
# HG changeset patch
# User Chris Cannam
# Date 1541776982 0
# Node ID a594146c1ed8947148efe2515926c3e12dd2a9d7
# Parent  63da6a82c12d3f1f5053f91151bf667d1c7e8af3
Add code-signing support

diff -r 63da6a82c12d -r a594146c1ed8 deploy/win64/build-and-package.bat
--- a/deploy/win64/build-and-package.bat	Tue Nov 06 15:43:12 2018 +0000
+++ b/deploy/win64/build-and-package.bat	Fri Nov 09 15:23:02 2018 +0000
@@ -12,6 +12,28 @@
 @   exit /b 2
 )
 
+set ORIGINALPATH=%PATH%
+set PATH=C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin;%PATH%
+set NAME=Open Source Developer, Christopher Cannam
+
+set ARG=%1
+shift
+if "%ARG%" == "sign" (
+@   echo NOTE: sign option specified, will attempt to codesign exe and msi
+@   echo NOTE: starting by codesigning an unrelated executable, so we know
+@   echo NOTE: whether it'll work before doing the entire build
+copy sv-dependency-builds\win64-msvc\bin\capnp.exe signtest.exe
+signtool sign /v /n "%NAME%" /t http://time.certum.pl /fd sha1 signtest.exe
+if %errorlevel% neq 0 exit /b %errorlevel%
+signtool verify /pa signtest.exe
+if %errorlevel% neq 0 exit /b %errorlevel%
+del signtest.exe
+@   echo NOTE: success
+) else (
+@   echo NOTE: sign option not specified, will not codesign anything
+)
+
+@echo ""
 @echo Rebuilding 32-bit
 
 cd %STARTPWD%
@@ -19,6 +41,11 @@
 call .\deploy\win64\build-32.bat
 if %errorlevel% neq 0 exit /b %errorlevel%
 
+if "%ARG%" == "sign" (
+@echo Signing 32-bit executables and libraries
+signtool sign /v /n "%NAME%" /t http://time.certum.pl /fd sha1 build_win32\release\*.exe build_win32\release\*.dll
+)
+
 @echo Rebuilding 64-bit
 
 cd %STARTPWD%
@@ -26,6 +53,11 @@
 call .\deploy\win64\build-64.bat
 if %errorlevel% neq 0 exit /b %errorlevel%
 
+if "%ARG%" == "sign" (
+@echo Signing 64-bit executables and libraries
+signtool sign /v /n "%NAME%" /t http://time.certum.pl /fd sha1 build_win32\release\*.exe build_win64\release\*.dll
+)
+
 set PATH=%PATH%;"C:\Program Files (x86)\WiX Toolset v3.11\bin"
 
 @echo Packaging 32-bit
@@ -38,6 +70,12 @@
 del sonic-visualiser.wixobj
 del sonic-visualiser.wixpdb
 
+if "%ARG%" == "sign" (
+@echo Signing 32-bit package
+signtool sign /v /n "%NAME%" /t http://time.certum.pl /fd sha1 sonic-visualiser.msi
+signtool verify /pa sonic-visualiser.msi
+)
+
 @echo Packaging 64-bit
 
 cd %STARTPWD%\build_win64
@@ -48,5 +86,13 @@
 del sonic-visualiser.wixobj
 del sonic-visualiser.wixpdb
 
+if "%ARG%" == "sign" (
+@echo Signing 64-bit package
+signtool sign /v /n "%NAME%" /t http://time.certum.pl /fd sha1 sonic-visualiser.msi
+signtool verify /pa sonic-visualiser.msi
+)
+
+set PATH=%ORIGINALPATH%
+
 @echo Done