From a484c16cfd2a9d59257cf49546ea411cfcd8287f Mon Sep 17 00:00:00 2001
From: Pieter van der Meulen <pieter.vandermeulen@surf.nl>
Date: Wed, 26 Jul 2023 13:50:37 +0200
Subject: [PATCH] Use -sign option to control siging and switch to the sectigo
 timestamping servers

---
 SolutionItems/MakeRelease.cmd | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/SolutionItems/MakeRelease.cmd b/SolutionItems/MakeRelease.cmd
index afa53d2..e7f7a68 100755
--- a/SolutionItems/MakeRelease.cmd
+++ b/SolutionItems/MakeRelease.cmd
@@ -97,14 +97,27 @@ copy %root_dir%\UPGRADE.md %release% || goto :error
 copy %root_dir%\KNOWN_ISSUES.md %release% || goto :error
 copy %root_dir%\CONFIGURATION.md %release% || goto :error
 
+@rem Message when signing is not enabled
 @if "%sign%" == "0" (
-	@choice /m "Sign release?" /c YN
-	@if "%errorlevel%" == "1" set sign=1
+  @echo.
+  @echo ------------------------------------------------------------
+  @echo Signing is not enabled, the release will not be signed  
+  @echo To sign the release, run MakeRelease.cmd -sign %version%
+  @echo ------------------------------------------------------------
+  @echo.
 )
 
+@rem Use signtool.exe from the windows SDK to create timestamped signature is requested
+@rem First we sign Setup.exe, later we sign the self extracting archive
+
+@rem Set the RFC 3161 timestamp service to use
+@rem @set timestampservice=http://timestamp.digicert.com
+@set timestampservice=http://timestamp.sectigo.com
+
 @if "%sign%" == "1" (
   @echo Signing Setup.exe
-  signtool sign /tr http://timestamp.digicert.com /td sha256 /fd sha256 /a %release%\Setup.exe || goto :error
+  @echo signtool.exe sign /tr %timestampservice% /td sha256 /fd sha256 /a %release%\Setup.exe
+  signtool.exe sign /tr %timestampservice% /td sha256 /fd sha256 /a %release%\Setup.exe || goto :error
 )
 
 @echo Making Self extracting archive
@@ -113,7 +126,8 @@ del %release%.exe
 
 @if "%sign%" == "1" (
   @echo Signing SetupPackage self extracting archive
-  signtool sign /tr http://timestamp.digicert.com /td sha256 /fd sha256 /a %release%.exe || goto :error
+  echo signtool.exe sign /tr %timestampservice% /td sha256 /fd sha256 /a %release%.exe
+  signtool.exe sign /tr %timestampservice% /td sha256 /fd sha256 /a %release%.exe || goto :error
 )
 
 @echo Sucessfully created Release %release%.exe