{"id":19371565,"url":"https://github.com/mircobabin/buildstamp","last_synced_at":"2026-02-15T18:30:59.612Z","repository":{"id":113396281,"uuid":"587794193","full_name":"MircoBabin/BuildStamp","owner":"MircoBabin","description":"BuildStamp is a compilation tool. It stamps the compilation date/time into a source file, adjusts VersionInfo.rc resource. And digitally signs produced executables, just like signtool.exe.","archived":false,"fork":false,"pushed_at":"2025-02-24T09:43:31.000Z","size":1358,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-30T00:31:37.589Z","etag":null,"topics":["codesigning","compilation","delphi","versioninfo"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MircoBabin.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-01-11T15:50:20.000Z","updated_at":"2025-02-24T09:43:18.000Z","dependencies_parsed_at":"2025-02-24T10:36:42.980Z","dependency_job_id":null,"html_url":"https://github.com/MircoBabin/BuildStamp","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MircoBabin%2FBuildStamp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MircoBabin%2FBuildStamp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MircoBabin%2FBuildStamp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MircoBabin%2FBuildStamp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MircoBabin","download_url":"https://codeload.github.com/MircoBabin/BuildStamp/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250450625,"owners_count":21432688,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["codesigning","compilation","delphi","versioninfo"],"created_at":"2024-11-10T08:18:58.353Z","updated_at":"2026-02-15T18:30:59.600Z","avatar_url":"https://github.com/MircoBabin.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Github All Releases](https://img.shields.io/github/downloads/MircoBabin/BuildStamp/total)](https://github.com/MircoBabin/BuildStamp/releases)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://github.com/MircoBabin/BuildStamp/blob/master/LICENSE.md)\n\n# BuildStamp\nBuildStamp is a compilation tool. Use BuildStamp in the Pre-build event to inject compilation date/time and adjust the versionumber in the VersionInfo resource file.\n\n- It stamps the compilation date/time into a source file\n- It updates the VersionInfo.rc resource file with a versionumber listed in a sourcefile.\n- It can also use pkcs#11 HSM (USB token) to sign any executable. The pkcs#11 information stored in a [KeePass](https://keepass.info/ \"KeePass\") entry.\n- It can also digitally sign any executable using a .pfx file. The codesign certificate can be on disk or in [KeePass](https://keepass.info/ \"KeePass\").\n\n# Download binary\nFor Windows (.NET framework 4), [the latest version can be found here](https://github.com/MircoBabin/BuildStamp/releases/latest \"Latest Version\").\n\nDownload the zip and unpack it somewhere.\n*For digitally signing using certificates stored in [KeePass](https://keepass.info/ \"KeePass\") also install [KeePassCommander](https://github.com/MircoBabin/KeePassCommander \"KeePassCommander\").*\n\nThe minimum .NET framework required is 4.7.\n\n*For unattended automatic installation scripts, read the section \"Automatic installation scripts\" lower down the page.*\n\n# Help\n\nExecute **BuildStamp.exe** without parameters to view the help.\n\n```\nBuildStamp version 2.6\nhttps://github.com/MircoBabin/BuildStamp - MIT license\n\nBuildStamp is a compilation tool.\nIt stamps the compilation date/time into a source file, using the Pre-build event.\nIt can also digitally sign any executable. The codesign certificate can be on disk or in KeePass.\n\n\n\n----------------------------------------------------\n----------------------------------------------------\n--- ---\n--- Stamp compilation date/time into source file ---\n--- ---\n----------------------------------------------------\n----------------------------------------------------\nSyntax: BuildStamp.exe stamp --filename \u003csource-filename\u003e --language \u003clanguage\u003e\n {--outputfilename \u003coutput-filename\u003e}\n {--datetime yyyy-mm-ddThh:mm:ss+HH:MM}\n {--launchdebugger}\n- With --language the programming language is specified.\n Supported languages: \"CSharp\", \"Pascal\".\n- When --outputfilename is ommitted, the \u003csource-filename\u003e will be overwritten.\n- With --datetime \u003cISO 8601\u003e (e.g. \"1975-09-12T23:30:00+02:00\") the 'current time' can be provided.\n When ommitted the current time from the system clock will be used.\n- When the debug switch --launchdebugger is encountered, a request to launch the debugger is started.\n\n\u003csource-filename\u003e has to contain:\n// \u003cBUILDSTAMP:BEGINSTAMP\u003e\n Inside \u003cBUILDSTAMP:COMPILEDATE\u003e is replaced with yyyy-mm-dd in local time.\n Inside \u003cBUILDSTAMP:COMPILETIME\u003e is replaced with hh:mm:ss in local time.\n Inside \u003cBUILDSTAMP:COMPILEDATETIME\u003e is replaced with a full ISO-8601 time.\n Inside \u003cBUILDSTAMP:COMPILEDATE-UTC\u003e is replaced with yyyy-mm-dd in UTC time.\n Inside \u003cBUILDSTAMP:COMPILETIME-UTC\u003e is replaced with hh:mm:ss in UTC time.\n Inside \u003cBUILDSTAMP:COMPILEDATETIME-UTC\u003e is replaced with a full ISO-8601 time with timezone Z (UTC).\n// \u003cBUILDSTAMP:ENDSTAMP\u003e\n\ne.g. for Pascal source: BuildStamp.exe stamp --filename c:\\...\\Compiled.pas --language pascal\nunit Compiled;\ninterface\n// \u003cBUILDSTAMP:BEGINSTAMP\u003e\nconst COMPILEDATE = '\u003cBUILDSTAMP:COMPILEDATE\u003e';\nconst COMPILETIME = '\u003cBUILDSTAMP:COMPILETIME\u003e';\n// \u003cBUILDSTAMP:ENDSTAMP\u003e\nimplementation\nend.\n\nIt is recommended for the \u003csource-filename\u003e to only contain BuildStamp metadata.\nAnd no other metadata like versionnumber, buildnumber, copyright, etc.\nBecause adding other metadata does not play well with version control (Git).\n----------------------------------------------------\n----------------------------------------------------\n--- ---\n--- Stamp VersionInfo resource file (.rc) ---\n--- ---\n----------------------------------------------------\n----------------------------------------------------\nSyntax: BuildStamp.exe stamp-versioninfo --versionfilename \u003cversionSource-filename\u003e --language \u003clanguage\u003e\n --filename \u003cResourceCompiler-filename.rc\u003e\n {--outputfilename \u003coutput-filename\u003e}\n {--launchdebugger}\n- With --language the programming language of \u003cversionSource-filename\u003e is specified.\n- When --outputfilename is ommitted, the \u003cResourceCompiler-filename.rc\u003e will be overwritten.\n- When the debug switch --launchdebugger is encountered, a request to launch the debugger is started.\n\n\u003cversionSource-filename\u003e has to contain the version string between 2 markers. E.g. for Pascal source:\nunit Version;\ninterface\nconst VersionString =\n {\u003cBUILDSTAMP:BEGINVERSION\u003e}\n '4.076'\n {\u003cBUILDSTAMP:ENDVERSION\u003e};\nimplementation\nend.\n\n\u003cResourceCompiler-filename.rc\u003e has to contain the version number.\n// \u003cBUILDSTAMP:BEGINSTAMP\u003e\n Inside \u003cBUILDSTAMP:VERSION_4PARTS_COMMA_SEPARATED\u003e is replaced with \"major,minor,patch,build\".\n Inside \u003cBUILDSTAMP:VERSION_4PARTS_POINT_SEPARATED\u003e is replaced with \"major.minor.patch.build\".\n Inside \u003cBUILDSTAMP:VERSION_FULL\u003e is replaced with the full version inside \u003cversionSource-filename\u003e.\n// \u003cBUILDSTAMP:ENDSTAMP\u003e\n\ne.g. for Pascal resource file: BuildStamp.exe stamp-versioninfo --versionfilename c:\\...\\Version.pas --language pascal --filename c:\\...\\VersionInfo.rc\nVersionInfo.rc contents:\n// \u003cBUILDSTAMP:BEGINSTAMP\u003e\n1 VERSIONINFO\nFILEVERSION \u003cBUILDSTAMP:VERSION_4PARTS_COMMA_SEPARATED\u003e\nPRODUCTVERSION \u003cBUILDSTAMP:VERSION_4PARTS_COMMA_SEPARATED\u003e\nFILEOS 0x4\nFILETYPE 0x1\n{\nBLOCK \"StringFileInfo\"\n{\n BLOCK \"040904E4\"\n {\n VALUE L\"CompanyName\", L\"My Company\\000\"\n VALUE L\"FileDescription\", L\"My Program\\000\"\n VALUE L\"FileVersion\", L\"\u003cBUILDSTAMP:VERSION_4PARTS_POINT_SEPARATED\u003e\u003e\\000\"\n VALUE L\"LegalCopyright\", L\"(c) My Company\\000\"\n VALUE L\"ProductName\", L\"My Program\\000\"\n VALUE L\"ProductVersion\", L\"\u003cBUILDSTAMP:VERSION_FULL\u003e\\000\"\n VALUE L\"ProgramID\", L\"MyProgram\\000\" // Delphi specific. Must be the projectname, e.g. MyProgram.dproj\n }\n}\nBLOCK \"VarFileInfo\"\n{\n VALUE \"Translation\", 0x0409 0x04E4\n}\n}\n// \u003cBUILDSTAMP:ENDSTAMP\u003e\n\n\n\n-------------------------------------------------\n-------------------------------------------------\n--- ---\n--- Digitally sign executable using .pfx file ---\n--- ---\n-------------------------------------------------\n-------------------------------------------------\nSyntax: BuildStamp.exe sign --filename \u003cfilename.exe\u003e\n {--certificate \u003ccode-signing-certificate.pfx\u003e}\n {--certificate-password \u003cpassword for code-signing-certificate.pfx\u003e}\n {--keepasscommander-path \u003cpath\u003e} like c:\\KeePass\\Plugins\n {--keepass-certificate-title \u003ctitle\u003e} like \"My Code Signing Certificate\"\n {--keepass-certificate-attachment \u003cattachmentname\u003e} like \"certificate.p12\"\n {--keepass-certificate-password \u003cfieldname\u003e} like \"Certificate Password\". When omitted the default password field is used.\n {--sign-with-authenticode-timestamp-url \u003curl\u003e} like http://timestamp.digicert.com\n {--sign-with-sha256-rfc3161-timestamp-url \u003curl\u003e} like http://timestamp.digicert.com\n {--launchdebugger}\n\nDigitally signs \u003cfilename.exe\u003e.\n\nWith --certificate and --certificate-password the certificate is read from a file on disk.\nWith --keepasscommander-path and --keepass-certificate-... the certificate is retrieved from the KeePass password store. The KeePass plugin KeepassCommander https://github.com/MircoBabin/KeePassCommander is used for retrieval.\nAttention: --keepass-certificate-attachment references an attachmentname in the KeePass entry with title \u003c--keepass-certificate-title\u003e.\nAttention: --keepass-certificate-password references a fieldname in the KeePass entry with title \u003c--keepass-certificate-title\u003e, and must not provide the real password.\n\n\n\n---------------------------------------------------------------\n---------------------------------------------------------------\n--- ---\n--- Digitally sign executable using pkcs#11 HSM (usb token) ---\n--- ---\n---------------------------------------------------------------\n---------------------------------------------------------------\nSyntax: BuildStamp.exe sign --filename \u003cfilename.exe\u003e\n {--keepasscommander-path \u003cpath\u003e} like c:\\KeePass\\Plugins\n {--keepass-pkcs11-title \u003ctitle\u003e} like \"My Code Signing Certificate\"\n {--sign-with-authenticode-timestamp-url \u003curl\u003e} like http://timestamp.digicert.com\n {--sign-with-sha256-rfc3161-timestamp-url \u003curl\u003e} like http://timestamp.digicert.com\n {--launchdebugger}\n\nDigitally signs \u003cfilename.exe\u003e.\n\nWith --keepasscommander-path and --keepass-pkcs11-title ... the certificate is retrieved from the KeePass password store. The KeePass plugin KeepassCommander https://github.com/MircoBabin/KeePassCommander is used for retrieval.\n\nThe KeePass entry must contain the following information:\n1) Username: contains the USB Token Label.\n2) Password: contains the USB Token PIN.\n3) Field \"--pkcs11-driver[...lowercase computername...]\" or \"--pkcs11-driver\"\n containing filename of a pkcs#11 driver.\n e.g. %ProgramFiles%\\SafeNet\\Authentication\\SAC\\x64\\IDPrimePKCS1164.dll\n4) Field \"--pkcs11-certificate-label\" containing label of certificate.\n5) Field \"--pkcs11-csp\" containing Cryptographic Service Provider name.\n e.g. eToken Base Cryptographic Provider\n6) Field \"--signtool-exe[...lowercase computername...]\" or \"--signtool-exe\"\n containing filename of signtool.exe file.\n e.g. %ProgramFiles(x86)%\\Windows Kits\\10\\bin\\10.0.19041.0\\x64\\signtool.exe\n7) Optional field \"--sign-with-authenticode-timestamp-url\". A non empty value is preferred before the commandline argument.\n8) Optional field \"--sign-with-sha256-rfc3161-timestamp-url\". A non empty value is preferred before the commandline argument.\n\nUse pkcs11-information to find the values of USB Token Label and Certificate Label.\n\n\n\n--------------------------------------------------------------------------------\n--------------------------------------------------------------------------------\n--- ---\n--- Digitally sign executable using pkcs#11 HSM (usb token) on KeePass host. ---\n--- ---\n--------------------------------------------------------------------------------\n--------------------------------------------------------------------------------\nSyntax: BuildStamp.exe sign-via-keepass-host --filename \u003cfilename.exe\u003e\n {--keepasscommander-path \u003cpath\u003e} like c:\\KeePass\\Plugins\n {--keepass-pkcs11-title \u003ctitle\u003e} like \"My Code Signing Certificate\"\n {--launchdebugger}\n\nDigitally signs \u003cfilename.exe\u003e via KeePass on the host.\n\nVirtualizing USB tokens into a virtual machine is a bad idea. If anything goes wrong 3 times, the USB token will be unaccessable.\nLet KeePassCommander run buildstamp.exe on the host computer.\n\nWith --keepasscommander-path and --keepass-pkcs11-title ... the certificate is retrieved from the KeePass password store. The KeePass plugin KeepassCommander https://github.com/MircoBabin/KeePassCommander is used for retrieval.\n\nThe KeePass entry must contain the following information:\n*) Field \"buildstamp-exe[...lowercase host computername...]\" or \"buildstamp-exe\"\n containing filename of the buildstamp.exe executable on the KeePass host computer.\n e.g. c:\\projects\\bin\\buildstamp\\buildstamp.exe\n\n1) Username: contains the USB Token Label.\n2) Password: contains the USB Token PIN.\n3) Field \"--pkcs11-driver[...lowercase host computername...]\" or \"--pkcs11-driver\"\n containing filename of a pkcs#11 driver on the KeePass host computer.\n e.g. %ProgramFiles%\\SafeNet\\Authentication\\SAC\\x64\\IDPrimePKCS1164.dll\n4) Field \"--pkcs11-certificate-label\" containing label of certificate.\n5) Field \"--pkcs11-csp\" containing Cryptographic Service Provider name.\n e.g. eToken Base Cryptographic Provider\n6) Field \"--signtool-exe[...lowercase host computername...]\" or \"--signtool-exe\"\n containing filename of signtool.exe file on the KeePass host computer.\n e.g. %ProgramFiles(x86)%\\Windows Kits\\10\\bin\\10.0.19041.0\\x64\\signtool.exe\n7) Optional field \"--sign-with-authenticode-timestamp-url\". URL to use for authenticode timestamping.\n8) Optional field \"--sign-with-sha256-rfc3161-timestamp-url\". URL to use for sha256 timestamping.\n\n\n\n--------------------------------------------\n--------------------------------------------\n--- ---\n--- List pkcs#11 HSM (usb token) devices ---\n--- ---\n--------------------------------------------\n--------------------------------------------\nSyntax: BuildStamp.exe pkcs11-information\n {--keepasscommander-path \u003cpath\u003e} like c:\\KeePass\\Plugins\n {--keepass-pkcs11-title \u003ctitle\u003e} like \"My Code Signing Certificate\"\n {--launchdebugger}\n\nList available pkcs#11 tokens and certificates.\n\nWith --keepasscommander-path and --keepass-pkcs11-title ... the certificate is retrieved from the KeePass password store. The KeePass plugin KeepassCommander https://github.com/MircoBabin/KeePassCommander is used for retrieval.\n\nThe KeePass entry must contain the following information:\n1) Username: contains the USB Token Label.\n2) Password: contains the USB Token PIN.\n3) Field \"--pkcs11-driver[...lowercase computername...]\" or \"--pkcs11-driver\"\n containing filename of a pkcs#11 driver.\n e.g. %ProgramFiles%\\SafeNet\\Authentication\\SAC\\x64\\IDPrimePKCS1164.dll\n4) Optional field \"--pkcs11-certificate-label\" containing label of certificate.\n\n\n\n---------------------------------------\n---------------------------------------\n--- ---\n--- Show digital signatures of file ---\n--- ---\n---------------------------------------\n---------------------------------------\nSyntax: BuildStamp.exe signature-information --filename \u003cfilename.exe\u003e\n {--launchdebugger}\n\nList digital signatures attached to executable/dll file.\n\n\n\n\n---------------\n---------------\n--- ---\n--- License ---\n--- ---\n---------------\n---------------\nBuildStamp\nMIT license\n\nCopyright (c) 2023 Mirco Babin\n\nPermission is hereby granted, free of charge, to any person\nobtaining a copy of this software and associated documentation\nfiles (the \"Software\"), to deal in the Software without\nrestriction, including without limitation the rights to use,\ncopy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the\nSoftware is furnished to do so, subject to the following\nconditions:\n\nThe above copyright notice and this permission notice shall be\nincluded in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND,\nEXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES\nOF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND\nNONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\nHOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,\nWHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\nFROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR\nOTHER DEALINGS IN THE SOFTWARE.\n\n```\n\n# Documentation\n\n- [Delphi documentation](docs/Delphi/README.md \"Delphi documentation\")\n- [Digitally sign with SafeNet USB token](docs/SafeNet-IDPrime/README.md \"Sign using SafeNet USB token documentation\").\n- [Digitally sign with .pfx file documentation](docs/DigitallySign.md \"Digitally sign with .pfx file documentation\")\n\n# Why\nDelphi doesn't have a good way to embed the compilation date/time into the executable. There is a solution reading the linker timestamp from the PE Header of the executable. But that PE Header solution is too complex and low-level in my opinion. \nDelphi also lacks updating the Version Info resource in a usable way, when the versionnumber is already present in a sourcefile.\n\nSo I wrote BuildStamp for injecting the compilation date/time and adjusting the Version Info via Pre-build event. The modified source file is then compiled into the executable.\n\nThe Microsoft provided [signtool.exe](https://learn.microsoft.com/en-us/windows/win32/seccrypto/signtool \"signtool.exe\") can only be officially installed with the \"Microsoft Windows Software Development Kit (SDK)\". \nI wanted a standalone executable that can be distributed standalone. And I wanted the ability to store the code signing certificate in [KeePass](https://keepass.info/ \"KeePass\"). That's why I added the \"sign\" command.\n\n# Automatic installation scripts\nFor unattended installation scripts the following flow can be used for the latest version:\n\n1) Download https://github.com/MircoBabin/BuildStamp/releases/latest/download/release.download.zip.url-location\n2) Read the text of this file into **latest-download-url**. The file only contains an url, so the encoding is ASCII. *The encoding UTF-8 may also be used to read the file, because ASCII is UTF-8 encoding.*\n3) Download the zip from the **latest-download-url** to local file **BuildStamp.zip**. *Each release carries the version number in the filename. To prevent not knowing the downloaded filename, download to a fixed local filename.*\n4) Unpack the downloaded **BuildStamp.zip**.\n\n# Contributions\nContributions are welcome. Please read [CONTRIBUTING.md](CONTRIBUTING.md \"contributing\") before making any contribution!\n\n# License\n[The license is MIT.](LICENSE.md \"license\")\n\n\n\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmircobabin%2Fbuildstamp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmircobabin%2Fbuildstamp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmircobabin%2Fbuildstamp/lists"}