[PATCH setup 4/4] Codesign setup.exe (DO NOT APPLY)

[Jon Turney <jon dot turney at dronecode dot org dot uk>]

As discussed in https://cygwin.com/ml/cygwin/2015-04/msg00133.html

This is quite straightforward, but unfortunately, requires a non-technical
problem to be solved to complete.

1/ A code signing certificate signed by a CA is required.

2/ The signature should be timestamped, so that it remains vaild after the
signing key expires, but I assume you have to use the timestamp service of
the CA that signed the key.

Signed-off-by: Jon Turney <jon.turney@dronecode.org.uk>
---
 .gitignore  |  2 ++
 Makefile.am | 13 +++++++++++--
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 8b81166..a27cae3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,3 +12,5 @@ autoconf.h.in*
 inilex.cc
 iniparse.cc
 iniparse.hh
+cygwin.crt
+cygwin.key
diff --git a/Makefile.am b/Makefile.am
index 12ad5ca..5afbb9f 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -293,8 +293,8 @@ setup-src:
 	git ls-files | tar -T - -cJf ${CURDIR}/$$ver-src.tar.xz;\
 	echo $$ver-src.tar.xz; exec rm -f $$ver
 
-# optional: strip and compress executable
-.PHONY:	strip upx
+# optional: strip, compress and sign executable
+.PHONY:	strip upx sign
 
 strip:	all
 	$(OBJCOPY) --add-gnu-debuglink=/dev/null --only-keep-debug setup$(EXEEXT) setup.dbg
@@ -307,3 +307,12 @@ upx:	strip
 	else \
 		echo "UPX doesn't seem to be installed, cannot compress setup$(EXEEXT)." ;\
 	fi
+
+sign:	upx
+	@if [ -e `which osslsigncode` ]; then \
+		osslsigncode sign -certs $(srcdir)/cygwin.crt -key $(srcdir)/cygwin.key -n "Cygwin setup" -i https://cygwin.com/ -in setup$(EXEEXT) -out setup-signed$(EXEEXT) ;\
+		chmod +x setup-signed.exe ;\
+		mv setup-signed.exe setup.exe ;\
+	else \
+		echo "osslsigncode not found, cannot sign setup$(EXEEXT)." ;\
+	fi
-- 
2.8.3