build: windows signing should include timestamps

Previously the build artifacts did not include a signed timestamp, so when the certificate expired the validation of the artifact would fail. Now we sign against a timestamp server such that the artifact will always be valid regardless of the disposition of the certificate. Closes nodejs#7360 and nodejs#7059.
scovetta · Mar 27, 2014 · a9d2224 · a9d2224
1 parent f68a116
commit a9d2224
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/vcbuild.bat b/vcbuild.bat
@@ -136,7 +136,8 @@ if errorlevel 1 goto exit
 @rem Skip signing if the `nosign` option was specified.
 if defined nosign goto licensertf
 
-signtool sign /a Release\node.exe
+signtool sign /a /d "Node.js" /t http://timestamp.globalsign.com/scripts/timestamp.dll Release\node.exe
+if errorlevel 1 echo Failed to sign exe&goto exit
 
 :licensertf
 @rem Skip license.rtf generation if not requested.
@@ -159,7 +160,8 @@ msbuild "%~dp0tools\msvs\msi\nodemsi.sln" /m /t:Clean,Build /p:Configuration=%co
 if errorlevel 1 goto exit
 
 if defined nosign goto run
-signtool sign /a Release\node-v%NODE_VERSION%-%msiplatform%.msi
+signtool sign /a /d "Node.js" /t http://timestamp.globalsign.com/scripts/timestamp.dll Release\node-v%NODE_VERSION%-%msiplatform%.msi
+if errorlevel 1 echo Failed to sign msi&goto exit
 
 :run
 @rem Run tests if requested.