Merge pull request #303 from MarcusLlewellyn/feature/reenable-signing

Re-enable and update code signing in the NSIS template.
2025-06-05 01:01:07 +02:00 · 2020-08-24 23:12:33 -04:00 · 2020-08-24 23:12:33 -04:00 · 3d8128cc08
commit 3d8128cc08
parent 90c957c9e9 7481925611
2 changed files with 8 additions and 11 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -120,7 +120,7 @@ else()
 endif()
 # Use default time server if none defined in environment
-set_from_env(TIMESERVER_URL TIMESERVER_URL "http://sha256timestamp.ws.symantec.com/sha256/timestamp")
+set_from_env(TIMESERVER_URL TIMESERVER_URL "http://timestamp.comodoca.com?td=sha256")
 set(HIFI_USE_OPTIMIZED_IK_OPTION OFF)
 set(BUILD_CLIENT_OPTION ON)
--- a/cmake/templates/NSIS.template.in
+++ b/cmake/templates/NSIS.template.in
@ -199,18 +199,15 @@
    !system "$%TEMP%\tempinstaller.exe" = 2
    ; NOTE: We're not code signing right now, so we're going to disable that.
    ; TODO: Get a code signing certificate so we can re-enable code signing.
    ; The Inner invocation has written an uninstaller binary for us.
    ; We need to sign it if it's a production or PR build.
-    ; !if @PRODUCTION_BUILD@ == 1
+    !if @PRODUCTION_BUILD@ == 1
-    ;   !if @BYPASS_SIGNING@ == 1
+      !if @BYPASS_SIGNING@ == 1
-    ;     !warning "BYPASS_SIGNING set - installer will not be signed"
+        !warning "BYPASS_SIGNING set - installer will not be signed"
-    ;   !else
+      !else
-    ;     !system '"@SIGNTOOL_EXECUTABLE@" sign /fd sha256 /f %HF_PFX_FILE% /p %HF_PFX_PASSPHRASE% /tr http://sha256timestamp.ws.symantec.com/sha256/timestamp /td SHA256 $%TEMP%\@UNINSTALLER_NAME@' = 0
+        !system '"@SIGNTOOL_EXECUTABLE@" sign /fd sha256 /f %HF_PFX_FILE% /p %HF_PFX_PASSPHRASE% /tr http://timestamp.comodoca.com?td=sha256 /td SHA256 $%TEMP%\@UNINSTALLER_NAME@' = 0
-    ;   !endif
+      !endif
-    ; !endif
+    !endif
    ; Good.  Now we can carry on writing the real installer.