diff options
Diffstat (limited to 'bin')
-rwxr-xr-x | bin/createpackage.pl | 24 | ||||
-rwxr-xr-x | bin/patch_capabilities.pl | 26 |
2 files changed, 33 insertions, 17 deletions
diff --git a/bin/createpackage.pl b/bin/createpackage.pl index cce0b54..85be5d3 100755 --- a/bin/createpackage.pl +++ b/bin/createpackage.pl @@ -212,21 +212,21 @@ my $certpath = File::Spec->catdir($scriptpath, File::Spec->updir(), "src/s60inst # Check some pre-conditions and print error messages if needed. unless (length($templatepkg)) { - print "\nError: Template PKG filename is not defined!\n"; + print "\nERROR: Template PKG filename is not defined!\n"; Usage(); } # Check template exist stat($templatepkg); unless( -e _ ) { - print "\nError: Package description file '$templatepkg' does not exist!\n"; + print "\nERROR: Package description file '$templatepkg' does not exist!\n"; Usage(); } # Check certifcate preconditions and set default certificate variables if needed if (length($certificate)) { unless(length($key)) { - print "\nError: Custom certificate key file parameter missing.!\n"; + print "\nERROR: Custom certificate key file parameter missing.!\n"; Usage(); } } else { @@ -261,7 +261,7 @@ if (length($certfile)) { # Do some validation unless(scalar(@certinfo) >= 2 && scalar(@certinfo) <= 3 && length($certinfo[0]) && length($certinfo[1]) ) { - print "\nError: $certfile line '$_' does not contain valid information!\n"; + print "\nERROR: $certfile line '$_' does not contain valid information!\n"; Usage(); } @@ -280,14 +280,14 @@ if (!$preservePkgOutput) { local $/; # read template file -open( TEMPLATE, $templatepkg) or die "Error '$templatepkg': $!\n"; +open( TEMPLATE, $templatepkg) or die "ERROR: '$templatepkg': $!"; $_=<TEMPLATE>; close (TEMPLATE); # If the pkg file does not contain macros, there is no need for platform or target. if (m/\$\(PLATFORM\)/) { unless (length($platform) && length($target)) { - print "\nError: Platform or target is not defined!\n"; + print "\nERROR: Platform or target is not defined!\n"; Usage(); } } @@ -297,7 +297,7 @@ s/\$\(PLATFORM\)/$platform/gm; s/\$\(TARGET\)/$target/gm; #write the output -open( OUTPUT, ">$pkgoutput" ) or die "Error '$pkgoutput' $!\n"; +open( OUTPUT, ">$pkgoutput" ) or die "ERROR: '$pkgoutput' $!"; print OUTPUT $_; close OUTPUT; @@ -306,7 +306,7 @@ if ($preprocessonly) { } if($stub) { - if(!($epocroot)) { die("EPOCROOT must be set to create stub sis files"); } + if(!($epocroot)) { die("ERROR: EPOCROOT must be set to create stub sis files"); } my $systeminstall = "$epocroot/epoc32/data/z/system/install"; mkpath($systeminstall); my $stub_sis_name = $systeminstall."/".$stub_sis_name; @@ -319,15 +319,15 @@ if($stub) { && !$onlyUnsigned) { print("Auto-patching capabilities for self signed package.\n"); my $patch_capabilities = File::Spec->catfile(dirname($0), "patch_capabilities"); - system ("$patch_capabilities $pkgoutput"); + system ("$patch_capabilities $pkgoutput") and die ("ERROR: Automatic patching failed"); } # Create SIS. # The 'and' is because system uses 0 to indicate success. if($epocroot) { - system ("$epocroot/epoc32/tools/makesis $pkgoutput $unsigned_sis_name") and die ("makesis failed"); + system ("$epocroot/epoc32/tools/makesis $pkgoutput $unsigned_sis_name") and die ("ERROR: makesis failed"); } else { - system ("makesis $pkgoutput $unsigned_sis_name") and die ("makesis failed"); + system ("makesis $pkgoutput $unsigned_sis_name") and die ("ERROR: makesis failed"); } print("\n"); @@ -354,7 +354,7 @@ if($stub) { my $relcert = File::Spec->abs2rel($certificate); my $relkey = File::Spec->abs2rel($key); # The 'and' is because system uses 0 to indicate success. - system ("signsis $unsigned_sis_name $signed_sis_name $relcert $relkey $passphrase") and die ("signsis failed"); + system ("signsis $unsigned_sis_name $signed_sis_name $relcert $relkey $passphrase") and die ("ERROR: signsis failed"); # Check if creating signed SIS Succeeded stat($signed_sis_name); diff --git a/bin/patch_capabilities.pl b/bin/patch_capabilities.pl index a85f073..06ab116 100755 --- a/bin/patch_capabilities.pl +++ b/bin/patch_capabilities.pl @@ -152,7 +152,7 @@ if (@ARGV) my $newLine = $line; # Patch pkg UID if it's in protected range - if ($line =~ m/^\#.*\((0x[0-7][0-9|a-f|A-F]*)\).*$/) + if ($line =~ m/^\#.*\((0x[0-7][0-9a-fA-F]*)\).*$/) { my $oldUID = $1; my $newUID = $oldUID; @@ -162,7 +162,7 @@ if (@ARGV) } # Patch embedded sis name and UID if UID is in protected range - if ($line =~ m/^@\"*(.*\.sis).*\((0x[0-7][0-9|a-f|A-F]*)\).*$/) + if ($line =~ m/^@\"*(.*\.sis).*\((0x[0-7][0-9a-fA-F]*)\).*$/) { my $oldSisName = $1; my $oldUID = $2; @@ -280,7 +280,16 @@ if (@ARGV) my $capabilitiesToAllow = join(" ", @capabilitiesToAllow); my @capabilitiesToDrop; while (<$dllCaps>) { - if (/^Vendor ID: (.*)$/) { + if (/^Secure ID: ([0-7][0-9a-fA-F]*)$/) { + my $exeSid = $1; + if ($binaryBaseName =~ /\.exe$/) { + # Installer refuses to install protected executables in a self signed package, so abort if one is detected. + # We can't simply just patch the executable SID, as any registration resources executable uses will be linked to it via SID. + print ("Patching: Executable with SID in the protected range (0x$exeSid) detected: \"$binaryBaseName\". A self-signed sis with protected executables is not supported.\n"); + exit(1); + } + } + if (/^Vendor ID: ([0-9a-fA-F]*)$/) { $originalVid = "$1"; } if (!$capsFound) { @@ -303,8 +312,15 @@ if (@ARGV) my $capsToDropStr = join("\", \"", @capabilitiesToDrop); $capsToDropStr =~ s/\", \"$//; - print ("Patching: The following capabilities used in \"$binaryBaseName\" are not compatible with a self-signed package and will be removed: \"$capsToDropStr\".\n"); - $executeNeeded = 1; + if ($binaryBaseName =~ /\.exe$/) { + # While libraries often have capabilities they do not themselves need just to enable them to be loaded by wider variety of processes, + # executables are more likely to need every capability they have been assigned or they won't function correctly. + print ("Patching: Executable with capabilities incompatible with self-signing detected: \"$binaryBaseName\". (Incompatible capabilities: \"$capsToDropStr\".) Reducing capabilities is only supported for libraries.\n"); + exit(1); + } else { + print ("Patching: The following capabilities used in \"$binaryBaseName\" are not compatible with a self-signed package and will be removed: \"$capsToDropStr\".\n"); + $executeNeeded = 1; + } } $commandToExecute = sprintf($baseCommandToExecute, join(" ", @capabilitiesToSet)); } |