gpg: Update list of card vendors from master
[gnupg.git] / build-aux / speedo.mk
index ae84d66..2b3b72b 100644 (file)
@@ -52,52 +52,72 @@ SPEEDO_MK := $(realpath $(lastword $(MAKEFILE_LIST)))
 help:
        @echo 'usage: make -f speedo.mk TARGET'
        @echo '       with TARGET being one of:'
-       @echo '  help           This help'
-       @echo '  native         Native build of the GnuPG core'
-       @echo '  native-gui     Ditto but with pinentry and GPA'
-       @echo '  w32-installer  Build a Windows installer'
-       @echo '  w32-source     Pack a source archive'
+       @echo '  help               This help'
+       @echo '  native             Native build of the GnuPG core'
+       @echo '  native-gui         Ditto but with pinentry and GPA'
+       @echo '  w32-installer      Build a Windows installer'
+       @echo '  w32-source         Pack a source archive'
+       @echo '  w32-release        Build a Windows release'
+       @echo '  w32-sign-installer Sign the installer'
        @echo
-       @echo 'Prepend TARGET with "git-" to build from GIT repos'
-       @echo 'Prepend TARGET with "this-" to build from the source tarball'
+       @echo 'You may append INSTALL_PREFIX=<dir> for native builds.'
+       @echo 'Prepend TARGET with "git-" to build from GIT repos.'
+       @echo 'Prepend TARGET with "this-" to build from the source tarball.'
+       @echo 'Use SELFCHECK=0 for a non-released version.'
+       @echo 'Use CUSTOM_SWDB=1 for an already downloaded swdb.lst.'
 
 SPEEDOMAKE := $(MAKE) -f $(SPEEDO_MK) UPD_SWDB=1
 
-native:
+native: check-tools
        $(SPEEDOMAKE) TARGETOS=native WHAT=release WITH_GUI=0 all
 
-git-native:
+git-native: check-tools
        $(SPEEDOMAKE) TARGETOS=native WHAT=git     WITH_GUI=0 all
 
-this-native:
+this-native: check-tools
        $(SPEEDOMAKE) TARGETOS=native WHAT=this    WITH_GUI=0 all
 
-native-gui:
+native-gui: check-tools
        $(SPEEDOMAKE) TARGETOS=native WHAT=release WITH_GUI=1 all
 
-git-native-gui:
+git-native-gui: check-tools
        $(SPEEDOMAKE) TARGETOS=native WHAT=git     WITH_GUI=1 all
 
-this-native-gui:
+this-native-gui: check-tools
        $(SPEEDOMAKE) TARGETOS=native WHAT=this    WITH_GUI=1 all
 
-w32-installer:
-       $(SPEEDOMAKE) TARGETOS=w32    WHAT=release WITH_GUI=1 installer
+w32-installer: check-tools
+       $(SPEEDOMAKE) TARGETOS=w32    WHAT=release WITH_GUI=0 installer
 
-git-w32-installer:
-       $(SPEEDOMAKE) TARGETOS=w32    WHAT=git     WITH_GUI=1 installer
+git-w32-installer: check-tools
+       $(SPEEDOMAKE) TARGETOS=w32    WHAT=git     WITH_GUI=0 installer
 
-this-w32-installer:
-       $(SPEEDOMAKE) TARGETOS=w32    WHAT=this    WITH_GUI=1 installer
+this-w32-installer: check-tools
+       $(SPEEDOMAKE) TARGETOS=w32    WHAT=this    WITH_GUI=0 \
+                                                  CUSTOM_SWDB=1 installer
 
-w32-source:
-       $(SPEEDOMAKE) TARGETOS=w32    WHAT=release WITH_GUI=1 dist-source
+w32-source: check-tools
+       $(SPEEDOMAKE) TARGETOS=w32    WHAT=release WITH_GUI=0 dist-source
 
-git-w32-source:
-       $(SPEEDOMAKE) TARGETOS=w32    WHAT=git     WITH_GUI=1 dist-source
+git-w32-source: check-tools
+       $(SPEEDOMAKE) TARGETOS=w32    WHAT=git     WITH_GUI=0 dist-source
 
-this-w32-source:
-       $(SPEEDOMAKE) TARGETOS=w32    WHAT=git     WITH_GUI=1 dist-source
+this-w32-source: check-tools
+       $(SPEEDOMAKE) TARGETOS=w32    WHAT=this    WITH_GUI=0 \
+                                                  CUSTOM_SWDB=1 dist-source
+
+w32-release: check-tools
+       $(SPEEDOMAKE) TARGETOS=w32 WHAT=release    WITH_GUI=0 SELFCHECK=0 \
+                                                   installer-from-source
+
+w32-sign-installer: check-tools
+       $(SPEEDOMAKE) TARGETOS=w32 WHAT=release    WITH_GUI=0 SELFCHECK=0 \
+                                                   sign-installer
+
+w32-release-offline: check-tools
+       $(SPEEDOMAKE) TARGETOS=w32 WHAT=release    WITH_GUI=0 SELFCHECK=0 \
+         CUSTOM_SWDB=1 pkgrep=${HOME}/b pkg10rep=${HOME}/b  \
+         installer-from-source
 
 
 # Set this to "git" to build from git,
@@ -106,14 +126,20 @@ this-w32-source:
 WHAT=git
 
 # Set target to "native" or "w32"
-TARGETOS=w32
+TARGETOS=
 
 # Set to 1 to build the GUI tools
 WITH_GUI=0
 
+# Set to 1 to use a pre-installed swdb.lst instead of the online version.
+CUSTOM_SWDB=0
+
 # Set to 1 to really download the swdb.
 UPD_SWDB=0
 
+# Set to 0 to skip the GnuPG version self-check
+SELFCHECK=1
+
 # Set to the location of the directory with tarballs of
 # external packages.
 TARBALLS=$(shell pwd)/../tarballs
@@ -124,6 +150,12 @@ MAKE_J=3
 # Name to use for the w32 installer and sources
 INST_NAME=gnupg-w32
 
+# Use this to override the installaion directory for native builds.
+INSTALL_PREFIX=none
+
+# The Authenticode key used to sign the Windows installer
+AUTHENTICODE_KEY=${HOME}/.gnupg/g10code-authenticode-key.p12
+
 
 # Directory names.
 # They must be absolute, as we switch directories pretty often.
@@ -131,7 +163,11 @@ root := $(shell pwd)/PLAY
 sdir := $(root)/src
 bdir := $(root)/build
 bdir6:= $(root)/build-w64
+ifeq ($(INSTALL_PREFIX),none)
 idir := $(root)/inst
+else
+idir := $(abspath $(INSTALL_PREFIX))
+endif
 idir6:= $(root)/inst-w64
 stampdir := $(root)/stamps
 topsrc := $(shell cd $(dir $(SPEEDO_MK)).. && pwd)
@@ -148,97 +184,164 @@ speedo_spkgs  = \
 
 ifeq ($(TARGETOS),w32)
 speedo_spkgs += \
-       zlib libiconv gettext
+       zlib bzip2 sqlite
+ifeq ($(WITH_GUI),1)
+speedo_spkgs += gettext libiconv
+endif
+endif
+
+speedo_spkgs += \
+       libassuan libksba
+
+ifeq ($(TARGETOS),w32)
+speedo_spkgs += \
+       ntbtls
 endif
 
 speedo_spkgs += \
-       libassuan libksba gnupg
+       gnupg
 
 ifeq ($(TARGETOS),w32)
+ifeq ($(WITH_GUI),1)
 speedo_spkgs += \
        libffi glib pkg-config
 endif
+endif
 
 speedo_spkgs += \
        gpgme
 
 ifeq ($(TARGETOS),w32)
+ifeq ($(WITH_GUI),1)
 speedo_spkgs += \
        libpng \
        gdk-pixbuf atk pixman cairo pango gtk+
 endif
+endif
 
+ifeq ($(TARGETOS),w32)
 
+speedo_spkgs += pinentry
 ifeq ($(WITH_GUI),1)
-speedo_spkgs += \
-       pinentry gpa
+speedo_spkgs += gpa gpgex
+endif
+
+else
+
+ifeq ($(WITH_GUI),1)
+speedo_spkgs += pinentry gpa
 endif
 
-ifeq ($(TARGETOS),w32)
-speedo_spkgs += \
-       gpgex
 endif
 
+
 # =====END LIST OF PACKAGES=====
 
 
-# Packages which are additionally build for 64 bit Windows
-speedo_w64_spkgs  = \
-       libgpg-error libiconv gettext libassuan gpgex
+# Packages which are additionally build for 64 bit Windows.  They are
+# only used for gpgex and thus we need to build them only if we want
+# a full installer.
+speedo_w64_spkgs  =
+ifeq ($(WITH_GUI),1)
+speedo_w64_spkgs += libgpg-error libiconv gettext libassuan gpgex
+endif
 
 # Packages which use the gnupg autogen.sh build style
 speedo_gnupg_style = \
        libgpg-error npth libgcrypt  \
-       libassuan libksba gnupg gpgme \
+       libassuan libksba ntbtls gnupg gpgme \
        pinentry gpa gpgex
 
 # Packages which use only make and no build directory
 speedo_make_only_style = \
-       zlib
+       zlib bzip2
 
 # Get the content of the software DB.
+ifeq ($(CUSTOM_SWDB),1)
+getswdb_options = --skip-download --skip-verify
+else
+getswdb_options =
+endif
+ifeq ($(SELFCHECK),0)
+getswdb_options += --skip-selfcheck
+endif
 ifeq ($(UPD_SWDB),1)
-SWDB := $(shell $(topsrc)/build-aux/getswdb.sh && echo okay)
+SWDB := $(shell $(topsrc)/build-aux/getswdb.sh $(getswdb_options) && echo okay)
 ifeq ($(strip $(SWDB)),)
+ifneq ($(WHAT),git)
 $(error Error getting GnuPG software version database)
 endif
+endif
 
 # Version numbers of the released packages
-gnupg_ver = $(shell cat $(topsrc)/VERSION)
+gnupg_ver_this = $(shell cat $(topsrc)/VERSION)
+
+gnupg_ver        := $(shell awk '$$1=="gnupg22_ver" {print $$2}' swdb.lst)
 
 libgpg_error_ver := $(shell awk '$$1=="libgpg_error_ver" {print $$2}' swdb.lst)
 libgpg_error_sha1:= $(shell awk '$$1=="libgpg_error_sha1" {print $$2}' swdb.lst)
+libgpg_error_sha2:= $(shell awk '$$1=="libgpg_error_sha2" {print $$2}' swdb.lst)
 
 npth_ver  := $(shell awk '$$1=="npth_ver" {print $$2}' swdb.lst)
 npth_sha1 := $(shell awk '$$1=="npth_sha1" {print $$2}' swdb.lst)
+npth_sha2 := $(shell awk '$$1=="npth_sha2" {print $$2}' swdb.lst)
 
 libgcrypt_ver  := $(shell awk '$$1=="libgcrypt_ver" {print $$2}' swdb.lst)
 libgcrypt_sha1 := $(shell awk '$$1=="libgcrypt_sha1" {print $$2}' swdb.lst)
+libgcrypt_sha2 := $(shell awk '$$1=="libgcrypt_sha2" {print $$2}' swdb.lst)
 
 libassuan_ver  := $(shell awk '$$1=="libassuan_ver" {print $$2}' swdb.lst)
 libassuan_sha1 := $(shell awk '$$1=="libassuan_sha1" {print $$2}' swdb.lst)
+libassuan_sha2 := $(shell awk '$$1=="libassuan_sha2" {print $$2}' swdb.lst)
 
 libksba_ver  := $(shell awk '$$1=="libksba_ver" {print $$2}' swdb.lst)
 libksba_sha1 := $(shell awk '$$1=="libksba_sha1" {print $$2}' swdb.lst)
+libksba_sha2 := $(shell awk '$$1=="libksba_sha2" {print $$2}' swdb.lst)
+
+ntbtls_ver  := $(shell awk '$$1=="ntbtls_ver" {print $$2}' swdb.lst)
+ntbtls_sha1 := $(shell awk '$$1=="ntbtls_sha1" {print $$2}' swdb.lst)
+ntbtls_sha2 := $(shell awk '$$1=="ntbtls_sha2" {print $$2}' swdb.lst)
 
 gpgme_ver  := $(shell awk '$$1=="gpgme_ver" {print $$2}' swdb.lst)
 gpgme_sha1 := $(shell awk '$$1=="gpgme_sha1" {print $$2}' swdb.lst)
+gpgme_sha2 := $(shell awk '$$1=="gpgme_sha2" {print $$2}' swdb.lst)
 
 pinentry_ver  := $(shell awk '$$1=="pinentry_ver" {print $$2}' swdb.lst)
 pinentry_sha1 := $(shell awk '$$1=="pinentry_sha1" {print $$2}' swdb.lst)
+pinentry_sha2 := $(shell awk '$$1=="pinentry_sha2" {print $$2}' swdb.lst)
 
 gpa_ver  := $(shell awk '$$1=="gpa_ver" {print $$2}' swdb.lst)
 gpa_sha1 := $(shell awk '$$1=="gpa_sha1" {print $$2}' swdb.lst)
+gpa_sha2 := $(shell awk '$$1=="gpa_sha2" {print $$2}' swdb.lst)
 
 gpgex_ver  := $(shell awk '$$1=="gpgex_ver" {print $$2}' swdb.lst)
 gpgex_sha1 := $(shell awk '$$1=="gpgex_sha1" {print $$2}' swdb.lst)
+gpgex_sha2 := $(shell awk '$$1=="gpgex_sha2" {print $$2}' swdb.lst)
+
+zlib_ver  := $(shell awk '$$1=="zlib_ver" {print $$2}' swdb.lst)
+zlib_sha1 := $(shell awk '$$1=="zlib_sha1_gz" {print $$2}' swdb.lst)
+zlib_sha2 := $(shell awk '$$1=="zlib_sha2_gz" {print $$2}' swdb.lst)
+
+bzip2_ver  := $(shell awk '$$1=="bzip2_ver" {print $$2}' swdb.lst)
+bzip2_sha1 := $(shell awk '$$1=="bzip2_sha1_gz" {print $$2}' swdb.lst)
+bzip2_sha2 := $(shell awk '$$1=="bzip2_sha2_gz" {print $$2}' swdb.lst)
+
+sqlite_ver  := $(shell awk '$$1=="sqlite_ver" {print $$2}' swdb.lst)
+sqlite_sha1 := $(shell awk '$$1=="sqlite_sha1_gz" {print $$2}' swdb.lst)
+sqlite_sha2 := $(shell awk '$$1=="sqlite_sha2_gz" {print $$2}' swdb.lst)
+
 
 $(info Information from the version database)
-$(info GnuPG ..........: $(gnupg_ver))
+$(info GnuPG ..........: $(gnupg_ver) (building $(gnupg_ver_this)))
 $(info Libgpg-error ...: $(libgpg_error_ver))
 $(info Npth ...........: $(npth_ver))
 $(info Libgcrypt ......: $(libgcrypt_ver))
 $(info Libassuan ......: $(libassuan_ver))
+$(info Libksba ........: $(libksba_ver))
+$(info Zlib ...........: $(zlib_ver))
+$(info Bzip2 ..........: $(bzip2_ver))
+$(info SQLite .........: $(sqlite_ver))
+$(info NtbTLS .. ......: $(ntbtls_ver))
 $(info GPGME ..........: $(gpgme_ver))
 $(info Pinentry .......: $(pinentry_ver))
 $(info GPA ............: $(gpa_ver))
@@ -247,7 +350,6 @@ endif
 
 # Version number for external packages
 pkg_config_ver = 0.23
-zlib_ver = 1.2.8
 libiconv_ver = 1.14
 gettext_ver = 0.18.2.1
 libffi_ver = 3.0.13
@@ -260,13 +362,13 @@ pixman_ver = 0.32.4
 cairo_ver = 1.12.16
 gtk__ver = 2.24.17
 
-
 # The GIT repository.  Using a local repo is much faster.
 #gitrep = git://git.gnupg.org
 gitrep = ${HOME}/s
 
 # The tarball directories
 pkgrep = ftp://ftp.gnupg.org/gcrypt
+pkg10rep = ftp://ftp.g10code.com/g10code
 pkg2rep = $(TARBALLS)
 
 # For each package, the following variables can be defined:
@@ -300,9 +402,11 @@ else ifeq ($(WHAT),git)
   speedo_pkg_libassuan_git = $(gitrep)/libassuan
   speedo_pkg_libassuan_gitref = master
   speedo_pkg_libgcrypt_git = $(gitrep)/libgcrypt
-  speedo_pkg_libgcrypt_gitref = LIBGCRYPT-1-6-BRANCH
+  speedo_pkg_libgcrypt_gitref = master
   speedo_pkg_libksba_git = $(gitrep)/libksba
   speedo_pkg_libksba_gitref = master
+  speedo_pkg_ntbtls_git = $(gitrep)/ntbtls
+  speedo_pkg_ntbtls_gitref = master
   speedo_pkg_gpgme_git = $(gitrep)/gpgme
   speedo_pkg_gpgme_gitref = master
   speedo_pkg_pinentry_git = $(gitrep)/pinentry
@@ -322,6 +426,8 @@ else ifeq ($(WHAT),release)
        $(pkgrep)/libgcrypt/libgcrypt-$(libgcrypt_ver).tar.bz2
   speedo_pkg_libksba_tar = \
        $(pkgrep)/libksba/libksba-$(libksba_ver).tar.bz2
+  speedo_pkg_ntbtls_tar = \
+       $(pkgrep)/ntbtls/ntbtls-$(ntbtls_ver).tar.bz2
   speedo_pkg_gpgme_tar = \
        $(pkgrep)/gpgme/gpgme-$(gpgme_ver).tar.bz2
   speedo_pkg_pinentry_tar = \
@@ -329,13 +435,15 @@ else ifeq ($(WHAT),release)
   speedo_pkg_gpa_tar = \
        $(pkgrep)/gpa/gpa-$(gpa_ver).tar.bz2
   speedo_pkg_gpgex_tar = \
-       $(pkgrep)/gpex/gpgex-$(gpa_ver).tar.bz2
+       $(pkg10rep)/gpgex/gpgex-$(gpgex_ver).tar.bz2
 else
   $(error invalid value for WHAT (use on of: git release this))
 endif
 
 speedo_pkg_pkg_config_tar = $(pkg2rep)/pkg-config-$(pkg_config_ver).tar.gz
-speedo_pkg_zlib_tar       = $(pkg2rep)/zlib-$(zlib_ver).tar.gz
+speedo_pkg_zlib_tar       = $(pkgrep)/zlib/zlib-$(zlib_ver).tar.gz
+speedo_pkg_bzip2_tar      = $(pkgrep)/bzip2/bzip2-$(bzip2_ver).tar.gz
+speedo_pkg_sqlite_tar     = $(pkgrep)/sqlite/sqlite-autoconf-$(sqlite_ver).tar.gz
 speedo_pkg_libiconv_tar   = $(pkg2rep)/libiconv-$(libiconv_ver).tar.gz
 speedo_pkg_gettext_tar    = $(pkg2rep)/gettext-$(gettext_ver).tar.gz
 speedo_pkg_libffi_tar     = $(pkg2rep)/libffi-$(libffi_ver).tar.gz
@@ -363,31 +471,58 @@ speedo_pkg_libgcrypt_configure = --disable-static
 
 speedo_pkg_libksba_configure = --disable-static
 
-speedo_pkg_gnupg_configure = --enable-gpg2-is-gpg --disable-g13
+# For now we build ntbtls only static
+speedo_pkg_ntbtls_configure = --enable-static --disable-shared
+
+ifeq ($(TARGETOS),w32)
+speedo_pkg_gnupg_configure = \
+        --disable-g13 --enable-ntbtls \
+        --enable-build-timestamp
+else
+speedo_pkg_gnupg_configure = --disable-g13
+endif
 speedo_pkg_gnupg_extracflags = -g
 
+# Create the version info files only for W32 so that they won't get
+# installed if for example INSTALL_PREFIX=/usr/local is used.
+ifeq ($(TARGETOS),w32)
 define speedo_pkg_gnupg_post_install
 (set -e; \
  sed -n  's/.*PACKAGE_VERSION "\(.*\)"/\1/p' config.h >$(idir)/INST_VERSION; \
  sed -n  's/.*W32INFO_VI_PRODUCTVERSION \(.*\)/\1/p' common/w32info-rc.h \
     |sed 's/,/./g' >$(idir)/INST_PROD_VERSION )
 endef
-
+endif
 
 # The LDFLAGS is needed for -lintl for glib.
+ifeq ($(WITH_GUI),1)
 speedo_pkg_gpgme_configure = \
        --enable-static --enable-w32-glib --disable-w32-qt \
        --with-gpg-error-prefix=$(idir) \
        LDFLAGS=-L$(idir)/lib
+else
+speedo_pkg_gpgme_configure = \
+       --disable-static --disable-w32-glib --disable-w32-qt \
+       --with-gpg-error-prefix=$(idir) \
+       LDFLAGS=-L$(idir)/lib
+endif
+
 
-speedo_pkg_pinentry_configure = \
-       --disable-pinentry-qt --disable-pinentry-qt4 --disable-pinentry-gtk \
-       --enable-pinentry-gtk2 \
-       --with-glib-prefix=$(idir) --with-gtk-prefix=$(idir) \
+ifeq ($(TARGETOS),w32)
+speedo_pkg_pinentry_configure = --disable-pinentry-gtk2
+else
+speedo_pkg_pinentry_configure = --enable-pinentry-gtk2
+endif
+speedo_pkg_pinentry_configure += \
+        --disable-pinentry-qt5   \
+        --disable-pinentry-qt    \
+       --disable-pinentry-fltk  \
+       --disable-pinentry-tty   \
        CPPFLAGS=-I$(idir)/include   \
        LDFLAGS=-L$(idir)/lib        \
        CXXFLAGS=-static-libstdc++
 
+
 speedo_pkg_gpa_configure = \
         --with-libiconv-prefix=$(idir) --with-libintl-prefix=$(idir) \
         --with-gpgme-prefix=$(idir) --with-zlib=$(idir) \
@@ -395,11 +530,13 @@ speedo_pkg_gpa_configure = \
 
 speedo_pkg_gpgex_configure = \
        --with-gpg-error-prefix=$(idir) \
-       --with-libassuan-prefix=$(idir)
+       --with-libassuan-prefix=$(idir) \
+       --enable-gpa-only
 
 speedo_pkg_w64_gpgex_configure = \
        --with-gpg-error-prefix=$(idir6) \
-       --with-libassuan-prefix=$(idir6)
+       --with-libassuan-prefix=$(idir6) \
+       --enable-gpa-only
 
 
 #
@@ -438,6 +575,13 @@ endef
 
 endif
 
+ifeq ($(TARGETOS),w32)
+speedo_pkg_bzip2_make_args = \
+       CC="$(host)-gcc" AR="$(host)-ar" RANLIB="$(host)-ranlib"
+
+speedo_pkg_bzip2_make_args_inst = \
+       PREFIX=$(idir) CC="$(host)-gcc" AR="$(host)-ar" RANLIB="$(host)-ranlib"
+endif
 
 speedo_pkg_w64_libiconv_configure = \
        --enable-shared=no --enable-static=yes
@@ -531,16 +675,33 @@ W32CC = i686-w64-mingw32-gcc
 
 MKDIR=mkdir
 MAKENSIS=makensis
+SHA1SUM := $(shell $(topsrc)/build-aux/getswdb.sh --find-sha1sum)
+ifeq ($(SHA1SUM),false)
+$(error The sha1sum tool is missing)
+endif
+SHA2SUM := $(shell $(topsrc)/build-aux/getswdb.sh --find-sha256sum)
+ifeq ($(SHA2SUM),false)
+$(error The sha256sum tool is missing)
+endif
+
+
 BUILD_ISODATE=$(shell date -u +%Y-%m-%d)
+BUILD_DATESTR=$(subst -,,$(BUILD_ISODATE))
 
 # The next two macros will work only after gnupg has been build.
+ifeq ($(TARGETOS),w32)
 INST_VERSION=$(shell head -1 $(idir)/INST_VERSION)
 INST_PROD_VERSION=$(shell head -1 $(idir)/INST_PROD_VERSION)
+endif
 
 # List with packages
 speedo_build_list = $(speedo_spkgs)
 speedo_w64_build_list = $(speedo_w64_spkgs)
 
+# To avoid running external commands during the read phase (":=" style
+# assignments), we check that the targetos has been given
+ifneq ($(TARGETOS),)
+
 # Determine build and host system
 build := $(shell $(topsrc)/autogen.sh --silent --print-build)
 ifeq ($(TARGETOS),w32)
@@ -564,6 +725,8 @@ else
   speedo_makeopt=-j$(MAKE_J)
 endif
 
+# End non-empty TARGETOS
+endif
 
 
 
@@ -597,6 +760,8 @@ define SETVARS
         git="$(call GETVAR,speedo_pkg_$(1)_git)";                       \
         gitref="$(call GETVAR,speedo_pkg_$(1)_gitref)";                 \
         tar="$(call GETVAR,speedo_pkg_$(1)_tar)";                       \
+        ver="$(call GETVAR,$(1)_ver)";                                  \
+        sha2="$(call GETVAR,$(1)_sha2)";                                \
         sha1="$(call GETVAR,$(1)_sha1)";                                \
         pkgsdir="$(sdir)/$(1)";                                         \
         if [ "$(1)" = "gnupg" ]; then                                   \
@@ -631,6 +796,8 @@ define SETVARS_W64
         git="$(call GETVAR,speedo_pkg_$(1)_git)";                       \
         gitref="$(call GETVAR,speedo_pkg_$(1)_gitref)";                 \
         tar="$(call GETVAR,speedo_pkg_$(1)_tar)";                       \
+        ver="$(call GETVAR,$(1)_ver)";                                  \
+        sha2="$(call GETVAR,$(1)_sha2)";                                \
         sha1="$(call GETVAR,$(1)_sha1)";                                \
         pkgsdir="$(sdir)/$(1)";                                         \
         if [ "$(1)" = "gnupg" ]; then                                   \
@@ -694,22 +861,31 @@ $(stampdir)/stamp-$(1)-00-unpack: $(stampdir)/stamp-directories
          elif [ -n "$$$${tar}" ]; then                 \
           echo "speedo: unpacking $(1) from $$$${tar}"; \
            case "$$$${tar}" in                         \
-             *.gz) opt=z ;;                            \
-             *.bz2) opt=j ;;                           \
-            *.xz) opt=J ;;                             \
-             *) opt= ;;                                        \
+             *.gz) pretar=zcat ;;                      \
+             *.bz2) pretar=bzcat ;;                    \
+            *.xz) pretar=xzcat ;;                      \
+             *) pretar=cat ;;                          \
            esac;                                       \
            [ -f tmp.tgz ] && rm tmp.tgz;                \
            case "$$$${tar}" in                         \
-            /*) tar x$$$${opt}f - < $$$${tar} ;;       \
-            *)  wget -q -O - $$$${tar} | tee tmp.tgz | tar x$$$${opt}f - ;; \
+            /*) $$$${pretar} < $$$${tar} | tar xf - ;; \
+            *)  wget -q -O - $$$${tar} | tee tmp.tgz   \
+                  | $$$${pretar} | tar x$$$${opt}f - ;; \
           esac;                                        \
           if [ -f tmp.tgz ]; then                      \
-            if [ -n "$$$${sha1}" ]; then               \
-               tmp=$$$$(sha1sum <tmp.tgz|cut -d' ' -f1);\
+            if [ -n "$$$${sha2}" ]; then               \
+               tmp=$$$$($(SHA2SUM) <tmp.tgz|cut -d' ' -f1);\
+               if [ "$$$${tmp}" != "$$$${sha2}" ]; then \
+                echo "speedo:";                        \
+                 echo "speedo: ERROR: SHA-256 checksum mismatch for $(1)";\
+                echo "speedo:";                        \
+                 exit 1;                                \
+               fi;                                      \
+            elif [ -n "$$$${sha1}" ]; then            \
+               tmp=$$$$($(SHA1SUM) <tmp.tgz|cut -d' ' -f1);\
                if [ "$$$${tmp}" != "$$$${sha1}" ]; then \
                 echo "speedo:";                        \
-                 echo "speedo: ERROR: checksum mismatch for $(1)";\
+                 echo "speedo: ERROR: SHA-1 checksum mismatch for $(1)";\
                 echo "speedo:";                        \
                  exit 1;                                \
                fi;                                      \
@@ -724,9 +900,13 @@ $(stampdir)/stamp-$(1)-00-unpack: $(stampdir)/stamp-directories
                  | sed -e 's,\.tar.*$$$$,,'`;          \
           mv $$$${base} $(1);                          \
           patch="$(patdir)/$(1)-$$$${base#$(1)-}.patch";\
+          patchx="$(patdir)/$(1).patch";               \
           if [ -x "$$$${patch}" ]; then                \
              echo "speedo: applying patch $$$${patch}"; \
              cd $(1); "$$$${patch}";                   \
+          elif [ -x "$$$${patchx}" ]; then             \
+             echo "speedo: applying patch $$$${patchx}";\
+             cd $(1); "$$$${patchx}";                  \
           elif [ -f "$$$${patch}" ]; then              \
              echo "speedo: warning: $$$${patch} is not executable"; \
           fi;                                          \
@@ -817,7 +997,7 @@ else
        @($(call SETVARS,$(1));                         \
           cd "$$$${pkgbdir}";                          \
          test -n "$$$${pkgmkdir}" && cd "$$$${pkgmkdir}"; \
-         $(MAKE) --no-print-directory $(speedo_makeopt) $$$${pkgmkargs} V=1)
+         $(MAKE) --no-print-directory $(speedo_makeopt) $$$${pkgmkargs} V=0)
 endif
        @touch $(stampdir)/stamp-$(1)-02-make
 
@@ -832,7 +1012,7 @@ else
        @($(call SETVARS_W64,$(1));                             \
           cd "$$$${pkgbdir}";                          \
          test -n "$$$${pkgmkdir}" && cd "$$$${pkgmkdir}"; \
-         $(MAKE) --no-print-directory $(speedo_makeopt) $$$${pkgmkargs} V=1)
+         $(MAKE) --no-print-directory $(speedo_makeopt) $$$${pkgmkargs} V=0)
 endif
        @touch $(stampdir)/stamp-w64-$(1)-02-make
 
@@ -844,7 +1024,7 @@ ifneq ($(findstring $(1),$(speedo_make_only_style)),)
        @($(call SETVARS,$(1));                         \
           cd "$$$${pkgsdir}";                          \
          test -n "$$$${pkgmkdir}" && cd "$$$${pkgmkdir}"; \
-         $(MAKE) --no-print-directory $$$${pkgmkargs_inst} install V=1;\
+         $(MAKE) --no-print-directory $$$${pkgmkargs_inst} install V=0;\
          $(call speedo_pkg_$(call FROB_macro,$(1))_post_install))
 else
        @($(call SETVARS,$(1));                         \
@@ -861,7 +1041,7 @@ ifneq ($(findstring $(1),$(speedo_make_only_style)),)
        @($(call SETVARS_W64,$(1));                             \
           cd "$$$${pkgsdir}";                          \
          test -n "$$$${pkgmkdir}" && cd "$$$${pkgmkdir}"; \
-         $(MAKE) --no-print-directory $$$${pkgmkargs_inst} install V=1;\
+         $(MAKE) --no-print-directory $$$${pkgmkargs_inst} install V=0;\
          $(call speedo_pkg_$(call FROB_macro,$(1))_post_install))
 else
        @($(call SETVARS_W64,$(1));                             \
@@ -873,6 +1053,9 @@ endif
        touch $(stampdir)/stamp-w64-$(1)-03-install
 
 $(stampdir)/stamp-final-$(1): $(stampdir)/stamp-$(1)-03-install
+       @($(call SETVARS,$(1));                                  \
+         printf "%-14s %-12s %s\n" $(1) "$$$${ver}" "$$$${sha1}" \
+             >> $(bdir)/pkg-versions.txt)
        @echo "speedo: $(1) done"
        @touch $(stampdir)/stamp-final-$(1)
 
@@ -922,13 +1105,16 @@ endef
 # Insert the template for each source package.
 $(foreach spkg, $(speedo_spkgs), $(eval $(call SPKG_template,$(spkg))))
 
-$(stampdir)/stamp-final: $(stampdir)/stamp-directories
+$(stampdir)/stamp-final: $(stampdir)/stamp-directories clean-pkg-versions
 ifeq ($(TARGETOS),w32)
 $(stampdir)/stamp-final: $(addprefix $(stampdir)/stamp-w64-final-,$(speedo_w64_build_list))
 endif
 $(stampdir)/stamp-final: $(addprefix $(stampdir)/stamp-final-,$(speedo_build_list))
        touch $(stampdir)/stamp-final
 
+clean-pkg-versions:
+        @: >$(bdir)/pkg-versions.txt
+
 all-speedo: $(stampdir)/stamp-final
 
 report-speedo: $(addprefix report-,$(speedo_build_list))
@@ -944,32 +1130,45 @@ clean-speedo:
 #
 # Windows installer
 #
+# {{{
+ifeq ($(TARGETOS),w32)
 
-dist-source: all
+dist-source: installer
        for i in 00 01 02 03; do sleep 1;touch PLAY/stamps/stamp-*-${i}-*;done
        (set -e;\
-        tarname="$(INST_NAME)-$(INST_VERSION)_$(BUILD_ISODATE).tar" ;\
+        tarname="$(INST_NAME)-$(INST_VERSION)_$(BUILD_DATESTR).tar" ;\
         [ -f "$$tarname" ] && rm "$$tarname" ;\
-         tar -C $(topsrc) -cf "$$tarname" --exclude-backups --exclude-vc \
+         tar -C $(topsrc) -cf "$$tarname" --exclude-backups --exclude-vcs \
              --transform='s,^\./,$(INST_NAME)-$(INST_VERSION)/,' \
              --anchored --exclude './PLAY' . ;\
-        tar --totals -rf "$$tarname" --exclude-backups --exclude-vc \
+        tar --totals -rf "$$tarname" --exclude-backups --exclude-vcs \
               --transform='s,^,$(INST_NAME)-$(INST_VERSION)/,' \
-            PLAY/stamps/stamp-*-00-unpack PLAY/src ;\
+            PLAY/stamps/stamp-*-00-unpack PLAY/src swdb.lst swdb.lst.sig ;\
+        [ -f "$$tarname".xz ] && rm "$$tarname".xz;\
          xz "$$tarname" ;\
        )
 
 
+# Extract the two latest news entries.  */
 $(bdir)/NEWS.tmp: $(topsrc)/NEWS
-       sed -e '/^#/d' <$(topsrc)/NEWS >$(bdir)/NEWS.tmp
+       awk '/^Notewo/ {if(okay>1){exit}; okay++};okay {print $0}' \
+           <$(topsrc)/NEWS  >$(bdir)/NEWS.tmp
+
+# Sort the file with the package versions.
+$(bdir)/pkg-versions.sorted: $(bdir)/pkg-versions.txt
+       grep -v '^gnupg ' <$(bdir)/pkg-versions.txt \
+           | sort | uniq >$(bdir)/pkg-versions.sorted
 
-$(bdir)/README.txt: $(bdir)/NEWS.tmp $(w32src)/README.txt \
-                    $(w32src)/pkg-copyright.txt
+$(bdir)/README.txt: $(bdir)/NEWS.tmp $(topsrc)/README $(w32src)/README.txt \
+                    $(w32src)/pkg-copyright.txt $(bdir)/pkg-versions.sorted
        sed -e '/^;.*/d;' \
-       -e '/!NEWSFILE!/{r NEWS.tmp' -e 'd;}' \
+       -e '/!NEWSFILE!/{r $(bdir)/NEWS.tmp' -e 'd;}' \
+       -e '/!GNUPGREADME!/{r $(topsrc)/README' -e 'd;}' \
         -e '/!PKG-COPYRIGHT!/{r $(w32src)/pkg-copyright.txt' -e 'd;}' \
+        -e '/!PKG-VERSIONS!/{r $(bdir)/pkg-versions.sorted' -e 'd;}' \
         -e 's,!VERSION!,$(INST_VERSION),g' \
           < $(w32src)/README.txt \
+           | sed -e '/^#/d' \
            | awk '{printf "%s\r\n", $$0}' >$(bdir)/README.txt
 
 $(bdir)/g4wihelp.dll: $(w32src)/g4wihelp.c $(w32src)/exdll.h
@@ -983,7 +1182,12 @@ w32_insthelpers: $(bdir)/g4wihelp.dll
 $(bdir)/inst-options.ini: $(w32src)/inst-options.ini
        cat $(w32src)/inst-options.ini >$(bdir)/inst-options.ini
 
-installer: all w32_insthelpers $(w32dir)/inst-options.ini $(bdir)/README.txt
+extra_installer_options =
+ifeq ($(WITH_GUI),1)
+extra_installer_options += -DWITH_GUI=1
+endif
+
+installer: all w32_insthelpers $(w32src)/inst-options.ini $(bdir)/README.txt
        $(MAKENSIS) -V2 \
                     -DINST_DIR=$(idir) \
                     -DINST6_DIR=$(idir6) \
@@ -991,14 +1195,78 @@ installer: all w32_insthelpers $(w32dir)/inst-options.ini $(bdir)/README.txt
                     -DTOP_SRCDIR=$(topsrc) \
                     -DW32_SRCDIR=$(w32src) \
                     -DBUILD_ISODATE=$(BUILD_ISODATE) \
+                    -DBUILD_DATESTR=$(BUILD_DATESTR) \
                    -DNAME=$(INST_NAME) \
                    -DVERSION=$(INST_VERSION) \
                    -DPROD_VERSION=$(INST_PROD_VERSION) \
-                   $(w32src)/inst.nsi
-       @echo "Ready: $(idir)/$(INST_NAME)-$(INST_VERSION)"
+                   $(extra_installer_options) $(w32src)/inst.nsi
+       @echo "Ready: $(idir)/$(INST_NAME)-$(INST_VERSION)_$(BUILD_DATESTR).exe"
+
+
+define MKSWDB_commands
+ ( pref="#+macro: gnupg22_w32_" ;\
+   echo "$${pref}ver  $(INST_VERSION)_$(BUILD_DATESTR)"  ;\
+   echo "$${pref}date $(2)" ;\
+   echo "$${pref}size $$(wc -c <$(1)|awk '{print int($$1/1024)}')k";\
+   echo "$${pref}sha1 $$(sha1sum <$(1)|cut -d' ' -f1)" ;\
+   echo "$${pref}sha2 $$(sha256sum <$(1)|cut -d' ' -f1)" ;\
+ ) | tee $(1).swdb
+endef
+
+
+# Build the installer from the source tarball.
+installer-from-source: dist-source
+       (set -e;\
+        [ -d PLAY-release ] && rm -rf PLAY-release; \
+        mkdir PLAY-release;\
+        cd PLAY-release; \
+        tar xJf "../$(INST_NAME)-$(INST_VERSION)_$(BUILD_DATESTR).tar.xz";\
+        cd $(INST_NAME)-$(INST_VERSION); \
+         $(MAKE) -f build-aux/speedo.mk this-w32-installer SELFCHECK=0;\
+        reldate="$$(date -u +%Y-%m-%d)" ;\
+        exefile="$(INST_NAME)-$(INST_VERSION)_$(BUILD_DATESTR).exe" ;\
+        cp "PLAY/inst/$$exefile" ../.. ;\
+        exefile="../../$$exefile" ;\
+        $(call MKSWDB_commands,$${exefile},$${reldate}); \
+       )
+
+# This target repeats some of the installer-from-source steps but it
+# is intended to be called interactively, so that the passphrase can be
+# entered.
+sign-installer:
+       @(set -e; \
+        cd PLAY-release; \
+        cd $(INST_NAME)-$(INST_VERSION); \
+        reldate="$$(date -u +%Y-%m-%d)" ;\
+        exefile="$(INST_NAME)-$(INST_VERSION)_$(BUILD_DATESTR).exe" ;\
+        echo "speedo: /*" ;\
+        echo "speedo:  * Signing installer" ;\
+        echo "speedo:  * Key: $(AUTHENTICODE_KEY)";\
+        echo "speedo:  */" ;\
+        osslsigncode sign -pkcs12 $(AUTHENTICODE_KEY) -askpass \
+            -h sha256 -in "PLAY/inst/$$exefile" -out "../../$$exefile" ;\
+        exefile="../../$$exefile" ;\
+        $(call MKSWDB_commands,$${exefile},$${reldate}); \
+        echo "speedo: /*" ;\
+        echo "speedo:  * Verification result" ;\
+        echo "speedo:  */" ;\
+         osslsigncode verify $${exefile} \
+       )
+
+
+
+endif
+# }}} W32
+
+
+#
+# Check availibility of standard tools
+#
+check-tools:
+
 
 #
 # Mark phony targets
 #
 .PHONY: all all-speedo report-speedo clean-stamps clean-speedo installer \
-       w32_insthelpers
+       w32_insthelpers check-tools clean-pkg-versions