From bb598b78f3f3e97f0fb18fe9382236e3ab086d08 Mon Sep 17 00:00:00 2001 From: Christoph Atteneder Date: Tue, 10 Dec 2019 12:27:58 +0100 Subject: [PATCH] Add command for signing windows executables with the default code signing certificate --- desktop/package/windows/package.bat | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/desktop/package/windows/package.bat b/desktop/package/windows/package.bat index 9e510d6b4ca..6a2251a8b69 100644 --- a/desktop/package/windows/package.bat +++ b/desktop/package/windows/package.bat @@ -2,6 +2,9 @@ :: - Inno Setup unicode installed (http://www.jrsoftware.org/isdl.php) :: - OracleJDK 10 installed :: Note: OpenJDK 10 does not have the javapackager util, so must use OracleJDK +:: - Sign Tool installed (https://docs.microsoft.com/en-us/windows/win32/seccrypto/signtool) +:: Note: Sign Tool is part of Windows 10 SDK (https://go.microsoft.com/fwlink/?LinkID=698771) +:: - Code signing certificate installed :: Prior to running this script: :: - Update version below :: - Ensure JAVA_HOME below is pointing to OracleJDK 10 directory @@ -115,6 +118,9 @@ if not exist "%package_dir%\windows\Bisq-%version%.exe" ( exit /B 3 ) +echo Signing executable with default Code Signing Certificate +call "C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe" sign /v /fd SHA256 /a "Bisq-%version%.exe" + echo SHA256 of %package_dir%\windows\Bisq-%version%.exe: for /F "delims=" %%h in ('certutil -hashfile "%package_dir%\windows\Bisq-%version%.exe" SHA256 ^| findstr -i -v "SHA256" ^| findstr -i -v "certutil"') do (set hash=%%h) echo %hash%