From ca0fa95f76426d8eeeef3084dbef41ddda307c20 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Villemot?= <sebastien@dynare.org>
Date: Fri, 15 May 2020 18:37:54 +0200
Subject: [PATCH] CI: activate timestamping of Authenticode signatures on
 Windows binaries

This is necessary if we want our signatures to remain valid after the
expiration of our certificate.

For more details, see:
https://www.digicert.com/blog/best-practices-timestamping/
---
 .gitlab-ci.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 5e0f61393a..9bbfd434df 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -223,7 +223,7 @@ deploy_release_stable:
     - pkg_windows
     - pkg_macOS
   script:
-    - f=(windows/exe/*) && osslsigncode sign -pkcs12 ~/dynare-object-signing.p12 -n Dynare -i https://www.dynare.org -in ${f[0]} -out ${f[0]}.signed && mv ${f[0]}.signed ${f[0]}
+    - f=(windows/exe/*) && osslsigncode sign -pkcs12 ~/dynare-object-signing.p12 -n Dynare -i https://www.dynare.org -t http://timestamp.digicert.com -in ${f[0]} -out ${f[0]}.signed && mv ${f[0]}.signed ${f[0]}
     - cp *.tar.xz /srv/www.dynare.org/release/source/
     - cp windows/exe/* /srv/www.dynare.org/release/windows/
     - cp windows/7z/* /srv/www.dynare.org/release/windows-7z/
@@ -245,7 +245,7 @@ deploy_beta_stable:
     - pkg_windows
     - pkg_macOS
   script:
-    - f=(windows/exe/*) && osslsigncode sign -pkcs12 ~/dynare-object-signing.p12 -n Dynare -i https://www.dynare.org -in ${f[0]} -out ${f[0]}.signed && mv ${f[0]}.signed ${f[0]}
+    - f=(windows/exe/*) && osslsigncode sign -pkcs12 ~/dynare-object-signing.p12 -n Dynare -i https://www.dynare.org -t http://timestamp.digicert.com -in ${f[0]} -out ${f[0]}.signed && mv ${f[0]}.signed ${f[0]}
     - cp *.tar.xz /srv/www.dynare.org/beta/source/
     - cp windows/exe/* /srv/www.dynare.org/beta/windows/
     - cp windows/7z/* /srv/www.dynare.org/beta/windows-7z/
-- 
GitLab