Add batch file to sign main executables

All future releases of UIforETW will have the two main executables signed. This is particularly important since these two are run as administrator. SHA1 signing is currently not used because it does not seem to add any value for the operating systems (Windows 7 and above, and maybe Windows Vista, but probably not) that UIforETW targets. If SHA1 is needed I can add it - but I hate having to type the signing-key password twice.
google · Mar 26, 2017 · 47af88a · 47af88a
1 parent 8001205
commit 47af88a
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/SignBinaries.bat b/SignBinaries.bat
@@ -0,0 +1,19 @@
+@echo off
+set local
+rem Signing pattern taken from:
+rem https://textslashplain.com/2016/01/10/authenticode-in-2016/
+
+rem Add path for signtool
+set path=%path%;C:\Program Files (x86)\Windows Kits\10\bin\x64
+
+rem So far I see no indications that SHA1 signing is actually needed.
+rem signtool sign /d "UIforETW" /du "https://github.com/google/UIforETW/releases" /n "Bruce Dawson" /tr http://timestamp.digicert.com /fd SHA1 %~dp0bin\UIforETW.exe %~dp0bin\UIforETW32.exe
+rem @if not %errorlevel% equ 0 goto failure
+
+rem Sign both 64-bit and 32-bit versions of UIforETW with the same description.
+signtool sign /d "UIforETW" /du "https://github.com/google/UIforETW/releases" /n "Bruce Dawson" /tr http://timestamp.digicert.com /td SHA256 /fd SHA256 %~dp0bin\UIforETW.exe %~dp0bin\UIforETW32.exe
+@if not %errorlevel% equ 0 goto failure
+exit /b
+
+:failure
+echo Signing failed!