Nodejs/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2024-11-21 10:59:27 +00:00
Code Issues Actions 25 Packages Projects Releases Wiki Activity
45ec623de6
node/tools/sign.bat
Tobias Nießen 6311de3322
tools: upgrade Windows digital signature to SHA256 
signtool still defaults to SHA1, which is vulnerable to certain
collisions. This switches to SHA256, which is stronger and which also
matches the hash function used by the signing certificate.

Technically, `/fd certHash` would be a better choice, but I don't know
if it is widely supported.

PR-URL: https://github.com/nodejs/node/pull/47206
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2023-03-25 18:27:46 +00:00

16 lines
544 B
Batchfile
Raw Blame History

@echo off
set timeservers=(http://timestamp.globalsign.com/scripts/timestamp.dll http://timestamp.comodoca.com/authenticode http://timestamp.verisign.com/scripts/timestamp.dll http://tsa.starfieldtech.com)
for %%s in %timeservers% do (
signtool sign /a /d "Node.js" /du "https://nodejs.org" /fd SHA256 /t %%s %1
if not ERRORLEVEL 1 (
echo Successfully signed %1 using timeserver %%s
exit /b 0
)
echo Signing %1 failed using %%s
)
echo Could not sign %1 using any available timeserver
exit /b 1
Reference in New Issue View Git Blame Copy Permalink