use quotes in nsis template for signtool path

cmake/macros/SetPackagingParameters.cmake

@@ -68,10 +68,6 @@ macro(SET_PACKAGING_PARAMETERS)
       if (NOT SIGNTOOL_EXECUTABLE)
         message(FATAL_ERROR "Code signing of executables was requested but signtool.exe could not be found.")
       endif ()
-
-      # perform a string replacement on the produced path so it is ready for NSIS
-      string(REPLACE "/" "\\\\" _SIGNTOOL_EXECUTABLE_BACKSLASH ${SIGNTOOL_EXECUTABLE})
-      string(REPLACE " " "\\ " SIGNTOOL_EXECUTABLE_ESCAPED ${_SIGNTOOL_EXECUTABLE_BACKSLASH})
     endif ()
   endif ()
 

cmake/templates/CPackProperties.cmake.in

@@ -18,4 +18,4 @@ set(PRODUCTION_BUILD "@PRODUCTION_BUILD@")
 set(POST_INSTALL_OPTIONS_PATH "@POST_INSTALL_OPTIONS_PATH@")
 set(CLIENT_COMPONENT_NAME "@CLIENT_COMPONENT@")
 set(SERVER_COMPONENT_NAME "@SERVER_COMPONENT@")
-set(SIGNTOOL_EXECUTABLE "@SIGNTOOL_EXECUTABLE_ESCAPED@")
+set(SIGNTOOL_EXECUTABLE "@SIGNTOOL_EXECUTABLE@")

cmake/templates/NSIS.template.in

@@ -52,7 +52,7 @@
     ; The Inner invocation has written an uninstaller binary for us.
     ; We need to sign it if it's a production or PR build.
     !if @PRODUCTION_BUILD@ == 1
-      !system "@SIGNTOOL_EXECUTABLE@ sign /f %HF_PFX_FILE% /p %HF_PFX_PASSPHRASE% /tr http://tsa.starfieldtech.com /td SHA256 $%TEMP%\uninstaller.exe" = 0
+      !system '"@SIGNTOOL_EXECUTABLE@" sign /f %HF_PFX_FILE% /p %HF_PFX_PASSPHRASE% /tr http://tsa.starfieldtech.com /td SHA256 $%TEMP%\uninstaller.exe' = 0
     !endif
 
     ; Good.  Now we can carry on writing the real installer.