Index: readme.scripts.txt =================================================================== diff -u -re5f0a0e2d61c9d5f77b844944f8318b5d122a5b3 -r6581a8b30fbcf77d93c5e083bb33f8afcce906c5 --- readme.scripts.txt (.../readme.scripts.txt) (revision e5f0a0e2d61c9d5f77b844944f8318b5d122a5b3) +++ readme.scripts.txt (.../readme.scripts.txt) (revision 6581a8b30fbcf77d93c5e083bb33f8afcce906c5) @@ -11,3 +11,6 @@ 1. Those requirements does not include the dependencies required by the build process, which must also be met. 2. All tools must be available in %PATH 3. Scripts should be called/executed from the scripts/ directory. +4. By default the build&release script will try to sign the executables with the certificate installed on the system + (tries to detect automatically the certificate). For most people this part is not necessary and can be disabled + by setting an environment variable SKIPCHSIGNING to 1. Index: scripts/make_existing_release.bat =================================================================== diff -u -r251181849c91428d68b3e3565add9a2043b45fec -r6581a8b30fbcf77d93c5e083bb33f8afcce906c5 --- scripts/make_existing_release.bat (.../make_existing_release.bat) (revision 251181849c91428d68b3e3565add9a2043b45fec) +++ scripts/make_existing_release.bat (.../make_existing_release.bat) (revision 6581a8b30fbcf77d93c5e083bb33f8afcce906c5) @@ -85,6 +85,18 @@ goto error ) +if NOT "%SKIPCHSIGNING%" == "1" ( + echo --- Signing executables --------------------------------------------- + signtool sign /t http://time.certum.pl /a "%MainProjectDir%\bin\release\*.dll" "%MainProjectDir%\bin\release\*.exe" 2>"%TmpDir%\command-err.log" + if errorlevel 1 ( + echo ERROR: Cannot sign executables! See the log below: + type "%TmpDir%\command-err.log" + goto error + ) +) else ( + echo WARNING: Signing executables was disabled. +) + echo --- Preparing packages ---------------------------------------------- echo * Create source package for version %CHTextVersion%... @@ -151,6 +163,18 @@ goto error ) +if NOT "%SKIPCHSIGNING%" == "1" ( + echo * Signing installer package... + signtool sign /t http://time.certum.pl /a "%OutputDir%\*.exe" 2>"%TmpDir%\command-err.log" + if errorlevel 1 ( + echo ERROR: Cannot sign executables! See the log below: + type "%TmpDir%\command-err.log" + goto error + ) +) else ( + echo WARNING: Signing executables was disabled. +) + echo * Preparing zip package... cd %MainProjectDir%