Since organizations are increasingly requiring software to be digitally signed, or have heuristics that penalize unsigned software, add support to do build.cmd to sign both the .exe binaries and the .msi installer. Signed-off-by: Rebecca Cran <rebecca@xxxxxxxxx> --- os/windows/dobuild.cmd | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/os/windows/dobuild.cmd b/os/windows/dobuild.cmd index ef12d82d..d06a2afa 100644 --- a/os/windows/dobuild.cmd +++ b/os/windows/dobuild.cmd @@ -26,9 +26,21 @@ if not defined FIO_ARCH ( goto end ) +if defined SIGN_FIO ( + signtool sign /n "%SIGNING_CN%" /t http://timestamp.digicert.com ..\..\fio.exe + signtool sign /as /n "%SIGNING_CN%" /tr http://timestamp.digicert.com /td sha256 /fd sha256 ..\..\fio.exe + + signtool sign /n "%SIGNING_CN%" /t http://timestamp.digicert.com ..\..\t\*.exe + signtool sign /as /n "%SIGNING_CN%" /tr http://timestamp.digicert.com /td sha256 /fd sha256 ..\..\t\*.exe +) + "%WIX%bin\candle" -nologo -arch %FIO_ARCH% -dFioVersionNumbers="%FIO_VERSION_NUMBERS%" install.wxs @if ERRORLEVEL 1 goto end "%WIX%bin\candle" -nologo -arch %FIO_ARCH% examples.wxs @if ERRORLEVEL 1 goto end "%WIX%bin\light" -nologo -sice:ICE61 install.wixobj examples.wixobj -ext WixUIExtension -out %FIO_VERSION%-%FIO_ARCH%.msi :end + +if defined SIGN_FIO ( + signtool sign /n "%SIGNING_CN%" /tr http://timestamp.digicert.com /td sha256 /fd sha256 %FIO_VERSION%-%FIO_ARCH%.msi +) \ No newline at end of file -- 2.28.0
