From 8b9d9f87e53e0a63a668f65137161e48f5d4d1f3 Mon Sep 17 00:00:00 2001
From: renaud gaudin <reg@rskg.org>
Date: Thu, 29 Aug 2024 16:15:29 +0000
Subject: [PATCH] Use specific version of signtool

Default version of signtool in PATH does not work properly with our CKA.
We could also load an SDK's env batch file instead but setting this on the workflow
is more maintainable as we'll get a clear missing file error on GA Image change
---
 .github/workflows/releaseNigthly.yml     | 1 +
 scripts/package_kiwix-desktop_windows.py | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/releaseNigthly.yml b/.github/workflows/releaseNigthly.yml
index c874f9cf..8d1f2872 100644
--- a/.github/workflows/releaseNigthly.yml
+++ b/.github/workflows/releaseNigthly.yml
@@ -92,6 +92,7 @@ jobs:
       run: |
         python .github\\scripts\\build_release_nightly.py
       env:
+        SIGNTOOL_PATH: "C:/Program Files (x86)/Windows Kits/10/bin/10.0.22621.0/x86/signtool.exe"
         SSH_KEY: ${{ runner.temp }}/id_rsa
     - name: Upload failure logs
       if: failure()
diff --git a/scripts/package_kiwix-desktop_windows.py b/scripts/package_kiwix-desktop_windows.py
index 7b17c938..3da393b6 100644
--- a/scripts/package_kiwix-desktop_windows.py
+++ b/scripts/package_kiwix-desktop_windows.py
@@ -52,7 +52,7 @@
     # We assume here that signtool and certificate are properly configured.
     # Env var `SIGNTOOL_THUMBPRINT` must contain thumbprint of the certificate to use.
     command = [
-        "signtool.exe",
+        os.getenv("SIGNTOOL_PATH", "signtool.exe"),
         "sign",
         "/fd",
         "sha256",