From 929f6f3059817fad5313aa8f8707fe074e412f3e Mon Sep 17 00:00:00 2001
From: Simon Walton <simon@highfidelity.io>
Date: Wed, 13 Jun 2018 16:37:05 -0700
Subject: [PATCH 1/2] Only try to sign a Win installer if we have a private key
 file

---
 cmake/templates/NSIS.template.in | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/cmake/templates/NSIS.template.in b/cmake/templates/NSIS.template.in
index fc9b9ab03d..0cbe10f231 100644
--- a/cmake/templates/NSIS.template.in
+++ b/cmake/templates/NSIS.template.in
@@ -130,7 +130,11 @@
     ; The Inner invocation has written an uninstaller binary for us.
     ; We need to sign it if it's a production or PR build.
     !if @PRODUCTION_BUILD@ == 1
-      !system '"@SIGNTOOL_EXECUTABLE@" sign /fd sha256 /f %HF_PFX_FILE% /p %HF_PFX_PASSPHRASE% /tr http://tsa.starfieldtech.com /td SHA256 $%TEMP%\@UNINSTALLER_NAME@' = 0
+      !if /FileExists "$%HF_PFX_FILE%"
+        !system '"@SIGNTOOL_EXECUTABLE@" sign /fd sha256 /f %HF_PFX_FILE% /p %HF_PFX_PASSPHRASE% /tr http://tsa.starfieldtech.com /td SHA256 $%TEMP%\@UNINSTALLER_NAME@' = 0
+      !else
+        !warning "No signing file - installer will not be signed"
+      !endif
     !endif
 
     ; Good.  Now we can carry on writing the real installer.

From dc5da4e22bba51567e218fcec92813f6e435ee7f Mon Sep 17 00:00:00 2001
From: Simon Walton <simon@highfidelity.io>
Date: Wed, 1 Aug 2018 16:35:14 -0700
Subject: [PATCH 2/2] Add cmake variable BYPASS_SIGNING to control signing-file
 behaviour

---
 cmake/macros/SetPackagingParameters.cmake | 4 ++++
 cmake/templates/CPackProperties.cmake.in  | 1 +
 cmake/templates/NSIS.template.in          | 6 +++---
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/cmake/macros/SetPackagingParameters.cmake b/cmake/macros/SetPackagingParameters.cmake
index 2c8443d510..89899bd669 100644
--- a/cmake/macros/SetPackagingParameters.cmake
+++ b/cmake/macros/SetPackagingParameters.cmake
@@ -51,6 +51,10 @@ macro(SET_PACKAGING_PARAMETERS)
       set(USE_STABLE_GLOBAL_SERVICES 1)
     endif ()
 
+    if (NOT BYPASS_SIGNING)
+      set(BYPASS_SIGNING 0)
+    endif ()      
+
   elseif (RELEASE_TYPE STREQUAL "PR")
     set(DEPLOY_PACKAGE TRUE)
     set(PR_BUILD 1)
diff --git a/cmake/templates/CPackProperties.cmake.in b/cmake/templates/CPackProperties.cmake.in
index 68fa098508..1d7effd18f 100644
--- a/cmake/templates/CPackProperties.cmake.in
+++ b/cmake/templates/CPackProperties.cmake.in
@@ -50,3 +50,4 @@ set(SERVER_COMPONENT_CONDITIONAL "@SERVER_COMPONENT_CONDITIONAL@")
 set(CLIENT_COMPONENT_CONDITIONAL "@CLIENT_COMPONENT_CONDITIONAL@")
 set(INSTALLER_TYPE "@INSTALLER_TYPE@")
 set(APP_USER_MODEL_ID "@APP_USER_MODEL_ID@")
+set(BYPASS_SIGNING "@BYPASS_SIGNING@")
diff --git a/cmake/templates/NSIS.template.in b/cmake/templates/NSIS.template.in
index ebefe829ed..7f6884f478 100644
--- a/cmake/templates/NSIS.template.in
+++ b/cmake/templates/NSIS.template.in
@@ -130,10 +130,10 @@
     ; The Inner invocation has written an uninstaller binary for us.
     ; We need to sign it if it's a production or PR build.
     !if @PRODUCTION_BUILD@ == 1
-      !if /FileExists "$%HF_PFX_FILE%"
-        !system '"@SIGNTOOL_EXECUTABLE@" sign /fd sha256 /f %HF_PFX_FILE% /p %HF_PFX_PASSPHRASE% /tr http://sha256timestamp.ws.symantec.com/sha256/timestamp /td SHA256 $%TEMP%\@UNINSTALLER_NAME@' = 0
+      !if @BYPASS_SIGNING@ == 1
+        !warning "BYPASS_SIGNING set - installer will not be signed"
       !else
-        !warning "No signing file - installer will not be signed"
+        !system '"@SIGNTOOL_EXECUTABLE@" sign /fd sha256 /f %HF_PFX_FILE% /p %HF_PFX_PASSPHRASE% /tr http://sha256timestamp.ws.symantec.com/sha256/timestamp /td SHA256 $%TEMP%\@UNINSTALLER_NAME@' = 0
       !endif
     !endif