Allow Windows layout builds to fully skip code signing (GH-12808)

2 files changed, 8 insertions, 3 deletions

diff --git a/Tools/msi/make_cat.ps1 b/Tools/msi/make_cat.ps1
index 7074143..cc3cd4a 100644
--- a/Tools/msi/make_cat.ps1
+++ b/Tools/msi/make_cat.ps1
@@ -16,6 +16,7 @@
 #>
 param(
     [Parameter(Mandatory=$true)][string]$catalog,
+    [switch]$sign,
     [string]$description,
     [string]$certname,
     [string]$certsha1,
@@ -31,4 +32,6 @@ MakeCat $catalog
 if (-not $?) {
     throw "Catalog compilation failed"
 }
-Sign-File -certname $certname -certsha1 $certsha1 -certfile $certfile -description $description -files @($catalog -replace 'cdf$', 'cat')
+if ($sign) {
+    Sign-File -certname $certname -certsha1 $certsha1 -certfile $certfile -description $description -files @($catalog -replace 'cdf$', 'cat')
+}
diff --git a/Tools/msi/sdktools.psm1 b/Tools/msi/sdktools.psm1
index 61edb34..8081b10 100644
--- a/Tools/msi/sdktools.psm1
+++ b/Tools/msi/sdktools.psm1
@@ -31,6 +31,10 @@ function Sign-File {
         $certfile = $env:SigningCertificateFile;
     }
 
+    if (-not ($certsha1 -or $certname -or $certfile)) {
+        throw "No signing certificate specified"
+    }
+
     foreach ($a in $files) {
         if ($certsha1) {
             SignTool sign /sha1 $certsha1 /fd sha256 /t http://timestamp.verisign.com/scripts/timestamp.dll /d $description $a
@@ -38,8 +42,6 @@ function Sign-File {
             SignTool sign /a /n $certname /fd sha256 /t http://timestamp.verisign.com/scripts/timestamp.dll /d $description $a
         } elseif ($certfile) {
             SignTool sign /f $certfile /fd sha256 /t http://timestamp.verisign.com/scripts/timestamp.dll /d $description $a
-        } else {
-            SignTool sign /a /fd sha256 /t http://timestamp.verisign.com/scripts/timestamp.dll /d $description $a
         }
     }
 }