From a8c8c775f3a6415bd4876e1ed5512664757b6186 Mon Sep 17 00:00:00 2001
From: Marcus Llewellyn <marcus.llewellyn@gmail.com>
Date: Sat, 18 Apr 2020 12:32:08 -0500
Subject: [PATCH] Re-enable and update code signing in installer template

---
 cmake/templates/NSIS.template.in | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/cmake/templates/NSIS.template.in b/cmake/templates/NSIS.template.in
index 0e4c2f3579..ded90494bf 100644
--- a/cmake/templates/NSIS.template.in
+++ b/cmake/templates/NSIS.template.in
@@ -204,13 +204,13 @@
 
     ; The Inner invocation has written an uninstaller binary for us.
     ; We need to sign it if it's a production or PR build.
-    ; !if @PRODUCTION_BUILD@ == 1
-    ;   !if @BYPASS_SIGNING@ == 1
-    ;     !warning "BYPASS_SIGNING set - installer will not be signed"
-    ;   !else
-    ;     !system '"@SIGNTOOL_EXECUTABLE@" sign /fd sha256 /f %HF_PFX_FILE% /p %HF_PFX_PASSPHRASE% /tr http://sha256timestamp.ws.symantec.com/sha256/timestamp /td SHA256 $%TEMP%\@UNINSTALLER_NAME@' = 0
-    ;   !endif
-    ; !endif
+    !if @PRODUCTION_BUILD@ == 1
+      !if @BYPASS_SIGNING@ == 1
+        !warning "BYPASS_SIGNING set - installer will not be signed"
+      !else
+        !system '"@SIGNTOOL_EXECUTABLE@" sign /fd sha256 /f %HF_PFX_FILE% /p %HF_PFX_PASSPHRASE% /tr http://timestamp.comodoca.com?td=sha256 /td SHA256 $%TEMP%\@UNINSTALLER_NAME@' = 0
+      !endif
+    !endif
 
     ; Good.  Now we can carry on writing the real installer.