Update verify_signing.groovy to check Windows exes only have one sign…

…ature Signed-off-by: Andrew Leonard <[email protected]>
adoptium · Dec 5, 2024 · 4b16a3e · 4b16a3e
1 parent fb9c821
commit 4b16a3e
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/pipelines/build/common/verify_signing.groovy b/pipelines/build/common/verify_signing.groovy
@@ -185,8 +185,15 @@ void verifyExecutables(String unpack_dir) {
                         unsigned="$unsigned $f"
                         cc_unsigned=$((cc_unsigned+1))
                     else
-                        echo "Signed correctly: ${f}"
-                        cc_signed=$((cc_signed+1))
+                        num_sigs=$("${signtool}" verify /all /pa ${f} | grep -E '^[0-9][[:space:]]+sha256' | wc -l)
+                        if [[ "$num_sigs" -ne 1 ]]; then
+                            echo "Error: ${f} has ${num_sigs} Signatures, it must only have one."
+                            unsigned="$unsigned $f"
+                            cc_unsigned=$((cc_unsigned+1))
+                        else
+                            echo "Signed correctly: ${f}"
+                            cc_signed=$((cc_signed+1))
+                        fi
                     fi
                   done