From 428dbabe81784a35f09d8a62c734d18554d78266 Mon Sep 17 00:00:00 2001
From: Damien Guard <damieng@gmail.com>
Date: Wed, 26 Oct 2016 10:46:02 -0700
Subject: [PATCH 1/2] Sign Windows builds with sha256 and timestamp

---
 script/lib/create-windows-installer.js | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/script/lib/create-windows-installer.js b/script/lib/create-windows-installer.js
index fb22dd085..c83f82b08 100644
--- a/script/lib/create-windows-installer.js
+++ b/script/lib/create-windows-installer.js
@@ -23,10 +23,17 @@ module.exports = function (packagedAppPath, codeSign) {
 
   const certPath = path.join(os.tmpdir(), 'win.p12')
   const signing = codeSign && process.env.WIN_P12KEY_URL
+
   if (signing) {
     downloadFileFromGithub(process.env.WIN_P12KEY_URL, certPath)
-    options.certificateFile = certPath
-    options.certificatePassword = process.env.WIN_P12KEY_PASSWORD
+    var signParams = []
+    signParams.push(`/f ${certPath}`) // Signing cert file
+    signParams.push(`/p ${process.env.WIN_P12KEY_PASSWORD}`) // Signing cert password
+    signParams.push('/fd sha256') // File digest algorithm
+    signParams.push('/tr http://timestamp.digicert.com') // Time stamp server
+    signParams.push('/td sha256') // Times stamp algorithm
+    signParams.push('/as') // Append signature
+    options.signWithParams = signParams.join(' ')
   } else {
     console.log('Skipping code-signing. Specify the --code-sign option and provide a WIN_P12KEY_URL environment variable to perform code-signing'.gray)
   }

From 0ba765d43e794c15d4824f46895ba7560776118b Mon Sep 17 00:00:00 2001
From: Damien Guard <damieng@gmail.com>
Date: Wed, 26 Oct 2016 14:35:07 -0700
Subject: [PATCH 2/2] Older signtool does not support append signature /as
 switch

---
 script/lib/create-windows-installer.js | 1 -
 1 file changed, 1 deletion(-)

diff --git a/script/lib/create-windows-installer.js b/script/lib/create-windows-installer.js
index c83f82b08..5dd7dfa6d 100644
--- a/script/lib/create-windows-installer.js
+++ b/script/lib/create-windows-installer.js
@@ -32,7 +32,6 @@ module.exports = function (packagedAppPath, codeSign) {
     signParams.push('/fd sha256') // File digest algorithm
     signParams.push('/tr http://timestamp.digicert.com') // Time stamp server
     signParams.push('/td sha256') // Times stamp algorithm
-    signParams.push('/as') // Append signature
     options.signWithParams = signParams.join(' ')
   } else {
     console.log('Skipping code-signing. Specify the --code-sign option and provide a WIN_P12KEY_URL environment variable to perform code-signing'.gray)