From f8ca9e64a9d4ced73d09cfa7f5f1e280ecb4448e Mon Sep 17 00:00:00 2001
From: Stephen Birarda <commit@birarda.com>
Date: Tue, 12 Jan 2016 17:40:25 -0800
Subject: [PATCH] pass the signtool executable to nsis

---
 cmake/macros/OptionalWinExecutableSigning.cmake |  9 +--------
 cmake/macros/SetPackagingParameters.cmake       |  9 +++++++++
 cmake/templates/CPackProperties.cmake.in        |  1 +
 cmake/templates/NSIS.template.in                | 15 +++++++--------
 4 files changed, 18 insertions(+), 16 deletions(-)

diff --git a/cmake/macros/OptionalWinExecutableSigning.cmake b/cmake/macros/OptionalWinExecutableSigning.cmake
index f0be81c996..0ce7f89940 100644
--- a/cmake/macros/OptionalWinExecutableSigning.cmake
+++ b/cmake/macros/OptionalWinExecutableSigning.cmake
@@ -13,13 +13,6 @@ macro(optional_win_executable_signing)
   if (WIN32 AND (PRODUCTION_BUILD OR PR_BUILD))
     if (DEFINED ENV{HF_PFX_FILE})
       if (DEFINED ENV{HF_PFX_PASSPHRASE})
-        # find signtool
-        find_program(SIGNTOOL_EXEC signtool PATHS "C:/Program Files (x86)/Windows Kits/8.1" PATH_SUFFIXES "bin/x64")
-
-        if (NOT SIGNTOOL_EXEC)
-          message(FATAL_ERROR "Code signing of executables was requested but signtool.exe could not be found.")
-        endif ()
-
         message(STATUS "Executable for ${TARGET_NAME} will be signed with SignTool.")
 
         if (NOT EXECUTABLE_PATH)
@@ -29,7 +22,7 @@ macro(optional_win_executable_signing)
         # setup a post build command to sign the executable
         add_custom_command(
           TARGET ${TARGET_NAME} POST_BUILD
-          COMMAND ${SIGNTOOL_EXEC} sign /f %HF_PFX_FILE% /p %HF_PFX_PASSPHRASE% /tr http://tsa.starfieldtech.com /td SHA256 ${EXECUTABLE_PATH}
+          COMMAND ${SIGNTOOL_EXECUTABLE} sign /f %HF_PFX_FILE% /p %HF_PFX_PASSPHRASE% /tr http://tsa.starfieldtech.com /td SHA256 ${EXECUTABLE_PATH}
         )
       else ()
         message(FATAL_ERROR "HF_PFX_PASSPHRASE must be set for executables to be signed.")
diff --git a/cmake/macros/SetPackagingParameters.cmake b/cmake/macros/SetPackagingParameters.cmake
index 88257495f6..503c57a619 100644
--- a/cmake/macros/SetPackagingParameters.cmake
+++ b/cmake/macros/SetPackagingParameters.cmake
@@ -60,6 +60,15 @@ macro(SET_PACKAGING_PARAMETERS)
     # start menu shortcuts
     set(INTERFACE_SM_SHORTCUT_NAME "High Fidelity")
     set(CONSOLE_SM_SHORTCUT_NAME "Server Console")
+
+    # check if we need to find signtool
+    if (PRODUCTION_BUILD OR PR_BUILD)
+      find_program(SIGNTOOL_EXECUTABLE signtool PATHS "C:/Program Files (x86)/Windows Kits/8.1" PATH_SUFFIXES "bin/x64")
+
+      if (NOT SIGNTOOL_EXECUTABLE)
+        message(FATAL_ERROR "Code signing of executables was requested but signtool.exe could not be found.")
+      endif ()
+    endif ()
   endif ()
 
   if (APPLE)
diff --git a/cmake/templates/CPackProperties.cmake.in b/cmake/templates/CPackProperties.cmake.in
index 5e9caa3482..0c645afe4a 100644
--- a/cmake/templates/CPackProperties.cmake.in
+++ b/cmake/templates/CPackProperties.cmake.in
@@ -18,3 +18,4 @@ set(PRODUCTION_BUILD "@PRODUCTION_BUILD@")
 set(POST_INSTALL_OPTIONS_PATH "@POST_INSTALL_OPTIONS_PATH@")
 set(CLIENT_COMPONENT_NAME "@CLIENT_COMPONENT@")
 set(SERVER_COMPONENT_NAME "@SERVER_COMPONENT@")
+set(SIGNTOOL_EXECUTABLE "@SIGNTOOL_EXECUTABLE@")
diff --git a/cmake/templates/NSIS.template.in b/cmake/templates/NSIS.template.in
index 89c5d89a90..8676dabf0f 100644
--- a/cmake/templates/NSIS.template.in
+++ b/cmake/templates/NSIS.template.in
@@ -674,7 +674,6 @@ Section "-Core installation"
     SetOutPath $INSTDIR
 
     ; this packages the signed uninstaller
-
     File $%TEMP%\uninstaller.exe
   !endif
 
@@ -1101,15 +1100,15 @@ Function .onInit
 
     ; just bail out quickly when running the "inner" installer
     Quit
+  !else
+    ; The Inner invocation has written an uninstaller binary for us.
+    ; We need to sign it if it's a production build.
+
+    ${If} "@PRODUCTION_BUILD@" == "1"
+      !system "@SIGNTOOL_EXECUTABLE@ sign /f %HF_PFX_FILE% /p %HF_PFX_PASSPHRASE% /tr http://tsa.starfieldtech.com /td SHA256 $%TEMP%\uninstaller.exe" = 0
+    ${EndIf}
   !endif
 
-  ; The Inner invocation has written an uninstaller binary for us.
-  ; We need to sign it if it's a production build.
-
-  ${If} "@PRODUCTION_BUILD@" == "1"
-    !system "signcode <signing options> $%TEMP%\uninstaller.exe" = 0
-  ${EndIf}
-
   StrCmp "@CPACK_NSIS_ENABLE_UNINSTALL_BEFORE_INSTALL@" "ON" 0 inst
 
   ReadRegStr $0 HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\@CPACK_PACKAGE_INSTALL_REGISTRY_KEY@" "UninstallString"