#!/usr/bin/perl ############################################################################# ## ## Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies). ## All rights reserved. ## Contact: Nokia Corporation (qt-info@nokia.com) ## ## This file is part of the S60 port of the Qt Toolkit. ## ## $QT_BEGIN_LICENSE:LGPL$ ## No Commercial Usage ## This file contains pre-release code and may not be distributed. ## You may use this file in accordance with the terms and conditions ## contained in the Technology Preview License Agreement accompanying ## this package. ## ## GNU Lesser General Public License Usage ## Alternatively, this file may be used under the terms of the GNU Lesser ## General Public License version 2.1 as published by the Free Software ## Foundation and appearing in the file LICENSE.LGPL included in the ## packaging of this file. Please review the following information to ## ensure the GNU Lesser General Public License version 2.1 requirements ## will be met: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. ## ## In addition, as a special exception, Nokia gives you certain additional ## rights. These rights are described in the Nokia Qt LGPL Exception ## version 1.1, included in the file LGPL_EXCEPTION.txt in this package. ## ## If you have questions regarding the use of this file, please contact ## Nokia at qt-info@nokia.com. ## ## ## ## ## ## ## ## ## $QT_END_LICENSE$ ## ############################################################################# ############################################################################################ # # Convenience script for creating signed packages you can install on your phone. # ############################################################################################ use strict; # use a command-line parsing module use Getopt::Long; # Use file name parsing module use File::Basename; # Use File::Spec services mainly rel2abs use File::Spec; # Use File::Path - to make stub sis target directory use File::Path; # use CWD abs_bath, which is exported only on request use Cwd 'abs_path'; sub Usage() { print <<ENDUSAGESTRING; ============================================================================================== Convenience script for creating signed packages you can install on your phone. Usage: createpackage.pl [options] templatepkg [target]-[platform] [certificate key [passphrase]] Where supported options are as follows: [-i|install] = Install the package right away using PC suite. [-p|preprocess] = Only preprocess the template .pkg file. [-c|certfile <file>] = The file containing certificate information for signing. The file can have several certificates, each specified in separate line. The certificate, key and passphrase in line must be ';' separated. Lines starting with '#' are treated as a comments. Also empty lines are ignored. The paths in <file> can be absolute or relative to <file>. [-u|unsigned] = Preserves the unsigned package. [-o|only-unsigned] = Creates only unsigned package. [-s|stub] = Generates stub sis for ROM. [-n|sisname <name>] = Specifies the final sis name. [-g|gcce-is-armv5] = Convert gcce platform to armv5. [-d|dont-patch] = Skip automatic patching of capabilities and pkg file if default certificate is used. Instead non-self-signable capabilities just cause warnings. Where parameters are as follows: templatepkg = Name of .pkg file template target = Either debug or release platform = One of the supported platform winscw | gcce | armv5 | armv6 | armv7 Note that when packaging binaries built using gcce and symbian-sbsv2 mkspec, armv5 must be used for platform instead of gcce. certificate = The certificate file used for signing key = The certificate's private key file passphrase = The passphrase of the certificate's private key file Example: createpackage.pl fluidlauncher_template.pkg release-armv5 Example with certfile: createpackage.pl -c=mycerts.txt fluidlauncher_template.pkg release-armv5 Content of 'mycerts.txt' must be something like this: # This is comment line, also the empty lines are ignored rd.cer;rd-key.pem .\\cert\\mycert.cer;.\\cert\\mykey.key;yourpassword X:\\QtS60\\s60installs\\selfsigned.cer;X:\\QtS60\\s60installs\\selfsigned.key If no certificate and key files are provided, either a RnD certificate or a self-signed certificate from QtDir\\src\\s60installs directory is used. In the latter case the resulting package will also be automatically patched using patch_capabilities.pl script, which makes it unsuitable for distribution. Always specify certificates explicitly if you wish to distribute your package. ============================================================================================== ENDUSAGESTRING exit(); } # Read given options my $install = ""; my $preprocessonly = ""; my $certfile = ""; my $preserveUnsigned = ""; my $stub = ""; my $signed_sis_name = ""; my $onlyUnsigned = ""; my $convertGcce = ""; my $dontPatchCaps = ""; unless (GetOptions('i|install' => \$install, 'p|preprocess' => \$preprocessonly, 'c|certfile=s' => \$certfile, 'u|unsigned' => \$preserveUnsigned, 'o|only-unsigned' => \$onlyUnsigned, 's|stub' => \$stub, 'n|sisname=s' => \$signed_sis_name, 'g|gcce-is-armv5' => \$convertGcce, 'd|dont-patch' => \$dontPatchCaps,)) { Usage(); } my $epocroot = $ENV{EPOCROOT}; my $epocToolsDir = ""; if ($epocroot ne "") { $epocroot =~ s,\\,/,g; if ($epocroot =~ m,[^/]$,) { $epocroot = $epocroot."/"; } $epocToolsDir = "${epocroot}epoc32/tools/"; } my $certfilepath = abs_path(dirname($certfile)); # Read params to variables my $templatepkg = $ARGV[0]; my $targetplatform = lc $ARGV[1]; if ($targetplatform eq "") { $targetplatform = "-"; } my @tmpvalues = split('-', $targetplatform); my $target; $target = $tmpvalues[0] or $target = ""; my $platform; $platform = $tmpvalues[1] or $platform = ""; if ($platform =~ m/^gcce$/i) { if (($convertGcce ne "")) { $platform = "armv5"; } elsif ($ENV{SBS_HOME}) { # Print a informative note in case suspected misuse is detected. print "\nNote: You should use armv5 as platform or specify -g parameter to convert platform\n"; print " when packaging gcce binaries built using symbian-sbsv2 mkspec.\n\n"; } } # Convert visual target to real target (debug->udeb and release->urel) $target =~ s/debug/udeb/i; $target =~ s/release/urel/i; my $certificate; $certificate = $ARGV[2] or $certificate = ""; my $key; $key = $ARGV[3] or $key = ""; my $passphrase; $passphrase = $ARGV[4] or $passphrase = ""; # Generate output pkg basename (i.e. file name without extension) my $pkgoutputbasename = $templatepkg; my $preservePkgOutput = ""; $pkgoutputbasename =~ s/_template/_$targetplatform/g; $pkgoutputbasename =~ s/_installer\.pkg/_installer___temp\.pkg/g; if ($pkgoutputbasename eq $templatepkg) { $preservePkgOutput = "1"; } $pkgoutputbasename =~ s/\.pkg//g; # Store output file names to variables my $pkgoutput = $pkgoutputbasename.".pkg"; my $sisoutputbasename; if ($signed_sis_name eq "") { $sisoutputbasename = $pkgoutputbasename; $sisoutputbasename =~ s/_$targetplatform//g; $sisoutputbasename =~ s/_installer___temp/_installer/g; $signed_sis_name = $sisoutputbasename.".sis"; } else { $sisoutputbasename = $signed_sis_name; if ($sisoutputbasename =~ m/(\.sis$|\.sisx$)/i) { $sisoutputbasename =~ s/$1//i; } else { $signed_sis_name = $signed_sis_name.".sis"; } } my $installer_unsigned_app_sis_name = ""; my $installer_app_sis_name = ""; if ($templatepkg =~ m/_installer\.pkg$/i && $onlyUnsigned) { $installer_unsigned_app_sis_name = $templatepkg; $installer_unsigned_app_sis_name =~ s/_installer.pkg$/_unsigned.sis/i; $installer_app_sis_name = $installer_unsigned_app_sis_name; $installer_app_sis_name =~ s/_unsigned.sis$/.sis/; } my $unsigned_sis_name = $sisoutputbasename."_unsigned.sis"; my $stub_sis_name = $sisoutputbasename.".sis"; # Store some utility variables my $scriptpath = dirname(__FILE__); my $certtext = $certificate; # certificates are one step up in hierarchy my $certpath = File::Spec->catdir($scriptpath, File::Spec->updir(), "src/s60installs/"); # Check some pre-conditions and print error messages if needed. unless (length($templatepkg)) { print "\nERROR: Template PKG filename is not defined!\n"; Usage(); } # Check template exist stat($templatepkg); unless( -e _ ) { print "\nERROR: Package description file '$templatepkg' does not exist!\n"; Usage(); } # Check certifcate preconditions and set default certificate variables if needed if (length($certificate)) { unless(length($key)) { print "\nERROR: Custom certificate key file parameter missing.!\n"; Usage(); } } else { #If no certificate is given, check default options $certtext = "RnD"; $certificate = File::Spec->catfile($certpath, "rd.cer"); $key = File::Spec->catfile($certpath, "rd-key.pem"); stat($certificate); unless( -e _ ) { $certtext = "Self Signed"; $certificate = File::Spec->catfile($certpath, "selfsigned.cer"); $key = File::Spec->catfile($certpath, "selfsigned.key"); } } # Read the certificates from file to two dimensional array my @certificates; if (length($certfile)) { open CERTFILE, "<$certfile" or die $!; while(<CERTFILE>){ s/#.*//; # ignore comments by erasing them next if /^(\s)*$/; # skip blank lines chomp; # remove trailing newline characters my @certinfo = split(';', $_); # split row to certinfo # Trim spaces for(@certinfo) { s/^\s+//; s/\s+$//; } # Do some validation unless(scalar(@certinfo) >= 2 && scalar(@certinfo) <= 3 && length($certinfo[0]) && length($certinfo[1]) ) { print "\nERROR: $certfile line '$_' does not contain valid information!\n"; Usage(); } push @certificates, [@certinfo]; # push data to two dimensional array } } # Remove any existing .sis packages unlink $unsigned_sis_name; if (!$onlyUnsigned) { unlink $signed_sis_name; } if (!$preservePkgOutput) { unlink $pkgoutput; } # Preprocess PKG local $/; # read template file open( TEMPLATE, $templatepkg) or die "ERROR: '$templatepkg': $!"; $_=<TEMPLATE>; close (TEMPLATE); # If the pkg file does not contain macros, there is no need for platform or target. if (m/\$\(PLATFORM\)/) { unless (length($platform) && length($target)) { print "\nERROR: Platform or target is not defined!\n"; Usage(); } } # replace the PKG variables s/\$\(PLATFORM\)/$platform/gm; s/\$\(TARGET\)/$target/gm; if ($installer_unsigned_app_sis_name ne "") { s/$installer_app_sis_name\"/$installer_unsigned_app_sis_name\"/; } #write the output open( OUTPUT, ">$pkgoutput" ) or die "ERROR: '$pkgoutput' $!"; print OUTPUT $_; close OUTPUT; if ($preprocessonly) { exit; } if($stub) { if(!($epocroot)) { die("ERROR: EPOCROOT must be set to create stub sis files"); } my $systeminstall = "${epocroot}epoc32/data/z/system/install"; mkpath($systeminstall); my $stub_sis_name = $systeminstall."/".$stub_sis_name; # Create stub SIS. system ("${epocToolsDir}makesis -s $pkgoutput $stub_sis_name"); } else { if ($certtext eq "Self Signed" && !@certificates && $templatepkg !~ m/_installer\.pkg$/i && !$onlyUnsigned) { my $patch_capabilities = File::Spec->catfile(dirname($0), "patch_capabilities"); if ($dontPatchCaps) { system ("$patch_capabilities -c $pkgoutput") and print ("Warning: Package check for self-signing viability failed. Installing the package on a device will most likely fail!\n\n"); } else { print("Auto-patching self-signed package.\n"); system ("$patch_capabilities $pkgoutput") and die ("ERROR: Automatic patching failed"); } } # Create SIS. # The 'and' is because system uses 0 to indicate success. system ("${epocToolsDir}makesis $pkgoutput $unsigned_sis_name") and die ("ERROR: makesis failed"); print("\n"); my $targetInsert = ""; if ($targetplatform ne "-") { $targetInsert = " for $targetplatform"; } if ($onlyUnsigned) { stat($unsigned_sis_name); if( -e _ ) { print ("Successfully created unsigned package ${unsigned_sis_name}${targetInsert}!\n"); } else { print ("\nUnsigned package creation failed!\n"); } if (!$preservePkgOutput) { unlink $pkgoutput; } print ("\n"); exit; } # Sign SIS with certificate info given as an argument. my $relcert = File::Spec->abs2rel($certificate); my $relkey = File::Spec->abs2rel($key); # The 'and' is because system uses 0 to indicate success. system ("${epocToolsDir}signsis $unsigned_sis_name $signed_sis_name $relcert $relkey $passphrase") and die ("ERROR: signsis failed"); # Check if creating signed SIS Succeeded stat($signed_sis_name); if( -e _ ) { print ("Successfully created signed package ${signed_sis_name}${targetInsert} using certificate: $certtext!\n"); # Sign with additional certificates & keys for my $row ( @certificates ) { # Get certificate absolute file names, relative paths are relative to certfilepath my $relcert = File::Spec->abs2rel(File::Spec->rel2abs( $row->[0], $certfilepath)); my $relkey = File::Spec->abs2rel(File::Spec->rel2abs( $row->[1], $certfilepath)); system ("${epocToolsDir}signsis $signed_sis_name $signed_sis_name $relcert $relkey $row->[2]"); print ("\tAdditionally signed the SIS with certificate: $row->[0]!\n"); } # remove temporary pkg and unsigned sis if (!$preservePkgOutput) { unlink $pkgoutput; } if (!$preserveUnsigned) { unlink $unsigned_sis_name; } # Install the sis if requested if ($install) { print ("\nInstalling $signed_sis_name...\n"); system ("$signed_sis_name"); } } else { # Lets leave the generated PKG for problem solving purposes print ("\nSIS creation failed!\n"); } print ("\n"); } #end of file