-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/11/10 18:11, Samuli Seppänen wrote: > >> On 12/11/10 17:55, Peter Stuge wrote: >>> David Sommerseth wrote: >>>>>> Modified win/build_all.py so that build does not fail even if >>>>>> the optional signtool python class is not available. >>>>> What is it needed for? Is it really *always* optional? >>>> If I've understood it correctly, this is related to signing the Windows >>>> TUN/TAP driver. >>> Right. >> >> >>>> So if you don't have a signing key/tool available, it is still >>>> possible to build the rest of OpenVPN. >>> Fine, but this is not really acceptable when James&co builds OpenVPN, >>> so I am requesting a solution that allows them to specify to the >>> build process that they want a fatal error if signing is not >>> possible. >> >> That's a good point! I didn't think about this one. >> >> What about that the build script stops up and asks if it should continue >> without signing? And in addition having a command line argument >> accepting building without signing? This latter one is more useful for >> automated community builds of the allmerged branch from >> openvpn-testing.git. >> >> >> kind regards, >> >> David Sommerseth > What if build_all.py did this: > > - Check if SIGNTOOL is enabled in settings.in: > - Yes: fail if can't import "sign" module > - No: don't fail if can't import "sign" module > > I think existence of the SIGNTOOL variable gives a good clue of user's > intentions. Note that the build will also fail if SIGNTOOL is defined > and signtool.exe is not copied to the correct place > (../signtool/signtool.exe). >
That's fine ... but what Peter raises as a concern, which I do agree to, is that if James' build system is changed and the driver is not signed, earlier this would cause to a halt in the building process. With your patch, OpenVPN + the driver will be built and not signed. So it's just to catch that "yes, we want to do a build without signing the driver" and to really sign-off that explicitly when doing the build. As James' should never do a release build without signing the driver. kind regards, David Sommerseth -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkzdd7gACgkQDC186MBRfrpmGwCfXbMtUuoDmuWXTn5wOeAYy9s9 +BAAoKqWatGOoLIonfuV30UrRCczrKQn =bSuy -----END PGP SIGNATURE-----