Update os/windows/dobuild.cmd to support signing binaries/installer

Since organizations are increasingly requiring software to be digitally
signed, or have heuristics that penalize unsigned software, add support
to do build.cmd to sign both the .exe binaries and the .msi installer.

Signed-off-by: Rebecca Cran <rebecca@bsdio.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/os/windows/dobuild.cmd b/os/windows/dobuild.cmd
index ef12d82d7a36c8eabdf9e8716ce782b3acc84a64..d06a2afab5d8607e36b8f75fa32d01c87d388389 100644 (file)
--- a/os/windows/dobuild.cmd
+++ b/os/windows/dobuild.cmd
@@ -26,9 +26,21 @@ if not defined FIO_ARCH (
   goto end\r
 )\r
 \r
+if defined SIGN_FIO (\r
+  signtool sign /n "%SIGNING_CN%" /t http://timestamp.digicert.com ..\..\fio.exe\r
+  signtool sign /as /n "%SIGNING_CN%" /tr http://timestamp.digicert.com /td sha256 /fd sha256 ..\..\fio.exe\r
+\r
+  signtool sign /n "%SIGNING_CN%" /t http://timestamp.digicert.com ..\..\t\*.exe\r
+  signtool sign /as /n "%SIGNING_CN%" /tr http://timestamp.digicert.com /td sha256 /fd sha256 ..\..\t\*.exe\r
+)\r
+\r
 "%WIX%bin\candle" -nologo -arch %FIO_ARCH% -dFioVersionNumbers="%FIO_VERSION_NUMBERS%" install.wxs\r
 @if ERRORLEVEL 1 goto end\r
 "%WIX%bin\candle" -nologo -arch %FIO_ARCH% examples.wxs\r
 @if ERRORLEVEL 1 goto end\r
 "%WIX%bin\light" -nologo -sice:ICE61 install.wixobj examples.wixobj -ext WixUIExtension -out %FIO_VERSION%-%FIO_ARCH%.msi\r
 :end\r
+\r
+if defined SIGN_FIO (\r
+  signtool sign /n "%SIGNING_CN%" /tr http://timestamp.digicert.com /td sha256 /fd sha256 %FIO_VERSION%-%FIO_ARCH%.msi\r
+)
\ No newline at end of file