add winos.file_signature function to retrieve file signature information

[luadebug]

Attempt to continue working on #7326 as I accidentally broke branch :(

TODO that still does not work.

Moved here from tboox/tbox#308

Resolves: #5629

Idea is that we can check for signature owner name GIGA-BYTE ... and if that is it and executable name is GCC.exe we should skip/filter out that .exe from find_tool("gcc")/find_gcc function at that case.

Currently I see:

Certainly mine wrapper over find_gcc/find_tool might be not correct... :/

Yet they should return void or either another GCC.exe. Maybe this would work or maybe not.

[gemini-code-assist]

Summary of Changes

Hello @luadebug, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances Xmake's Windows compatibility and robustness by integrating digital file signature verification. The primary goal is to prevent potential issues arising from specific gcc.exe versions signed by 'GIGA-BYTE' by introducing a check during program detection. This involves adding core C-level functionality for signature retrieval and exposing it to the Lua scripting environment, along with updating build configurations to link against the required Windows cryptographic libraries.

Highlights

• Windows File Signature Check: Introduced new functionality to retrieve digital signature information for files on Windows, including whether a file is signed, trusted, and the signer's name.
• GCC Gigabyte Signature Prevention: Implemented a mechanism to detect and prevent the use of gcc.exe executables signed by 'GIGA-BYTE' on Windows, addressing a known issue (xmake会将技嘉主板的管理面板误认为是gcc #5629).
• Windows API Integration: Added necessary wintrust and crypt32 library links and linker flags for Windows and MinGW builds to support the new file signature checking functionality.
• Lua Sandbox Exposure: Exposed the new file_signature function to the Lua sandbox, allowing Lua scripts to query file signature information.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• core/src/cli/xmake.lua
  • Added wintrust and crypt32 to system links for Windows builds.
• core/src/cli/xmake.sh
  • Added -lwintrust and -lcrypt32 linker flags for MinGW builds.
• core/src/xmake/engine.c
  • Declared and registered the new xm_winos_file_signature function.
• core/src/xmake/winos/file_signature.c
  • Added a new source file implementing the xm_winos_file_signature function to retrieve digital signature details for files on Windows.
• core/xmake.lua
  • Added wintrust and crypt32 to general links for Windows builds.
• xmake/core/sandbox/modules/import/lib/detect/find_program.lua
  • Renamed the local variable for the base/winos module from option to winos.
• xmake/core/sandbox/modules/winos.lua
  • Exposed the new file_signature function to the sandbox environment.
• xmake/modules/detect/tools/find_gcc.lua
  • Implemented check_gcc_gigabyte and _check_gcc_on_windows functions to verify gcc.exe digital signatures.
  • Modified the main function to utilize the new signature check for gcc.exe on Windows hosts.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[luadebug]

@waruqi LGTM

[gemini-code-assist]

Code Review

This pull request introduces a file signature verification feature for Windows and uses it to address an issue with a non-standard gcc.exe provided by Gigabyte. The overall implementation is good, but I've identified a couple of areas for improvement: a logic bug in the GCC detection script that could lead to incorrect results, and some dead code in the new C file for signature checking. My review includes specific suggestions to fix these issues.