,7 +934,7 @@ else mkdir "$$$${pkgbdir}"; \ cd "$$$${pkgbdir}"; \ eval "$$$${pkgsdir}/configure" \ - --silent $(speedo_host_build_option) \ + $(silent_flag) $(speedo_host_build_option) \ --prefix="$(idir)" \ $$$${pkgcfg} $$$${pkgextracflags}; \ ) @@ -962,13 +953,13 @@ else ifneq ($(findstring $(1),$(speedo_gnupg_style)),) mkdir "$$$${pkgbdir}"; \ cd "$$$${pkgbdir}"; \ if [ -n "$(speedo_autogen_buildopt)" ]; then \ - eval AUTOGEN_SH_SILENT=1 w64root="$(idir6)" \ + eval $(autogen_sh_silent_flag) w64root="$(idir6)" \ "$$$${pkgsdir}/autogen.sh" \ $(speedo_autogen_buildopt6) \ $$$${pkgcfg} $$$${pkgextracflags}; \ else \ eval "$$$${pkgsdir}/configure" \ - --silent \ + $(silent_flag) \ --enable-maintainer-mode \ --prefix="$(idir6)" \ $$$${pkgcfg} $$$${pkgextracflags}; \ @@ -978,7 +969,7 @@ else mkdir "$$$${pkgbdir}"; \ cd "$$$${pkgbdir}"; \ eval "$$$${pkgsdir}/configure" \ - --silent $(speedo_host_build_option6) \ + $(silent_flag) $(speedo_host_build_option6) \ --prefix="$(idir6)" \ $$$${pkgcfg} $$$${pkgextracflags}; \ ) @@ -1135,9 +1126,8 @@ ifneq ($(TARGETOS),w32) echo "speedo: /*" ;\ echo "speedo: * Now copy $(idir)/ to the final location and" ;\ echo "speedo: * adjust $(idir)/bin/gpgconf.ctl accordingly" ;\ - echo "speedo: * Or run:" ;\ + echo "speedo: * Or run run for example:" ;\ echo "speedo: * make -f $(topsrc)/build-aux/speedo.mk install SYSROOT=/usr/local/gnupg24" ;\ - echo "speedo: * ldconfig -n /usr/local/gnupg24/lib";\ echo "speedo: */") endif @@ -1153,7 +1143,6 @@ ifneq ($(TARGETOS),w32) echo "speedo: Set SYSROOT to the desired install directory";\ echo "speedo: Example:";\ echo "speedo: make -f $(topsrc)/build-aux/speedo.mk install SYSROOT=/usr/local/gnupg24";\ - echo "speedo: ldconfig -n /usr/local/gnupg24/lib";\ exit 1;\ fi;\ if [ ! -d "$$SYSROOT"/bin ]; then if ! mkdir "$$SYSROOT"/bin; then \ @@ -1175,6 +1164,8 @@ ifneq ($(TARGETOS),w32) echo "speedo: Installing files to $$SYSROOT";\ find . -type f -executable \ -exec install -Dm 755 "{}" "$$SYSROOT/{}" \; ;\ + find . -type l -executable \ + -exec install -Dm 755 "{}" "$$SYSROOT/{}" \; ;\ find . -type f \! -executable \ -exec install -Dm 644 "{}" "$$SYSROOT/{}" \; ;\ echo "sysconfdir = /etc/gnupg" > "$$SYSROOT"/bin/gpgconf.ctl ;\ @@ -1241,13 +1232,13 @@ $(bdir)/README.txt: $(bdir)/NEWS.tmp $(topsrc)/README $(w32src)/README.txt \ $(bdir)/g4wihelp.dll: $(w32src)/g4wihelp.c $(w32src)/exdll.h $(w32src)/exdll.c (set -e; cd $(bdir); \ - $(W32CC) -DUNICODE -static-libgcc -I . -O2 -c \ + $(W32CC32) -DUNICODE -static-libgcc -I . -O2 -c \ -o exdll.o $(w32src)/exdll.c; \ - $(W32CC) -DUNICODE -static-libgcc -I. -shared -O2 \ + $(W32CC32) -DUNICODE -static-libgcc -I. -shared -O2 \ -o g4wihelp.dll $(w32src)/g4wihelp.c exdll.o \ -lwinmm -lgdi32 -luserenv \ -lshell32 -loleaut32 -lshlwapi -lmsimg32; \ - $(STRIP) g4wihelp.dll) + $(W32STRIP32) g4wihelp.dll) w32_insthelpers: $(bdir)/g4wihelp.dll @@ -1355,7 +1346,7 @@ endef # Sign the file $1 and save the result as $2 define AUTHENTICODE_sign (set -e; \ - if gpg-authcode-sign.sh --version >/dev/null; then \ + if (gpg-authcode-sign.sh --version >/dev/null); then \ gpg-authcode-sign.sh "$(1)" "$(2)"; \ else \ echo 2>&1 "warning: Please install gpg-authcode-sign.sh to sign files." ;\ @@ -1363,7 +1354,6 @@ define AUTHENTICODE_sign fi) endef - # Help target for testing to sign a file. # Usage: make -f speedo.mk test-authenticode-sign TARGETOS=w32 FILE=foo.exe test-authenticode-sign: @@ -1429,7 +1419,7 @@ endif # -# Check availibility of standard tools and prepare everything. +# Check availability of standard tools and prepare everything. # check-tools: $(stampdir)/stamp-directories diff --git a/build-aux/speedo/w32/inst.nsi b/build-aux/speedo/w32/inst.nsi index ffe0350ef..5007eed2d 100644 --- a/build-aux/speedo/w32/inst.nsi +++ b/build-aux/speedo/w32/inst.nsi @@ -46,7 +46,7 @@ Unicode true !define PRETTY_PACKAGE "GNU Privacy Guard" !define PRETTY_PACKAGE_SHORT "GnuPG" !define COMPANY "The GnuPG Project" -!define COPYRIGHT "Copyright (C) 2021 g10 Code GmbH" +!define COPYRIGHT "Copyright (C) 2024 g10 Code GmbH" !define DESCRIPTION "GnuPG: The GNU Privacy Guard for Windows" !define INSTALL_DIR "GnuPG" @@ -63,13 +63,13 @@ Unicode true GnuPG includes an advanced key management facility and is compliant \ with the OpenPGP Internet standard as described in RFC-4880. \ \r\n\r\n$_CLICK \ - \r\n\r\n\r\n\r\n\r\nThis is GnuPG version ${VERSION}.\r\n\ + \r\n\r\n\r\n\r\n\r\nThis is GnuPG version ${VERSION} (32 bit).\r\n\ File version: ${PROD_VERSION}\r\n\ Release date: ${BUILD_ISODATE}" !define ABOUT_GERMAN \ "GnuPG is die häufigst verwendete Software zur Mail- und Datenverschlüsselung.\ \r\n\r\n$_CLICK \ - \r\n\r\n\r\n\r\n\r\nDies ist GnuPG Version ${VERSION}.\r\n\ + \r\n\r\n\r\n\r\n\r\nDies ist GnuPG Version ${VERSION} (32 bit).\r\n\ Dateiversion: ${PROD_VERSION}\r\n\ Releasedatum: ${BUILD_ISODATE}" @@ -250,7 +250,7 @@ LangString T_About ${LANG_GERMAN} "${ABOUT_GERMAN}" LangString T_GPLHeader ${LANG_ENGLISH} \ "This software is licensed under the terms of the GNU General Public \ License (GNU GPL)." -LangString T_GPLHeader ${LANG_GERMAN}} \ +LangString T_GPLHeader ${LANG_GERMAN} \ "Diese Software ist unter der GNU General Public License \ (GNU GPL) lizensiert." @@ -590,23 +590,6 @@ Section "-gnupginst" WriteRegStr SHCTX "Software\GnuPG" "Install Directory" $INSTDIR - # If we are reinstalling, try to kill a possible running gpa using - # an already installed gpa. - ifFileExists "$INSTDIR\bin\launch-gpa.exe" 0 no_uiserver - nsExec::ExecToLog '"$INSTDIR\bin\launch-gpa" "--stop-server"' - - no_uiserver: - - # If we are reinstalling, try to kill a possible running agent using - # an already installed gpgconf. - - ifFileExists "$INSTDIR\bin\gpgconf.exe" 0 no_gpgconf - nsExec::ExecToLog '"$INSTDIR\bin\gpgconf" "--kill" "dirmngr"' - nsExec::ExecToLog '"$INSTDIR\bin\gpgconf" "--kill" "gpg-agent"' - nsExec::ExecToLog '"$INSTDIR\bin\gpgconf" "--kill" "keyboxd"' - - no_gpgconf: - # Add the bin directory to the PATH Push "$INSTDIR\bin" Call AddToPath @@ -853,6 +836,11 @@ Section "-sqlite" SEC_sqlite File bin/libsqlite3-0.dll SectionEnd +Section "-ntbtls" SEC_ntbtls + SetOutPath "$INSTDIR\bin" + File bin/libntbtls-0.dll +SectionEnd + !ifdef WITH_GUI Section "-libiconv" SEC_libiconv SetOutPath "$INSTDIR\bin" @@ -1436,6 +1424,10 @@ Section "-un.sqlite" Delete "$INSTDIR\bin\libsqlite3-0.dll" SectionEnd +Section "-un.ntbtls" + Delete "$INSTDIR\bin\libntbtls-0.dll" +SectionEnd + Section "-un.gnupginst" # Delete standard stuff. Delete "$INSTDIR\README.txt" @@ -1465,18 +1457,6 @@ Function .onInit Call G4wRunOnce - SetOutPath $TEMP -#!ifdef SOURCES -# File /oname=gpgspltmp.bmp "${TOP_SRCDIR}/doc/logo/gnupg-logo-400px.bmp" -# # We play the tune only for the soruce installer -# File /oname=gpgspltmp.wav "${TOP_SRCDIR}/src/gnupg-splash.wav" -# g4wihelp::playsound $TEMP\gpgspltmp.wav -# g4wihelp::showsplash 2500 $TEMP\gpgspltmp.bmp - -# Delete $TEMP\gpgspltmp.bmp -# # Note that we delete gpgspltmp.wav in .onInst{Failed,Success} -#!endif - # We can't use TOP_SRCDIR dir as the name of the file needs to be # the same while building and running the installer. Thus we # generate the file from a template. @@ -1619,11 +1599,7 @@ Section WriteRegExpandStr SHCTX $MYTMP "UninstallString" '"$INSTDIR\gnupg-uninstall.exe"' WriteRegExpandStr SHCTX $MYTMP "InstallLocation" "$INSTDIR" WriteRegStr SHCTX $MYTMP "DisplayName" "${PRETTY_PACKAGE}" -!ifdef WITH_GUI - WriteRegStr SHCTX $MYTMP "DisplayIcon" "$INSTDIR\bin\gpa.exe,0" -!else WriteRegStr SHCTX $MYTMP "DisplayIcon" "$INSTDIR\bin\gpg.exe,0" -!endif WriteRegStr SHCTX $MYTMP "DisplayVersion" "${VERSION}" WriteRegStr SHCTX $MYTMP "Publisher" "The GnuPG Project" WriteRegStr SHCTX $MYTMP "URLInfoAbout" "https://gnupg.org"