summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBrad King <brad.king@kitware.com>2022-05-19 16:32:25 (GMT)
committerBrad King <brad.king@kitware.com>2022-05-19 19:25:55 (GMT)
commit1eab922d9229c71fa903eda361e85205732025cf (patch)
treeb2611dcc84a537d5423829287f971356ab8e40e0
parentdb48074d58a0cb76f63c1be88f01943ccd3f6c47 (diff)
downloadCMake-1eab922d9229c71fa903eda361e85205732025cf.zip
CMake-1eab922d9229c71fa903eda361e85205732025cf.tar.gz
CMake-1eab922d9229c71fa903eda361e85205732025cf.tar.bz2
Utilities/Release: Add script to sign and package Windows binaries
Windows binaries for official releases on `cmake.org` are signed manually by a maintainer with a suitable signing certificate. Add a script to sign the binaries, run CPack, and sign the installer.
-rwxr-xr-xUtilities/Release/win/sign-package.ps129
1 files changed, 29 insertions, 0 deletions
diff --git a/Utilities/Release/win/sign-package.ps1 b/Utilities/Release/win/sign-package.ps1
new file mode 100755
index 0000000..0dbefd2
--- /dev/null
+++ b/Utilities/Release/win/sign-package.ps1
@@ -0,0 +1,29 @@
+# Distributed under the OSI-approved BSD 3-Clause License. See accompanying
+# file Copyright.txt or https://cmake.org/licensing for details.
+
+# Run this script on a Windows host in a CMake single-config build tree.
+
+param (
+ [string]$signtool = 'signtool',
+ [string]$cpack = 'bin\cpack',
+ [switch]$trace
+)
+
+if ($trace -eq $true) {
+ Set-PSDebug -Trace 1
+}
+
+$ErrorActionPreference = 'Stop'
+
+# Sign binaries with SHA-1 for Windows 7 and below.
+& $signtool sign -v -a -t http://timestamp.digicert.com bin\*.exe
+
+# Sign binaries with SHA-256 for Windows 8 and above.
+& $signtool sign -v -a -tr http://timestamp.digicert.com -fd sha256 -td sha256 -as bin\*.exe
+
+# Create packages.
+& $cpack -G ZIP
+& $cpack -G WIX
+
+# Sign installer with SHA-256.
+& $signtool sign -v -a -tr http://timestamp.digicert.com -fd sha256 -td sha256 -d "CMake Windows Installer" cmake-*-win*.msi