Warn about Windows incompatibility in build and docs

earlephilhower · earlephilhower · commit 15ca564f74ed · 2018-11-30T11:25:04.000-08:00
Windows can't run the signing script, nor does it normally have OpenSSL
installed.  When trying to build an automatically signed binary, warn
and don't run the python.
diff --git a/doc/ota_updates/readme.rst b/doc/ota_updates/readme.rst
@@ -75,10 +75,10 @@ Signing requires the generation of an RSA-2048 key (other bit lengths are suppor
     openssl genrsa -out private.key 2048
     openssl rsa -in private.key -outform PEM -pubout -out public.key
 
-Automatic Signing
-^^^^^^^^^^^^^^^^^
+Automatic Signing -- Only available on Linux and Mac
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-The simplest way of implementing signing is to use the automatic mode.  This mode uses the IDE to configure the source code to enable sigining verification with a given public key, and signs binaries as part of the standard build process using a given public key.
+The simplest way of implementing signing is to use the automatic mode, which is only possible on Linux and Mac presently due to missing tools under Windows.  This mode uses the IDE to configure the source code to enable sigining verification with a given public key, and signs binaries as part of the standard build process using a given public key.
 
 To enable this mode, just include `private.key` and `public.key` in the sketch `.ino` directory.  The IDE will call a helper script (`tools/signing.py`) before the build begins to create a header to enable key validation using the given public key, and after the build process to actually do the signing, generating a `sketch.bin.signed` file.  When OTA is enabled (ArduinoOTA, Web, or HTTP) the binary will only accept signed updates automatically.
 
diff --git a/libraries/ESP8266httpUpdate/examples/httpUpdateSigned/httpUpdateSigned.ino b/libraries/ESP8266httpUpdate/examples/httpUpdateSigned/httpUpdateSigned.ino
@@ -2,6 +2,11 @@
    httpUpdateSigned.ino - Earle F. Philhower, III
    Released into the Public Domain
 
+   For use while building under Linux or Mac.
+
+   Automatic code signing is not supported on Windows, so this example
+   DOES NOT WORK UNDER WINDOWS.
+
    Shows how to use a public key extracted from your private certificate to
    only allow updates that you have signed to be applied over HTTP.  Remote
    updates will require your private key to sign them, but of course
diff --git a/platform.txt b/platform.txt
@@ -79,7 +79,8 @@ recipe.hooks.core.prebuild.3.pattern="{runtime.tools.signing}" --mode header --p
 
 ## windows-compatible version without git
 recipe.hooks.core.prebuild.1.pattern.windows=cmd.exe /c mkdir {build.path}\core & (echo #define ARDUINO_ESP8266_GIT_VER 0x00000000 & echo #define ARDUINO_ESP8266_GIT_DESC win-{version} ) > {build.path}\core\core_version.h
-recipe.hooks.core.prebuild.2.pattern.windows=
+recipe.hooks.core.prebuild.2.pattern.windows=cmd.exe /c if exist {build.source.path}\public.key echo #error Cannot automatically build signed binaries on Windows > {build.path}\core\Updater_Signing.h
+recipe.hooks.core.prebuild.3.pattern.windows=
 
 ## Build the app.ld linker file
 recipe.hooks.linking.prelink.1.pattern="{compiler.path}{compiler.c.cmd}" -CC -E -P {build.vtable_flags} "{runtime.platform.path}/tools/sdk/ld/eagle.app.v6.common.ld.h" -o "{build.path}/local.eagle.app.v6.common.ld"
@@ -108,6 +109,10 @@ recipe.objcopy.eep.pattern=
 recipe.objcopy.hex.1.pattern="{runtime.tools.esptool.path}/{compiler.esptool.cmd}" -eo "{runtime.platform.path}/bootloaders/eboot/eboot.elf" -bo "{build.path}/{build.project_name}.bin" -bm {build.flash_mode} -bf {build.flash_freq} -bz {build.flash_size} -bs .text -bp 4096 -ec -eo "{build.path}/{build.project_name}.elf" -bs .irom0.text -bs .text -bs .data -bs .rodata -bc -ec
 recipe.objcopy.hex.2.pattern="{runtime.tools.signing}" --mode sign --privatekey "{build.source.path}/private.key" --bin "{build.path}/{build.project_name}.bin" --out "{build.path}/{build.project_name}.bin.signed"
 
+# No signing on Windows
+recipe.objcopy.hex.1.pattern.windows="{runtime.tools.esptool.path}/{compiler.esptool.cmd}" -eo "{runtime.platform.path}/bootloaders/eboot/eboot.elf" -bo "{build.path}/{build.project_name}.bin" -bm {build.flash_mode} -bf {build.flash_freq} -bz {build.flash_size} -bs .text -bp 4096 -ec -eo "{build.path}/{build.project_name}.elf" -bs .irom0.text -bs .text -bs .data -bs .rodata -bc -ec
+recipe.objcopy.hex.2.pattern.windows=
+
 ## Save hex
 recipe.output.tmp_file={build.project_name}.bin
 recipe.output.save_file={build.project_name}.{build.variant}.bin
