blob: c5973f9abc6abf0c652e54306c58a250a76ac93d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
function Find-Tool {
param([string]$toolname)
$kitroot = (gp 'HKLM:\SOFTWARE\Microsoft\Windows Kits\Installed Roots\').KitsRoot10
$tool = (gci -r "$kitroot\Bin\*\x64\$toolname" | sort FullName -Desc | select -First 1)
if (-not $tool) {
throw "$toolname is not available"
}
Write-Host "Found $toolname at $($tool.FullName)"
return $tool.FullName
}
Set-Alias SignTool (Find-Tool "signtool.exe") -Scope Script
function Sign-File {
param([string]$certname, [string]$certsha1, [string]$certfile, [string]$description, [string[]]$files)
if (-not $description) {
$description = $env:SigningDescription;
if (-not $description) {
$description = "Python";
}
}
if (-not $certsha1) {
$certsha1 = $env:SigningCertificateSha1;
}
if (-not $certname) {
$certname = $env:SigningCertificate;
}
if (-not $certfile) {
$certfile = $env:SigningCertificateFile;
}
if (-not ($certsha1 -or $certname -or $certfile)) {
throw "No signing certificate specified"
}
foreach ($a in $files) {
if ($certsha1) {
SignTool sign /sha1 $certsha1 /fd sha256 /tr http://timestamp.digicert.com/ /td sha256 /d $description $a
} elseif ($certname) {
SignTool sign /a /n $certname /fd sha256 /tr http://timestamp.digicert.com/ /td sha256 /d $description $a
} elseif ($certfile) {
SignTool sign /f $certfile /fd sha256 /tr http://timestamp.digicert.com/ /td sha256 /d $description $a
}
}
}
|