def SignTemplate(self, template_path, output_path, context=None):
"""Signs a given template and writes it to a given path."""
if not (template_path.endswith(".exe.zip") or
template_path.endswith(".msi.zip")):
raise RuntimeError(
"Signing templates is only worthwhile for windows, rpms are signed "
"at the package level and signing isn't supported for others.")
signing_context = []
if context:
signing_context.extend(context)
repack_config = RepackConfig().GetConfigFromTemplate(template_path)
build_context = repack_config["Template.build_context"]
signing_context.extend(build_context)
logging.debug("Signing template %s with context %s.", template_path,
signing_context)
signer = self.GetSigner(signing_context)
z_in = zipfile.ZipFile(open(template_path, "rb"))
with zipfile.ZipFile(
output_path, mode="w", compression=zipfile.ZIP_DEFLATED) as z_out:
build_helpers.CreateNewZipWithSignedLibs(
z_in, z_out, skip_signing_files=[], signer=signer)
def MakeDeployableBinary(self, template_path, output_path):
"""Repackage the template zip with the installer."""
context = self.context + ["Client Context"]
zip_data = io.BytesIO()
output_zip = zipfile.ZipFile(zip_data,
mode="w",
compression=zipfile.ZIP_DEFLATED)
z_template = zipfile.ZipFile(open(template_path, "rb"))
# Track which files we've copied already.
completed_files = [
"grr-client.exe", "GRRservice.exe", "dbg_grr-client.exe",
"dbg_GRRservice.exe"
]
# Change the name of the main binary to the configured name.
client_bin_name = config.CONFIG.Get("Client.binary_name",
context=context)
console_build = config.CONFIG.Get("ClientBuilder.console",
context=context)
if console_build:
client_filename = "dbg_grr-client.exe"
service_filename = "dbg_GRRservice.exe"
else:
client_filename = "grr-client.exe"
service_filename = "GRRservice.exe"
bin_name = z_template.getinfo(client_filename)
output_zip.writestr(client_bin_name, z_template.read(bin_name))
_CopyFileInZip(z_template, "grr-client.exe.manifest", output_zip,
"%s.manifest" % client_bin_name)
completed_files.append("grr-client.exe.manifest")
# Change the name of the service binary to the configured name.
service_template = z_template.getinfo(service_filename)
if config.CONFIG["Client.fleetspeak_enabled"]:
self._GenerateFleetspeakServiceConfig(output_zip)
else:
# Only copy the nanny if Fleetspeak is disabled.
service_bin_name = config.CONFIG.Get("Nanny.service_binary_name",
context=context)
output_zip.writestr(service_bin_name,
z_template.read(service_template))
if config.CONFIG["ClientBuilder.fleetspeak_bundled"]:
self._AddFleetspeakConfig(output_zip)
else:
# Remove bundled fleetspeak-client
completed_files.append("fleetspeak-client.exe")
if self.signed_template:
# If the template libs were already signed we can skip signing
build_helpers.CreateNewZipWithSignedLibs(
z_template, output_zip, ignore_files=completed_files)
else:
build_helpers.CreateNewZipWithSignedLibs(
z_template,
output_zip,
ignore_files=completed_files,
signer=self.signer)
output_zip.close()
return self._MakeSelfExtractingZip(zip_data.getvalue(), output_path)