signing interface

direct/src/p3d/Packager.py

@@ -226,6 +226,7 @@ class Packager:
             self.compressionLevel = 0
             self.importedMapsDir = 'imported_maps'
             self.mainModule = None
+            self.signParams = []
             self.requires = []
 
             # This is the set of config variables assigned to the
@@ -532,6 +533,11 @@ class Packager:
             if self.p3dApplication:
                 self.makeP3dInfo()
             self.multifile.repack()
+
+            # Also sign the multifile before we close it.
+            for certificate, chain, pkey, password in self.signParams:
+                self.multifile.addSignature(certificate, chain or '', pkey or '', password or '')
+            
             self.multifile.close()
 
             if not multifileFilename.renameTo(self.packageFullpath):
@@ -2207,6 +2213,21 @@ class Packager:
 
         self.currentPackage.mainModule = (moduleName, newName)
 
+    def do_sign(self, certificate, chain = None, pkey = None, password = None):
+        """ Signs the resulting p3d file (or package multifile) with
+        the indicated certificate.  If needed, the chain file should
+        contain the list of additional certificate authorities needed
+        to validate the signing certificate.  The pkey file should
+        contain the private key.
+
+        It is also legal for the certificate file to contain the chain
+        and private key embedded within it.
+
+        If the private key is encrypted, the password should be
+        supplied. """
+
+        self.currentPackage.signParams.append((certificate, chain, pkey, password))
+
     def do_setupPanda3D(self):
         """ A special convenience command that adds the minimum
         startup modules for a panda3d package, intended for developers

direct/src/p3d/packp3d.py

@@ -30,6 +30,13 @@ Options:
      (this is preferable to having the module start itself immediately
      upon importing).
 
+  -S file.crt[,chain.crt[,file.key[,\"password\"]]]
+     Signs the resulting p3d with the indicated certificate.  You may
+     specify the signing certificate, the optional authorization
+     chain, and the private key in three different files, or they may
+     all be combined in the first file.  If the private key is
+     encrypted, the password will be required to decrypt it.
+
   -r package
      Names an additional package that this application requires at
      startup time.  The default package is 'panda3d'; you may repeat
@@ -65,12 +72,13 @@ class ArgumentError(StandardError):
     pass
 
 def makePackedApp(args):
-    opts, args = getopt.getopt(args, 'd:m:r:s:Dh')
+    opts, args = getopt.getopt(args, 'd:m:S:r:s:Dh')
 
     packager = Packager.Packager()
 
     root = Filename('.')
     main = None
+    signParams = []
     requires = []
     allowPythonDev = False
     
@@ -79,6 +87,8 @@ def makePackedApp(args):
             root = Filename.fromOsSpecific(value)
         elif option == '-m':
             main = value
+        elif option == '-S':
+            signParams.append(value)
         elif option == '-r':
             requires.append(value)
         elif option == '-s':
@@ -137,6 +147,13 @@ def makePackedApp(args):
         packager.do_dir(root)
         packager.do_mainModule(mainModule)
 
+        for param in signParams:
+            tokens = param.split(',')
+            while len(tokens) < 4:
+                tokens.append('')
+            certificate, chain, pkey, password = tokens[:4]
+            packager.do_sign(certificate, chain = chain, pkey = pkey, password = password)
+
         packager.endPackage()
         packager.close()