Only try to sign a Win installer if we have a private key file

2025-04-07 12:12:39 +02:00 · 2018-06-13 16:37:05 -07:00 · 2018-06-13 16:37:05 -07:00 · 929f6f3059
commit 929f6f3059
parent 765850eee1
1 changed files with 5 additions and 1 deletions
--- a/cmake/templates/NSIS.template.in
+++ b/cmake/templates/NSIS.template.in
@ -130,7 +130,11 @@
    ; The Inner invocation has written an uninstaller binary for us.
    ; We need to sign it if it's a production or PR build.
    !if @PRODUCTION_BUILD@ == 1
-      !system '"@SIGNTOOL_EXECUTABLE@" sign /fd sha256 /f %HF_PFX_FILE% /p %HF_PFX_PASSPHRASE% /tr http://tsa.starfieldtech.com /td SHA256 $%TEMP%\@UNINSTALLER_NAME@' = 0
+      !if /FileExists "$%HF_PFX_FILE%"
+        !system '"@SIGNTOOL_EXECUTABLE@" sign /fd sha256 /f %HF_PFX_FILE% /p %HF_PFX_PASSPHRASE% /tr http://tsa.starfieldtech.com /td SHA256 $%TEMP%\@UNINSTALLER_NAME@' = 0
+      !else
+        !warning "No signing file - installer will not be signed"
+      !endif
    !endif

    ; Good.  Now we can carry on writing the real installer.