summary refs log tree commit diff
path: root/signfile.bat
blob: 351926c2f0abaac0291b32f71bf44f26780b599b (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
@echo off

set BatchDir=%~dp0
set Target=%1

set CodesignFile=%BatchDir%BC_codesign.p12
set PasswordFile=%BatchDir%BC_password.txt
set TimestampUrl=http://timestamp.comodoca.com
rem set TimestampUrl=http://timestamp.sectigo.com
set /p CodesignPass=<"%PasswordFile%"

rem TODO Figure out how to locate this automatically, or somehow use the developer command prompt
set SignToolDir=C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x64\
set SignTool=%SignToolDir%signtool.exe

echo Preparing to sign %Target%
echo "%SignTool%" sign /f "%CodesignFile%" /fd sha256 /tr "%TimestampUrl%" /td sha256 /p PASSWORD %Target

rem Timestamp server requires 15 seconds or more between signing requests
rem When publishing need to limit parallel build tasks to 1 in Tools|Options|Projects and Solutions|Build and Run
set attempts=10
:DoWhile
    echo %attempts% attempts remaining
    echo Waiting for 30 seconds before issuing command (avoid timeserver rejection)
    ping -n 30 127.0.0.1 >NUL
    "%SignTool%" sign /f "%CodesignFile%" /fd sha256 /tr "%TimestampUrl%" /td sha256 /p "%CodesignPass%" %Target% && goto EndDoWhile
    set /a attempts = %attempts% - 1
    if %attempts% gtr 0 goto DoWhile
:EndDoWhile

"%SignTool%" verify /pa /tw %Target%