From 9082498589f09b4cd81ec017d67b684fa6f0efd9 Mon Sep 17 00:00:00 2001 From: Ava Chow Date: Mon, 2 Dec 2024 17:17:19 -0500 Subject: [PATCH 1/3] contrib: Sign all Windows binaries too Github-Pull: #31407 Rebased-From: 3656b828dc2204418974e94928cc8d915b10ed95 --- contrib/windeploy/detached-sig-create.sh | 26 ++++++++++++++++-------- doc/release-process.md | 2 +- 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/contrib/windeploy/detached-sig-create.sh b/contrib/windeploy/detached-sig-create.sh index 82fcf2d4068..4ec726534c7 100755 --- a/contrib/windeploy/detached-sig-create.sh +++ b/contrib/windeploy/detached-sig-create.sh @@ -8,9 +8,9 @@ if [ -z "$OSSLSIGNCODE" ]; then OSSLSIGNCODE=osslsigncode fi -if [ -z "$1" ]; then - echo "usage: $0 " - echo "example: $0 -key codesign.key" +if [ "$#" -ne 1 ]; then + echo "usage: $0 " + echo "example: $0 codesign.key" exit 1 fi @@ -22,12 +22,22 @@ OUTSUBDIR="${OUTDIR}/win" TIMESERVER=http://timestamp.comodoca.com CERTFILE="win-codesign.cert" +stty -echo +printf "Enter the passphrase for %s: " "$1" +read cs_key_pass +printf "\n" +stty echo + + mkdir -p "${OUTSUBDIR}" -# shellcheck disable=SC2046 -basename -a $(ls -1 "${SRCDIR}"/*-unsigned.exe) | while read UNSIGNED; do - echo Signing "${UNSIGNED}" - "${OSSLSIGNCODE}" sign -certs "${CERTFILE}" -t "${TIMESERVER}" -h sha256 -in "${SRCDIR}/${UNSIGNED}" -out "${WORKDIR}/${UNSIGNED}" "$@" - "${OSSLSIGNCODE}" extract-signature -pem -in "${WORKDIR}/${UNSIGNED}" -out "${OUTSUBDIR}/${UNSIGNED}.pem" && rm "${WORKDIR}/${UNSIGNED}" +find ${SRCDIR} -wholename "*.exe" -type f -exec realpath --relative-to=. {} \; | while read -r bin +do + echo Signing "${bin}" + bin_base="$(realpath --relative-to=${SRCDIR} "${bin}")" + mkdir -p "$(dirname ${WORKDIR}/"${bin_base}")" + "${OSSLSIGNCODE}" sign -certs "${CERTFILE}" -t "${TIMESERVER}" -h sha256 -in "${bin}" -out "${WORKDIR}/${bin_base}" -key "$1" -pass "${cs_key_pass}" + mkdir -p "$(dirname ${OUTSUBDIR}/"${bin_base}")" + "${OSSLSIGNCODE}" extract-signature -pem -in "${WORKDIR}/${bin_base}" -out "${OUTSUBDIR}/${bin_base}.pem" && rm "${WORKDIR}/${bin_base}" done rm -f "${OUT}" diff --git a/doc/release-process.md b/doc/release-process.md index ca42c0ff496..d0dc4211d8f 100644 --- a/doc/release-process.md +++ b/doc/release-process.md @@ -174,7 +174,7 @@ In the `guix-build-${VERSION}/output/x86_64-apple-darwin` and `guix-build-${VERS In the `guix-build-${VERSION}/output/x86_64-w64-mingw32` directory: tar xf bitcoin-${VERSION}-win64-codesigning.tar.gz - ./detached-sig-create.sh -key /path/to/codesign.key + ./detached-sig-create.sh /path/to/codesign.key Enter the passphrase for the key when prompted signature-win.tar.gz will be created From a6aca67214ea45ef359fa8b990ff5c9aa74fa030 Mon Sep 17 00:00:00 2001 From: josibake Date: Fri, 6 Jun 2025 16:51:36 +0200 Subject: [PATCH 2/3] build: patch cmake min version on freetype Patch cmake_minimum_required version for freetype, using the version from https://gitlab.freedesktop.org/freetype/freetype/-/merge_requests/352/diffs This fixes a failure when building with CMake 4, where compatibility with CMake versions < 3.5 has been removed (see https://cmake.org/cmake/help/latest/release/4.0.html#deprecated-and-removed-features) Github-Pull: #32693 Rebased-From: d7c37906e7b1dc1513439056d0cdb2bd341d00f1 --- depends/packages/freetype.mk | 5 +++++ depends/patches/freetype/cmake_minimum.patch | 13 +++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 depends/patches/freetype/cmake_minimum.patch diff --git a/depends/packages/freetype.mk b/depends/packages/freetype.mk index fef0beaa7b4..a97f82e7fea 100644 --- a/depends/packages/freetype.mk +++ b/depends/packages/freetype.mk @@ -4,6 +4,7 @@ $(package)_download_path=https://download.savannah.gnu.org/releases/$(package) $(package)_file_name=$(package)-$($(package)_version).tar.xz $(package)_sha256_hash=8bee39bd3968c4804b70614a0a3ad597299ad0e824bc8aad5ce8aaf48067bde7 $(package)_build_subdir=build +$(package)_patches += cmake_minimum.patch define $(package)_set_vars $(package)_config_opts := -DCMAKE_BUILD_TYPE=None -DBUILD_SHARED_LIBS=TRUE @@ -12,6 +13,10 @@ define $(package)_set_vars $(package)_config_opts += -DCMAKE_DISABLE_FIND_PACKAGE_BrotliDec=TRUE endef +define $(package)_preprocess_cmds + patch -p1 < $($(package)_patch_dir)/cmake_minimum.patch +endef + define $(package)_config_cmds $($(package)_cmake) -S .. -B . endef diff --git a/depends/patches/freetype/cmake_minimum.patch b/depends/patches/freetype/cmake_minimum.patch new file mode 100644 index 00000000000..0a976f8ab8d --- /dev/null +++ b/depends/patches/freetype/cmake_minimum.patch @@ -0,0 +1,13 @@ +build: set minimum required CMake to 3.12 + +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -97,7 +97,7 @@ + # FreeType explicitly marks the API to be exported and relies on the compiler + # to hide all other symbols. CMake supports a C_VISBILITY_PRESET property + # starting with 2.8.12. +-cmake_minimum_required(VERSION 2.8.12) ++cmake_minimum_required(VERSION 3.12) + + if (NOT CMAKE_VERSION VERSION_LESS 3.3) + # Allow symbol visibility settings also on static libraries. CMake < 3.3 From 2437d9398926b82f2015d78752a72d8df82772f2 Mon Sep 17 00:00:00 2001 From: fanquake Date: Fri, 13 Jun 2025 12:33:24 +0100 Subject: [PATCH 3/3] doc: update 28.x release notes --- doc/release-notes.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/release-notes.md b/doc/release-notes.md index 70eb524d29b..20084cb54a6 100644 --- a/doc/release-notes.md +++ b/doc/release-notes.md @@ -45,6 +45,7 @@ Notable changes - #32070 build: use make < 3.82 syntax for define directive - #32439 guix: accomodate migration to codeberg - #32568 depends: use "mkdir -p" when installing xproto +- #32693 depends: fix cmake compatibility error for freetype ### Test @@ -72,6 +73,7 @@ Credits - Brandon Odiwuor - fanquake - Hennadii Stepanov +- josibake - kehiy - MarcoFalke - Sjors Provoost