From 65db6150246294e49e0c4a1a0e64780d040faf7a Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@secure-endpoints.com>
Date: Sat, 14 Nov 2009 16:24:41 -0500
Subject: [PATCH] Windows: Code signing with cross-signed certificates

Permit the version of signtool.exe to be specified with
the SIGNTOOL environment variable.

Add the CODESIGN_CROSS_CERT environment variable to
specify the cross-signed certificate to be used

LICENSE MIT

Change-Id: Ib549e31f1f240e0de2cedfabac9bb998ee58a517
Reviewed-on: http://gerrit.openafs.org/825
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
---
 src/config/NTMakefile.amd64_w2k | 10 ++++++++--
 src/config/NTMakefile.i386_w2k  | 10 +++++++++-
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/src/config/NTMakefile.amd64_w2k b/src/config/NTMakefile.amd64_w2k
index 0624eed9ef..554808b03c 100644
--- a/src/config/NTMakefile.amd64_w2k
+++ b/src/config/NTMakefile.amd64_w2k
@@ -314,9 +314,15 @@ _VC_MANIFEST_EMBED_EXE=
 _VC_MANIFEST_EMBED_DLL=
 !ENDIF
 
+!IF "$(SIGNTOOL)" == ""
+SIGNTOOL=signtool.exe
+!ENDIF
+
 !IF DEFINED(CODESIGN_DESC) && DEFINED(CODESIGN_URL) && DEFINED(CODESIGN_TIMESTAMP)
-CODESIGN_USERLAND= signtool.exe sign /a /d "$(CODESIGN_DESC)" /du $(CODESIGN_URL) \
-        /t $(CODESIGN_TIMESTAMP) /v $@
+CODESIGN_USERLAND= "$(SIGNTOOL)" sign /a /d "$(CODESIGN_DESC)" /du $(CODESIGN_URL) /t $(CODESIGN_TIMESTAMP) /v $@
+!IF "$(CODESIGN_CROSS_CERT)" != ""
+CODESIGN_KERNEL= "$(SIGNTOOL)" sign /a /d "$(CODESIGN_DESC)" /du $(CODESIGN_URL) /t $(CODESIGN_TIMESTAMP) /ac "$(CODESIGN_CROSS_CERT)" /v
+!ENDIF
 !ELSE
 CODESIGN_USERLAND=
 !ENDIF
diff --git a/src/config/NTMakefile.i386_w2k b/src/config/NTMakefile.i386_w2k
index 3afdb7633e..47dbb92168 100644
--- a/src/config/NTMakefile.i386_w2k
+++ b/src/config/NTMakefile.i386_w2k
@@ -321,9 +321,17 @@ _VC_MANIFEST_EMBED_EXE=
 _VC_MANIFEST_EMBED_DLL=
 !ENDIF
 
+!IF "$(SIGNTOOL)" == ""
+SIGNTOOL=signtool.exe
+!ENDIF
+
 !IF DEFINED(CODESIGN_DESC) && DEFINED(CODESIGN_URL) && DEFINED(CODESIGN_TIMESTAMP)
-CODESIGN_USERLAND= signtool.exe sign /a /d "$(CODESIGN_DESC)" /du $(CODESIGN_URL) \
+CODESIGN_USERLAND= $(SIGNTOOL) sign /a /d "$(CODESIGN_DESC)" /du $(CODESIGN_URL) \
         /t $(CODESIGN_TIMESTAMP) /v $@
+!IF "$(CODESIGN_CROSS_CERT)" != ""
+CODESIGN_KERNEL= $(SIGNTOOL) sign /a /d "$(CODESIGN_DESC)" /du $(CODESIGN_URL) \
+        /t $(CODESIGN_TIMESTAMP) /ac "$(CODESIGN_CROSS_CERT)" /v
+!ENDIF
 !ELSE
 CODESIGN_USERLAND=
 !ENDIF