[Python-checkins] Allow Windows layout builds to fully skip code signing (GH-12808)
Miss Islington (bot)
webhook-mailer at python.org
Fri Apr 12 14:44:07 EDT 2019
https://github.com/python/cpython/commit/c05c1165abe7614ab3530adf8bc6c6cdefa9d0af
commit: c05c1165abe7614ab3530adf8bc6c6cdefa9d0af
branch: 3.7
author: Miss Islington (bot) <31488909+miss-islington at users.noreply.github.com>
committer: GitHub <noreply at github.com>
date: 2019-04-12T11:44:00-07:00
summary:
Allow Windows layout builds to fully skip code signing (GH-12808)
(cherry picked from commit 606c66a17faf34a4e74d4829e8fe5ad0d2879434)
Co-authored-by: Steve Dower <steve.dower at microsoft.com>
files:
M Tools/msi/make_cat.ps1
M Tools/msi/sdktools.psm1
diff --git a/Tools/msi/make_cat.ps1 b/Tools/msi/make_cat.ps1
index 70741439869a..cc3cd4a2b50c 100644
--- a/Tools/msi/make_cat.ps1
+++ b/Tools/msi/make_cat.ps1
@@ -16,6 +16,7 @@
#>
param(
[Parameter(Mandatory=$true)][string]$catalog,
+ [switch]$sign,
[string]$description,
[string]$certname,
[string]$certsha1,
@@ -31,4 +32,6 @@ MakeCat $catalog
if (-not $?) {
throw "Catalog compilation failed"
}
-Sign-File -certname $certname -certsha1 $certsha1 -certfile $certfile -description $description -files @($catalog -replace 'cdf$', 'cat')
+if ($sign) {
+ Sign-File -certname $certname -certsha1 $certsha1 -certfile $certfile -description $description -files @($catalog -replace 'cdf$', 'cat')
+}
diff --git a/Tools/msi/sdktools.psm1 b/Tools/msi/sdktools.psm1
index 61edb3411760..8081b104d85a 100644
--- a/Tools/msi/sdktools.psm1
+++ b/Tools/msi/sdktools.psm1
@@ -31,6 +31,10 @@ function Sign-File {
$certfile = $env:SigningCertificateFile;
}
+ if (-not ($certsha1 -or $certname -or $certfile)) {
+ throw "No signing certificate specified"
+ }
+
foreach ($a in $files) {
if ($certsha1) {
SignTool sign /sha1 $certsha1 /fd sha256 /t http://timestamp.verisign.com/scripts/timestamp.dll /d $description $a
@@ -38,8 +42,6 @@ function Sign-File {
SignTool sign /a /n $certname /fd sha256 /t http://timestamp.verisign.com/scripts/timestamp.dll /d $description $a
} elseif ($certfile) {
SignTool sign /f $certfile /fd sha256 /t http://timestamp.verisign.com/scripts/timestamp.dll /d $description $a
- } else {
- SignTool sign /a /fd sha256 /t http://timestamp.verisign.com/scripts/timestamp.dll /d $description $a
}
}
}
More information about the Python-checkins
mailing list