Amebis/MSICA
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Upgrade code signing to SHA-256

Browse Source 
Signed-off-by: Simon Rozman <simon@rozman.si>
This commit is contained in:
Simon Rozman 2021-10-13 09:16:00 +02:00
parent ef5e73f72f
commit f943510140
2 changed files with 2 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
include/Debug.props
View File

@ -40,13 +40,7 @@
<ItemGroup />
<Target Name="Sign" Condition="'$(ManifestCertificateThumbprint)' != '' and ('$(ConfigurationType)' == 'Application' or '$(ConfigurationType)' == 'DynamicLibrary')" AfterTargets="_Manifest" BeforeTargets="RegisterOutput" Inputs="$(OutDir)$(TargetName)$(TargetExt)" Outputs="$(IntDir)$(TargetName).sign">
<Message Text="Signing output file..." />
<!--
To make Windows XP and Vista compliant signatures, the binaries have to be signed using SHA1.
<SignFile> switches to SHA256 if the signing certificate is SHA256.
Reverted to signtool.exe until we can drop Windows XP and Vista support.
-->
<!--<SignFile CertificateThumbprint="$(ManifestCertificateThumbprint)" SigningTarget="$(OutDir)$(TargetName)$(TargetExt)" />-->
<Exec Command="signtool.exe sign /du &quot;https://www.amebis.si&quot; /sha1 &quot;%ManifestCertificateThumbprint%&quot; /fd sha1 /q &quot;$(TargetPath)&quot;" />
<Exec Command="signtool.exe sign /du &quot;https://www.amebis.si&quot; /sha1 &quot;%ManifestCertificateThumbprint%&quot; /fd sha256 /q &quot;$(TargetPath)&quot;" />
<Touch Files="$(IntDir)$(TargetName).sign" AlwaysCreate="true" />
</Target>
</Project>

8
include/Release.props
View File

@ -41,13 +41,7 @@
<ItemGroup />
<Target Name="Sign" Condition="'$(ManifestCertificateThumbprint)' != '' and ('$(ConfigurationType)' == 'Application' or '$(ConfigurationType)' == 'DynamicLibrary')" AfterTargets="_Manifest" BeforeTargets="RegisterOutput" Inputs="$(OutDir)$(TargetName)$(TargetExt)" Outputs="$(IntDir)$(TargetName).sign">
<Message Text="Signing output file..." />
<!--
To make Windows XP and Vista compliant signatures, the binaries have to be signed using SHA1.
<SignFile> switches to SHA256 if the signing certificate is SHA256.
Reverted to signtool.exe until we can drop Windows XP and Vista support.
-->
<!--<SignFile CertificateThumbprint="$(ManifestCertificateThumbprint)" TimestampUrl="$(ManifestTimestampUrl)" SigningTarget="$(OutDir)$(TargetName)$(TargetExt)" />-->
<Exec Command="signtool.exe sign /du &quot;https://www.amebis.si&quot; /sha1 &quot;%ManifestCertificateThumbprint%&quot; /fd sha1 /t &quot;%ManifestTimestampUrl%&quot; /q &quot;$(TargetPath)&quot;" />
<Exec Command="signtool.exe sign /sha1 &quot;%ManifestCertificateThumbprint%&quot; /fd sha256 /tr &quot;%ManifestTimestampRFC3161Url%&quot; /td sha256 /q &quot;$(TargetPath)&quot;" />
<Touch Files="$(IntDir)$(TargetName).sign" AlwaysCreate="true" />
</Target>
</Project>