diff --git a/Greenshot/releases/innosetup/setup.iss.template b/Greenshot/releases/innosetup/setup.iss.template index 526e47195..459fc7525 100644 --- a/Greenshot/releases/innosetup/setup.iss.template +++ b/Greenshot/releases/innosetup/setup.iss.template @@ -128,9 +128,9 @@ OutputDir=..\ PrivilegesRequired=none SetupIconFile=..\..\icons\applicationIcon\icon.ico ; Create a SHA1 signature -SignTool=SignTool sign /debug /fd sha1 /a /f ..\..\..\Greenshot.pfx /p %CertificatePassword% /tr http://time.certum.pl /td sha1 $f +SignTool=SignTool sign /debug /fd sha1 /a /tr http://time.certum.pl /td sha1 $f ; Append a SHA256 to the previous SHA1 signature (this is what as does) -SignTool=SignTool sign /as /debug /fd sha256 /a /f ..\..\..\Greenshot.pfx /p %CertificatePassword% /a /tr http://time.certum.pl /td sha256 $f +SignTool=SignTool sign /debug /as /fd sha256 /a /tr http://time.certum.pl /td sha256 $f SignedUninstaller=yes UninstallDisplayIcon={app}\{#ExeName}.exe Uninstallable=true diff --git a/build.ps1 b/build.ps1 index 726f075a3..bcf0c0eb2 100644 --- a/build.ps1 +++ b/build.ps1 @@ -55,6 +55,7 @@ Function MD5($filename) { Function PrepareCertificate() { $decodedContentBytes = [System.Convert]::FromBase64String($env:Certificate) $decodedContentBytes | set-content "greenshot.pfx" -encoding byte + certutil -f -p $env:CertificatePassword -importpfx "greenshot.pfx" } # Sign the file with Signtool before they are packed in the installer / .zip etc @@ -64,8 +65,8 @@ Function SignBinaryFilesBeforeBuildingInstaller() { $INCLUDE=@("*.exe", "*.gsp", "*.dll") Get-ChildItem -Path "$sourcebase" -Recurse -Include $INCLUDE | foreach { Write-Host "Signing $_" - $signSha1Arguments = @('sign', '/fd ', 'sha1', '/a', '/f', "$(get-location)\Greenshot.pfx", '/p', $env:CertificatePassword, '/tr', 'http://time.certum.pl', '/td', 'sha1', $_) - $signSha256Arguments = @('sign', '/as', '/fd ', 'sha256', '/a', '/f', "$(get-location)\Greenshot.pfx", '/p', $env:CertificatePassword, '/tr', 'http://time.certum.pl', '/td', 'sha256', $_) + $signSha1Arguments = @('sign', '/fd ', 'sha1' , '/a', '/tr', 'http://time.certum.pl', '/td', 'sha1' , $_) + $signSha256Arguments = @('sign', '/as', '/fd ', 'sha256', '/a', '/tr', 'http://time.certum.pl', '/td', 'sha256', $_) Start-Process -wait -PassThru $env:SignTool -ArgumentList $signSha1Arguments -NoNewWindow Start-Process -wait -PassThru $env:SignTool -ArgumentList $signSha256Arguments -NoNewWindow @@ -269,7 +270,7 @@ Function PackageInstaller { $innoSetup = "$(get-location)\packages\Tools.InnoSetup.5.5.9\tools\ISCC.exe" $innoSetupFile = "$(get-location)\greenshot\releases\innosetup\setup.iss" Write-Host "Starting $innoSetup $innoSetupFile" - $arguments = @("/SSignTool=""$env:SignTool `$p""", $innoSetupFile) + $arguments = @("/Qp /SSignTool=""$env:SignTool `$p""", $innoSetupFile) $setupResult = Start-Process -wait -PassThru "$innoSetup" -ArgumentList $arguments -NoNewWindow -RedirectStandardOutput "$setupOutput.log" -RedirectStandardError "$setupOutput.error" Write-Host "Log output:" Get-Content "$setupOutput.log"| Write-Host