From bd4a3f4a30c0c8fe88c2fb100336ea24ff3829b8 Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Mon, 17 Apr 2023 00:09:21 +0700
Subject: Basic setup for signing assemblies post-build

---
 signfile.bat | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 signfile.bat

(limited to 'signfile.bat')

diff --git a/signfile.bat b/signfile.bat
new file mode 100644
index 000000000..ddf09a054
--- /dev/null
+++ b/signfile.bat
@@ -0,0 +1,26 @@
+@echo off
+
+set BatchDir=%~dp0
+set Target=%1
+
+set CodesignFile=%BatchDir%BC_codesign.p12
+set PasswordFile=%BatchDir%BC_password.txt
+set TimestampUrl=http://timestamp.comodoca.com
+rem set TimestampUrl=http://timestamp.sectigo.com
+set /p CodesignPass=<"%PasswordFile%"
+
+rem TODO Figure out how to locate this automatically, or somehow use the developer command prompt
+set SignToolDir=C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x64\
+set SignTool=%SignToolDir%signtool.exe
+
+echo Preparing to sign %Target%
+echo "%SignTool%" sign /f "%CodesignFile%" /fd sha256 /tr "%TimestampUrl%" /td sha256 /p "%CodesignPass%" %Target% || exit /b 1
+echo Waiting for 20 seconds before issuing command (avoid timeserver rejection)
+
+rem Timestamp server requires 15 seconds or more between signing requests
+rem When publishing need to limit parallel build tasks to 1 in Tools|Options|Projects and Solutions|Build and Run
+ping -n 20 127.0.0.1 >NUL
+
+"%SignTool%" sign /f "%CodesignFile%" /fd sha256 /tr "%TimestampUrl%" /td sha256 /p "%CodesignPass%" %Target% || exit /b 1
+
+"%SignTool%" verify /pa /tw %Target% || exit /b 1
-- 
cgit 1.4.1