1 function Find-Tool { 2 param([string]$toolname) 3 4 $kitroot = (gp 'HKLM:\SOFTWARE\Microsoft\Windows Kits\Installed Roots\').KitsRoot10 5 $tool = (gci -r "$kitroot\Bin\*\x64\$toolname" | sort FullName -Desc | select -First 1) 6 if (-not $tool) { 7 throw "$toolname is not available" 8 } 9 Write-Host "Found $toolname at $($tool.FullName)" 10 return $tool.FullName 11 } 12 13 Set-Alias SignTool (Find-Tool "signtool.exe") -Scope Script 14 15 function Sign-File { 16 param([string]$certname, [string]$certsha1, [string]$certfile, [string]$description, [string[]]$files) 17 18 if (-not $description) { 19 $description = $env:SigningDescription; 20 if (-not $description) { 21 $description = "Python"; 22 } 23 } 24 if (-not $certsha1) { 25 $certsha1 = $env:SigningCertificateSha1; 26 } 27 if (-not $certname) { 28 $certname = $env:SigningCertificate; 29 } 30 if (-not $certfile) { 31 $certfile = $env:SigningCertificateFile; 32 } 33 34 foreach ($a in $files) { 35 if ($certsha1) { 36 SignTool sign /sha1 $certsha1 /fd sha256 /t http://timestamp.verisign.com/scripts/timestamp.dll /d $description $a 37 } elseif ($certname) { 38 SignTool sign /a /n $certname /fd sha256 /t http://timestamp.verisign.com/scripts/timestamp.dll /d $description $a 39 } elseif ($certfile) { 40 SignTool sign /f $certfile /fd sha256 /t http://timestamp.verisign.com/scripts/timestamp.dll /d $description $a 41 } else { 42 SignTool sign /a /fd sha256 /t http://timestamp.verisign.com/scripts/timestamp.dll /d $description $a 43 } 44 } 45 } 46 47
