diff --git a/cmake/macros/OptionalWinExecutableSigning.cmake b/cmake/macros/OptionalWinExecutableSigning.cmake index f0be81c996..0ce7f89940 100644 --- a/cmake/macros/OptionalWinExecutableSigning.cmake +++ b/cmake/macros/OptionalWinExecutableSigning.cmake @@ -13,13 +13,6 @@ macro(optional_win_executable_signing) if (WIN32 AND (PRODUCTION_BUILD OR PR_BUILD)) if (DEFINED ENV{HF_PFX_FILE}) if (DEFINED ENV{HF_PFX_PASSPHRASE}) - # find signtool - find_program(SIGNTOOL_EXEC signtool PATHS "C:/Program Files (x86)/Windows Kits/8.1" PATH_SUFFIXES "bin/x64") - - if (NOT SIGNTOOL_EXEC) - message(FATAL_ERROR "Code signing of executables was requested but signtool.exe could not be found.") - endif () - message(STATUS "Executable for ${TARGET_NAME} will be signed with SignTool.") if (NOT EXECUTABLE_PATH) @@ -29,7 +22,7 @@ macro(optional_win_executable_signing) # setup a post build command to sign the executable add_custom_command( TARGET ${TARGET_NAME} POST_BUILD - COMMAND ${SIGNTOOL_EXEC} sign /f %HF_PFX_FILE% /p %HF_PFX_PASSPHRASE% /tr http://tsa.starfieldtech.com /td SHA256 ${EXECUTABLE_PATH} + COMMAND ${SIGNTOOL_EXECUTABLE} sign /f %HF_PFX_FILE% /p %HF_PFX_PASSPHRASE% /tr http://tsa.starfieldtech.com /td SHA256 ${EXECUTABLE_PATH} ) else () message(FATAL_ERROR "HF_PFX_PASSPHRASE must be set for executables to be signed.") diff --git a/cmake/macros/SetPackagingParameters.cmake b/cmake/macros/SetPackagingParameters.cmake index 88257495f6..503c57a619 100644 --- a/cmake/macros/SetPackagingParameters.cmake +++ b/cmake/macros/SetPackagingParameters.cmake @@ -60,6 +60,15 @@ macro(SET_PACKAGING_PARAMETERS) # start menu shortcuts set(INTERFACE_SM_SHORTCUT_NAME "High Fidelity") set(CONSOLE_SM_SHORTCUT_NAME "Server Console") + + # check if we need to find signtool + if (PRODUCTION_BUILD OR PR_BUILD) + find_program(SIGNTOOL_EXECUTABLE signtool PATHS "C:/Program Files (x86)/Windows Kits/8.1" PATH_SUFFIXES "bin/x64") + + if (NOT SIGNTOOL_EXECUTABLE) + message(FATAL_ERROR "Code signing of executables was requested but signtool.exe could not be found.") + endif () + endif () endif () if (APPLE) diff --git a/cmake/templates/CPackProperties.cmake.in b/cmake/templates/CPackProperties.cmake.in index 5e9caa3482..0c645afe4a 100644 --- a/cmake/templates/CPackProperties.cmake.in +++ b/cmake/templates/CPackProperties.cmake.in @@ -18,3 +18,4 @@ set(PRODUCTION_BUILD "@PRODUCTION_BUILD@") set(POST_INSTALL_OPTIONS_PATH "@POST_INSTALL_OPTIONS_PATH@") set(CLIENT_COMPONENT_NAME "@CLIENT_COMPONENT@") set(SERVER_COMPONENT_NAME "@SERVER_COMPONENT@") +set(SIGNTOOL_EXECUTABLE "@SIGNTOOL_EXECUTABLE@") diff --git a/cmake/templates/NSIS.template.in b/cmake/templates/NSIS.template.in index 89c5d89a90..8676dabf0f 100644 --- a/cmake/templates/NSIS.template.in +++ b/cmake/templates/NSIS.template.in @@ -674,7 +674,6 @@ Section "-Core installation" SetOutPath $INSTDIR ; this packages the signed uninstaller - File $%TEMP%\uninstaller.exe !endif @@ -1101,15 +1100,15 @@ Function .onInit ; just bail out quickly when running the "inner" installer Quit + !else + ; The Inner invocation has written an uninstaller binary for us. + ; We need to sign it if it's a production build. + + ${If} "@PRODUCTION_BUILD@" == "1" + !system "@SIGNTOOL_EXECUTABLE@ sign /f %HF_PFX_FILE% /p %HF_PFX_PASSPHRASE% /tr http://tsa.starfieldtech.com /td SHA256 $%TEMP%\uninstaller.exe" = 0 + ${EndIf} !endif - ; The Inner invocation has written an uninstaller binary for us. - ; We need to sign it if it's a production build. - - ${If} "@PRODUCTION_BUILD@" == "1" - !system "signcode $%TEMP%\uninstaller.exe" = 0 - ${EndIf} - StrCmp "@CPACK_NSIS_ENABLE_UNINSTALL_BEFORE_INSTALL@" "ON" 0 inst ReadRegStr $0 HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\@CPACK_PACKAGE_INSTALL_REGISTRY_KEY@" "UninstallString"