Force SHA-256 digest for timestamp signatures

Comodo timestamp server defaults to SHA-1. To make sure timestamp signatures are SHA-256, add appropriate signtool.exe flag.
2018-11-06 16:42:25 +01:00 · 2018-11-06 16:42:25 +01:00 · 1c74fe5e10
commit 1c74fe5e10
parent 841ac1b923
3 changed files with 2 additions and 2 deletions
--- a/MSI/MSIBuild
+++ b/MSI/MSIBuild
@ -1 +1 @@
-Subproject commit 17bf10bb2c150ac20d300c6d511fbdff781935da
+Subproject commit 332709b1d0349ec52255725c5da8f78c08296cca
--- a/MakefileLangPlatCfg.mak
+++ b/MakefileLangPlatCfg.mak
--- a/include/Release.props
+++ b/include/Release.props
@ -43,7 +43,7 @@
  <ItemGroup />
  <Target Name="Sign" Condition="'$(ManifestCertificateThumbprint)' != '' and ('$(ConfigurationType)' == 'Application' or '$(ConfigurationType)' == 'DynamicLibrary')" AfterTargets="_Manifest" BeforeTargets="RegisterOutput" Inputs="$(OutDir)$(TargetName)$(TargetExt)" Outputs="$(IntDir)$(TargetName).sign">
    <Message Text="Signing output file..." />
-    <Exec Command="signtool.exe sign /sha1 &quot;%ManifestCertificateThumbprint%&quot; /fd sha256 /tr &quot;%ManifestTimestampRFC3161Url%&quot; /q &quot;$(OutDir)$(TargetName)$(TargetExt)&quot;" />
+    <Exec Command="signtool.exe sign /sha1 &quot;%ManifestCertificateThumbprint%&quot; /fd sha256 /tr &quot;%ManifestTimestampRFC3161Url%&quot; /td sha256 /q &quot;$(OutDir)$(TargetName)$(TargetExt)&quot;" />
    <Touch Files="$(IntDir)$(TargetName).sign" AlwaysCreate="true" />
  </Target>
 </Project>