From 8417eec09bdfb71aac11efaafab457e2db0fc7e8 Mon Sep 17 00:00:00 2001
From: Orsiris de Jong <ozy@netpower.fr>
Date: Wed, 12 Feb 2025 13:43:35 -0800
Subject: [PATCH 1/3] Update changelog

---
 CHANGELOG | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGELOG b/CHANGELOG
index fc07683..b1e42ec 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -79,6 +79,9 @@
   - Added manual --init command (already executed by first backup)
   - Updated internal restic binary to restic 0.17.3 compiled with go1.23.1 (except for Windows legacy version which stays on 0.16.2 for compat)
   - Added heartbeat log for long commands
+  - Updated Nuitka compiler to 2.6.4
+  - Updated non-legacy Python from 3.12 to 3.13 on Windows builds
+  - Windows builds are done via msvc instead of gcc because AV engines don't like gcc (!)
 
 ## 2.2.2 - 14/12/2023 (internal build only)
   - Fixed backup paths of '/' root partitions

From 02fedcebb91a53788b355572ee00b99bcaf08693 Mon Sep 17 00:00:00 2001
From: Orsiris de Jong <ozy@netpower.fr>
Date: Wed, 12 Feb 2025 13:43:53 -0800
Subject: [PATCH 2/3] Add external signer to compile script

---
 bin/compile.py | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/bin/compile.py b/bin/compile.py
index e125588..b1c1722 100644
--- a/bin/compile.py
+++ b/bin/compile.py
@@ -33,7 +33,12 @@ from command_runner import command_runner
 from ofunctions.platform import python_arch, get_os
 
 if os.name == "nt":
-    from npbackup.windows.sign_windows import sign
+    EXTERNAL_SIGNER = r"C:\ev_signer_npbackup\ev_signer_npbackup.exe"
+    if os.path.isfile(EXTERNAL_SIGNER):
+        SIGN_EXTERNALY = True
+    else:
+        SIGN_EXTERNALY = False
+        from npbackup.windows.sign_windows import sign
 from npbackup.__version__ import IS_LEGACY
 
 AUDIENCES = ["public", "private"]
@@ -366,7 +371,16 @@ def compile(
         npbackup_executable = os.path.join(
             compiled_output_dir, "npbackup-{}.exe".format(build_type)
         )
-        if os.path.isfile(ev_cert_data):
+        if SIGN_EXTERNALY:
+            print(f"Signing with external signer {EXTERNAL_SIGNER}")
+            cmd = f"{EXTERNAL_SIGNER} --executable {npbackup_executable}"
+            print(cmd)
+            exit_code, output = command_runner(cmd, shell=True)
+            if exit_code != 0:
+                print(f"ERROR: Could not sign: {output}")
+                errors = True
+        elif os.path.isfile(ev_cert_data):
+            print(f"Signing with interal signer {ev_cert_data}")
             sign(
                 executable=npbackup_executable,
                 arch=arch,
@@ -374,7 +388,7 @@ def compile(
                 dry_run=args.dry_run,
             )
         else:
-            print("ERROR: Cannot sign windows executable without EV certificate data")
+            print(f"ERROR: Cannot sign windows executable: {SIGN_EXTERNALY} {ev_cert_data}")
             errors = True
 
     if not onefile:

From 82871139f281c7dc33cd22351270ae35d72baf41 Mon Sep 17 00:00:00 2001
From: Orsiris de Jong <ozy@netpower.fr>
Date: Wed, 12 Feb 2025 13:44:24 -0800
Subject: [PATCH 3/3] Upgrade to Python 3.13

---
 bin/COMPILE.cmd | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/bin/COMPILE.cmd b/bin/COMPILE.cmd
index 0158eaf..d8e57f5 100644
--- a/bin/COMPILE.cmd
+++ b/bin/COMPILE.cmd
@@ -2,17 +2,13 @@
 
 :: This is an example compiler script
 
-SET PYTHON64=c:\python312-64\python.exe
+SET PYTHON64=c:\python313-64\python.exe
 SET PYTHON32=c:\python37-32\python.exe
 
 
 cd C:\GIT\npbackup
 git pull || GOTO ERROR
 
-:: cd RESTIC_SOURCE_FILES
-:: cat update_restic.sh | dos2unix | sh
-:: cd ..
-
 :: Make sure we add npbackup in python path so bin and npbackup subfolders become packages
 SET OLD_PYTHONPATH=%PYTHONPATH%
 SET PYTHONPATH=c:\GIT\npbackup