Find-Tool()1 function Find-Tool {
2     param([string]$toolname)
3 
4     $kitroot = (gp 'HKLM:\SOFTWARE\Microsoft\Windows Kits\Installed Roots\').KitsRoot10
5     $tool = (gci -r "$kitroot\Bin\*\x64\$toolname" | sort FullName -Desc | select -First 1)
6     if (-not $tool) {
7         throw "$toolname is not available"
8     }
9     Write-Host "Found $toolname at $($tool.FullName)"
10     return $tool.FullName
11 }
12 
13 Set-Alias SignTool (Find-Tool "signtool.exe") -Scope Script
14 
Sign-Filenull15 function Sign-File {
16     param([string]$certname, [string]$certsha1, [string]$certfile, [string]$description, [string[]]$files)
17 
18     if (-not $description) {
19         $description = $env:SigningDescription;
20         if (-not $description) {
21             $description = "Python";
22         }
23     }
24     if (-not $certsha1) {
25         $certsha1 = $env:SigningCertificateSha1;
26     }
27     if (-not $certname) {
28         $certname = $env:SigningCertificate;
29     }
30     if (-not $certfile) {
31         $certfile = $env:SigningCertificateFile;
32     }
33 
34     if (-not ($certsha1 -or $certname -or $certfile)) {
35         throw "No signing certificate specified"
36     }
37 
38     foreach ($a in $files) {
39         if ($certsha1) {
40             SignTool sign /sha1 $certsha1 /fd sha256 /tr http://timestamp.digicert.com/ /td sha256 /d $description $a
41         } elseif ($certname) {
42             SignTool sign /a /n $certname /fd sha256 /tr http://timestamp.digicert.com/ /td sha256 /d $description $a
43         } elseif ($certfile) {
44             SignTool sign /f $certfile /fd sha256 /tr http://timestamp.digicert.com/ /td sha256 /d $description $a
45         }
46     }
47 }
48 
49