Changes between Version 20 and Version 21 of BuildingTapWindows6

Timestamp:

02/03/17 14:23:21 (5 years ago)

Author:

Samuli Seppänen

Comment:

--

BuildingTapWindows6

@@ -87 +87 @@
 }}}
 
-Run ''buildtap.py'' again using the same parameters as before, but ensure that you do not ''clean'' (-c) or ''build'' (-b). You should only ''package'' (-p) the dist directory into an installer. Copy the resulting ''installer'' to the ''code-signing computer'', or sign the installer using a user-mode code-signing SHA2 certificate on the ''build computer'' itself.
+Next you will need to run ''buildtap.py'' using the same parameters as before, except that you must not ''clean'' (-c) or ''build'' (-b).  You should only ''package'' (-p) the dist directory into an installer. If you have a user-mode ''SHA2'' certificate available on the ''build computer'', then it is easiest to sign with that, e.g.
+
+{{{
+$ python buildtap.py -p --sign --certfile=<my-sha2-certificate> --certpw=<password> --crosscert=<my-cross-cert> --timestamp=http://timestamp.digicert.com --ti=tapinstall
+}}}
+
+Alternatively copy the installer produced by ''buildtap.py'' to the ''code-signing computer'' for the additional signature, as described below.
 
 '''On code-signing computer'''
 
 Append a signature to the tap-windows-<versio>-<buildnum>.exe using ''Sign-Tap6.ps1''. Make sure you use the EV SHA2 certificate. Right now this process has not been automated, but the command-line is fairly easy to construct manually by looking at [https://github.com/mattock/sign-tap6/ Sign-Tap6.ps1].
-
-----
 
 If this process sounds complicated, that's because it is. At some point would make sense to adapt buildtap.py to add both signatures automatically, which would simplify the process dramatically. However, that would require porting buildtap.py to Windows Kit 10, which would require a non-trivial amount of work.