From a8c8c775f3a6415bd4876e1ed5512664757b6186 Mon Sep 17 00:00:00 2001
From: Marcus Llewellyn <marcus.llewellyn@gmail.com>
Date: Sat, 18 Apr 2020 12:32:08 -0500
Subject: [PATCH 1/2] Re-enable and update code signing in installer template

---
 cmake/templates/NSIS.template.in | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/cmake/templates/NSIS.template.in b/cmake/templates/NSIS.template.in
index 0e4c2f3579..ded90494bf 100644
--- a/cmake/templates/NSIS.template.in
+++ b/cmake/templates/NSIS.template.in
@@ -204,13 +204,13 @@
 
     ; The Inner invocation has written an uninstaller binary for us.
     ; We need to sign it if it's a production or PR build.
-    ; !if @PRODUCTION_BUILD@ == 1
-    ;   !if @BYPASS_SIGNING@ == 1
-    ;     !warning "BYPASS_SIGNING set - installer will not be signed"
-    ;   !else
-    ;     !system '"@SIGNTOOL_EXECUTABLE@" sign /fd sha256 /f %HF_PFX_FILE% /p %HF_PFX_PASSPHRASE% /tr http://sha256timestamp.ws.symantec.com/sha256/timestamp /td SHA256 $%TEMP%\@UNINSTALLER_NAME@' = 0
-    ;   !endif
-    ; !endif
+    !if @PRODUCTION_BUILD@ == 1
+      !if @BYPASS_SIGNING@ == 1
+        !warning "BYPASS_SIGNING set - installer will not be signed"
+      !else
+        !system '"@SIGNTOOL_EXECUTABLE@" sign /fd sha256 /f %HF_PFX_FILE% /p %HF_PFX_PASSPHRASE% /tr http://timestamp.comodoca.com?td=sha256 /td SHA256 $%TEMP%\@UNINSTALLER_NAME@' = 0
+      !endif
+    !endif
 
     ; Good.  Now we can carry on writing the real installer.
 

From 7481925611c73849c5b12c31f3d76f61d72f226f Mon Sep 17 00:00:00 2001
From: Kalila L <kasenvr@gmail.com>
Date: Mon, 24 Aug 2020 22:54:16 -0400
Subject: [PATCH 2/2] Add default timestamp server, remove obsolete comment.

---
 CMakeLists.txt                   | 2 +-
 cmake/templates/NSIS.template.in | 3 ---
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index eac12d5ae7..424fbdc940 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -120,7 +120,7 @@ else()
 endif()
 
 # Use default time server if none defined in environment
-set_from_env(TIMESERVER_URL TIMESERVER_URL "http://sha256timestamp.ws.symantec.com/sha256/timestamp")
+set_from_env(TIMESERVER_URL TIMESERVER_URL "http://timestamp.comodoca.com?td=sha256")
 
 set(HIFI_USE_OPTIMIZED_IK_OPTION OFF)
 set(BUILD_CLIENT_OPTION ON)
diff --git a/cmake/templates/NSIS.template.in b/cmake/templates/NSIS.template.in
index a7b1ba91c8..f40141be32 100644
--- a/cmake/templates/NSIS.template.in
+++ b/cmake/templates/NSIS.template.in
@@ -199,9 +199,6 @@
 
     !system "$%TEMP%\tempinstaller.exe" = 2
 
-    ; NOTE: We're not code signing right now, so we're going to disable that.
-    ; TODO: Get a code signing certificate so we can re-enable code signing.
-
     ; The Inner invocation has written an uninstaller binary for us.
     ; We need to sign it if it's a production or PR build.
     !if @PRODUCTION_BUILD@ == 1