summaryrefslogtreecommitdiffstats
path: root/bin/patch_capabilities.pl
diff options
context:
space:
mode:
authorGeir Vattekar <geir.vattekar@nokia.com>2010-12-09 11:43:04 (GMT)
committerGeir Vattekar <geir.vattekar@nokia.com>2010-12-09 11:43:04 (GMT)
commit3b20e58b9494549713b492e35af6531b4bc179c9 (patch)
tree9ae3fb2e2d02a78f6f2fe36adaad364170fd704c /bin/patch_capabilities.pl
parentbd4ac06eb3c8ac3a9044689481873ce91aeb3180 (diff)
parent91518478d32a5d5ce188b02f92e744fc782dd687 (diff)
downloadQt-3b20e58b9494549713b492e35af6531b4bc179c9.zip
Qt-3b20e58b9494549713b492e35af6531b4bc179c9.tar.gz
Qt-3b20e58b9494549713b492e35af6531b4bc179c9.tar.bz2
Merge branch '4.7' of scm.dev.nokia.troll.no:qt/qt-doc-team into 4.7
Diffstat (limited to 'bin/patch_capabilities.pl')
-rwxr-xr-xbin/patch_capabilities.pl229
1 files changed, 124 insertions, 105 deletions
diff --git a/bin/patch_capabilities.pl b/bin/patch_capabilities.pl
index 994d493..c3fb89f 100755
--- a/bin/patch_capabilities.pl
+++ b/bin/patch_capabilities.pl
@@ -63,8 +63,11 @@ sub Usage() {
print(" symbian-sbsv2 platform, 'target-platform' is REQUIRED. ***\n\n");
print(" *** NOTE2: When patching gcce binaries built with symbian-sbsv2 toolchain,\n");
print(" armv5 must be specified as platform.\n");
- print("\nUsage: patch_capabilities.pl pkg_filename [target-platform [capability list]]\n");
+ print("\nUsage: patch_capabilities.pl [-c] pkg_filename [target-platform [capability list]]\n");
print("\nE.g. patch_capabilities.pl myapp_template.pkg release-armv5 \"All -TCB\"\n");
+ print("\nThe parameter -c can be used to just check if package is compatible with self-signing\n");
+ print("without actually doing any patching.\n");
+ print("Explicit capability list cannot be used with -c parameter.\n");
exit();
}
@@ -75,6 +78,16 @@ sub trim($) {
return $string;
}
+my $epocroot = $ENV{EPOCROOT};
+my $epocToolsDir = "";
+if ($epocroot ne "") {
+ $epocroot =~ s,\\,/,g;
+ if ($epocroot =~ m,[^/]$,) {
+ $epocroot = $epocroot."/";
+ }
+ $epocToolsDir = "${epocroot}epoc32/tools/";
+}
+
my $nullDevice = "/dev/null";
$nullDevice = "NUL" if ($^O =~ /MSWin/);
@@ -86,6 +99,14 @@ if (@ARGV)
{
# Parse the first given script argument as a ".pkg" file name.
my $pkgFileName = shift(@ARGV);
+ my $justCheck = "";
+ my $msgPrefix = "Patching:";
+
+ if ($pkgFileName eq "-c") {
+ $pkgFileName = shift(@ARGV);
+ $justCheck = true;
+ $msgPrefix = "Warning:";
+ }
# These variables will only be set for template .pkg files.
my $target;
@@ -123,15 +144,22 @@ if (@ARGV)
if (($pkgFileName =~ m|\.pkg$|i) && -r($pkgFileName))
{
print ("\n");
- print ("Patching package file and relevant binaries...\n");
+ if ($justCheck) {
+ print ("Checking");
+ } else {
+ print ("Patching");
+ }
+ print (" package file and relevant binaries...\n");
- # If there are more arguments given, parse them as capabilities.
- if (@ARGV)
- {
- @capabilitiesSpecified = ();
- while (@ARGV)
+ if (!$justCheck) {
+ # If there are more arguments given, parse them as capabilities.
+ if (@ARGV)
{
- push (@capabilitiesSpecified, pop(@ARGV));
+ @capabilitiesSpecified = ();
+ while (@ARGV)
+ {
+ push (@capabilitiesSpecified, pop(@ARGV));
+ }
}
}
@@ -139,11 +167,15 @@ if (@ARGV)
my @binaries = ();
my $tempPkgFileName = $pkgFileName."_@@TEMP@@";
- unlink($tempPkgFileName);
- open (NEW_PKG, ">>".$tempPkgFileName);
+
+ if (!$justCheck) {
+ unlink($tempPkgFileName);
+ open (NEW_PKG, ">>".$tempPkgFileName);
+ }
open (PKG, "<".$pkgFileName);
- my $manufacturerElseBlock = 0;
+ my $checkFailed = "";
+ my $somethingPatched = "";
# Parse each line.
while (<PKG>)
@@ -155,66 +187,19 @@ if (@ARGV)
if ($line =~ m/^\#.*\((0x[0-7][0-9a-fA-F]*)\).*$/)
{
my $oldUID = $1;
- my $newUID = $oldUID;
- $newUID =~ s/0x./0xE/i;
- $newLine =~ s/$oldUID/$newUID/;
- print ("Patching: UID $oldUID is not compatible with self-signing! Changed to: $newUID.\n");
- }
-
- # Patch embedded sis name and UID if UID is in protected range
- if ($line =~ m/^@\"*(.*\.sis).*\((0x[0-7][0-9a-fA-F]*)\).*$/)
- {
- my $oldSisName = $1;
- my $oldUID = $2;
- my $newUID = $oldUID;
- $newUID =~ s/0x./0xE/i;
- $newLine =~ s/$oldUID/$newUID/;
- print ("Patching: Embedded sis $oldSisName UID $oldUID changed to: $newUID.\n");
-
- if ($oldSisName !~ m/^.*_selfsigned.sis$/i)
- {
- my $newSisName = $oldSisName;
- $newSisName =~ s/\.sis$/_selfsigned\.sis/i;
- $newLine =~ s/$oldSisName/$newSisName/i;
- print ("Patching: Embedded sis $oldSisName name changed to: $newSisName.\n");
+ print ("$msgPrefix UID $oldUID is not compatible with self-signing!\n");
+
+ if ($justCheck) {
+ $checkFailed = true;
+ } else {
+ my $newUID = $oldUID;
+ $newUID =~ s/0x./0xE/i;
+ $newLine =~ s/$oldUID/$newUID/;
+ print ("$msgPrefix Package UID changed to: $newUID.\n");
+ $somethingPatched = true;
}
}
- # Remove dependencies to known problem packages (i.e. packages that are likely to be patched, too)
- # to reduce unnecessary error messages.
- if ($line =~ m/^\((0x2002af5f)\).*\{.*\}$/)
- {
- $newLine = "\n";
- print ("Patching: Removed dependency to sqlite3.sis ($1) to avoid installation issues in case sqlite3.sis is also patched.\n");
- }
- if ($line =~ m/^\((0x2001E61C)\).*\{.*\}$/)
- {
- $newLine = "\n";
- print ("Patching: Removed dependency to qt.sis ($1) to avoid installation issues in case qt.sis is also patched.\n");
- }
-
- # Remove manufacturer ifdef
- if ($line =~ m/^.*\(MANUFACTURER\)\=\(.*\).*$/)
- {
- $newLine = "\n";
- print ("Patching: Removed manufacturer check as it is usually not desirable in self-signed packages.\n");
- }
-
- if ($line =~ m/^ELSEIF.*MANUFACTURER$/)
- {
- $manufacturerElseBlock = 1;
- }
-
- if ($manufacturerElseBlock eq 1)
- {
- $newLine = "\n";
- }
-
- if ($line =~ m/^ENDIF.*MANUFACTURER$/)
- {
- $manufacturerElseBlock = 0;
- }
-
# If the line specifies a file, parse the source and destination locations.
if ($line =~ m|^ *\"([^\"]+)\"\s*\-\s*\"([^\"]+)\"|)
{
@@ -231,16 +216,20 @@ if (@ARGV)
$sourcePath =~ s/\$\(TARGET\)/$target/gm;
}
- # Change the source file name (but only if not already patched)
- my $patchedSourcePath = $sourcePath;
- if ($patchedSourcePath !~ m/_patched_caps/)
- {
- $newLine =~ s/(^.*)(\.dll|\.exe)(.*)(\.dll|\.exe)/$1_patched_caps$2$3$4/i;
- $patchedSourcePath =~ s/(^.*)(\.dll|\.exe)/$1_patched_caps$2/i;
-
- copy($sourcePath, $patchedSourcePath) or die "$sourcePath cannot be copied for patching.";
+ if ($justCheck) {
+ push (@binaries, $sourcePath);
+ } else {
+ # Change the source file name (but only if not already patched)
+ my $patchedSourcePath = $sourcePath;
+ if ($patchedSourcePath !~ m/_patched_caps/)
+ {
+ $newLine =~ s/(^.*)(\.dll|\.exe)(.*)(\.dll|\.exe)/$1_patched_caps$2$3$4/i;
+ $patchedSourcePath =~ s/(^.*)(\.dll|\.exe)/$1_patched_caps$2/i;
+
+ copy($sourcePath, $patchedSourcePath) or die "$sourcePath cannot be copied for patching.";
+ }
+ push (@binaries, $patchedSourcePath);
}
- push (@binaries, $patchedSourcePath);
}
}
@@ -250,14 +239,15 @@ if (@ARGV)
}
close (PKG);
- close (NEW_PKG);
-
- unlink($pkgFileName);
- rename($tempPkgFileName, $pkgFileName);
+ if (!$justCheck) {
+ close (NEW_PKG);
+ unlink($pkgFileName);
+ rename($tempPkgFileName, $pkgFileName);
+ }
print ("\n");
- my $baseCommandToExecute = "elftran -vid 0x0 -capability \"%s\" ";
+ my $baseCommandToExecute = "${epocToolsDir}elftran -vid 0x0 -capability \"%s\" ";
# Actually set the capabilities of the listed binaries.
foreach my $binaryPath(@binaries)
@@ -265,18 +255,18 @@ if (@ARGV)
# Create the command line for setting the capabilities.
my ($binaryVolume, $binaryDirs, $binaryBaseName) = File::Spec->splitpath($binaryPath);
my $commandToExecute = $baseCommandToExecute;
- my $executeNeeded = 0;
+ my $executeNeeded = "";
if (@capabilitiesSpecified)
{
$commandToExecute = sprintf($baseCommandToExecute, join(" ", @capabilitiesSpecified));
- $executeNeeded = 1;
+ $executeNeeded = true;
my $capString = join(" ", @capabilitiesSpecified);
- print ("Patching: Patching the the Vendor ID to 0 and the capabilities used to: \"$capString\" in \"$binaryBaseName\".\n");
+ print ("$msgPrefix Patching the the Vendor ID to 0 and the capabilities used to: \"$capString\" in \"$binaryBaseName\".\n");
} else {
# Test which capabilities are present and then restrict them to the allowed set.
# This avoid raising the capabilities of apps that already have none.
my $dllCaps;
- open($dllCaps, "elftran -dump s $binaryPath |") or die ("Could not execute elftran");
+ open($dllCaps, "${epocToolsDir}elftran -dump s $binaryPath |") or die ("ERROR: Could not execute elftran");
my $capsFound = 0;
my $originalVid;
my @capabilitiesToSet;
@@ -288,8 +278,8 @@ if (@ARGV)
if ($binaryBaseName =~ /\.exe$/) {
# Installer refuses to install protected executables in a self signed package, so abort if one is detected.
# We can't simply just patch the executable SID, as any registration resources executable uses will be linked to it via SID.
- print ("Patching: Executable with SID in the protected range (0x$exeSid) detected: \"$binaryBaseName\". A self-signed sis with protected executables is not supported.\n");
- exit(1);
+ print ("$msgPrefix Executable with SID in the protected range (0x$exeSid) detected: \"$binaryBaseName\". A self-signed sis with protected executables is not supported.\n\n");
+ $checkFailed = true;
}
}
if (/^Vendor ID: ([0-9a-fA-F]*)$/) {
@@ -302,7 +292,7 @@ if (@ARGV)
if ($capabilitiesToAllow =~ /$_/) {
push(@capabilitiesToSet, $_);
if (Location =~ /$_/i) {
- print ("Patching: Warning - \"Location\" capability detected for binary: \"$binaryBaseName\". This capability is not self-signable for S60 3rd edition feature pack 1 devices, so installing this package on those devices will most likely not work.\n");
+ print ("$msgPrefix \"Location\" capability detected for binary: \"$binaryBaseName\". This capability is not self-signable for S60 3rd edition feature pack 1 devices, so installing this package on those devices will most likely not work.\n\n");
}
} else {
push(@capabilitiesToDrop, $_);
@@ -311,22 +301,32 @@ if (@ARGV)
}
close($dllCaps);
if ($originalVid !~ "00000000") {
- print ("Patching: Vendor ID (0x$originalVid) incompatible with self-signed packages, setting it to zero for \"$binaryBaseName\".\n");
- $executeNeeded = 1;
+ print ("$msgPrefix Non-zero vendor ID (0x$originalVid) is incompatible with self-signed packages in \"$binaryBaseName\"");
+ if ($justCheck) {
+ print (".\n\n");
+ $checkFailed = true;
+ } else {
+ print (", setting it to zero.\n\n");
+ $executeNeeded = true;
+ }
}
if ($#capabilitiesToDrop) {
my $capsToDropStr = join("\", \"", @capabilitiesToDrop);
$capsToDropStr =~ s/\", \"$//;
- if ($binaryBaseName =~ /\.exe$/) {
- # While libraries often have capabilities they do not themselves need just to enable them to be loaded by wider variety of processes,
- # executables are more likely to need every capability they have been assigned or they won't function correctly.
- print ("Patching: Executable with capabilities incompatible with self-signing detected: \"$binaryBaseName\". (Incompatible capabilities: \"$capsToDropStr\".) Reducing capabilities is only supported for libraries.\n");
- print ("Patching: Please use a proper developer certificate for signing this package.\n");
- exit(1);
+ if ($justCheck) {
+ print ("$msgPrefix The following capabilities used in \"$binaryBaseName\" are not compatible with a self-signed package: \"$capsToDropStr\".\n\n");
+ $checkFailed = true;
} else {
- print ("Patching: The following capabilities used in \"$binaryBaseName\" are not compatible with a self-signed package and will be removed: \"$capsToDropStr\".\n");
- $executeNeeded = 1;
+ if ($binaryBaseName =~ /\.exe$/) {
+ # While libraries often have capabilities they do not themselves need just to enable them to be loaded by wider variety of processes,
+ # executables are more likely to need every capability they have been assigned or they won't function correctly.
+ print ("$msgPrefix Executable with capabilities incompatible with self-signing detected: \"$binaryBaseName\". (Incompatible capabilities: \"$capsToDropStr\".) Reducing capabilities is only supported for libraries.\n");
+ $checkFailed = true;
+ } else {
+ print ("$msgPrefix The following capabilities used in \"$binaryBaseName\" are not compatible with a self-signed package and will be removed: \"$capsToDropStr\".\n");
+ $executeNeeded = true;
+ }
}
}
$commandToExecute = sprintf($baseCommandToExecute, join(" ", @capabilitiesToSet));
@@ -337,16 +337,35 @@ if (@ARGV)
# Actually execute the elftran command to set the capabilities.
print ("\n");
system ("$commandToExecute > $nullDevice");
+ $somethingPatched = true;
}
- ## Create another command line to check that the set capabilities are correct.
- #$commandToExecute = "elftran -dump s ".$binaryPath;
}
+ if ($checkFailed) {
+ print ("\n");
+ if ($justCheck) {
+ print ("$msgPrefix The package is not compatible with self-signing.\n");
+ } else {
+ print ("$msgPrefix Unable to patch the package for self-singing.\n");
+ }
+ print ("Use a proper developer certificate for signing this package.\n\n");
+ exit(1);
+ }
+
+ if ($justCheck) {
+ print ("Package is compatible with self-signing.\n");
+ } else {
+ if ($somethingPatched) {
+ print ("NOTE: A patched package may not work as expected due to reduced capabilities and other modifications,\n");
+ print (" so it should not be used for any kind of Symbian signing or distribution!\n");
+ print (" Use a proper certificate to avoid the need to patch the package.\n");
+ } else {
+ print ("No patching was required!\n");
+ }
+ }
print ("\n");
- print ("NOTE: A patched package may not work as expected due to reduced capabilities and other modifications,\n");
- print (" so it should not be used for any kind of Symbian signing or distribution!\n");
- print (" Use a proper certificate to avoid the need to patch the package.\n");
- print ("\n");
+ } else {
+ Usage();
}
}
else