git: code-sign .exe files

It has been reported that Windows File Protection (WFP) only caches results on code-signed .exe files. Which means that every script that calls unsigned .exe files, like, a gazillion files (such as Git does) are prone to execute super-slowly, for no good reason. So let's just code-sign the .exe files with the signtool command-line set via the SIGNTOOL environment variable. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
git-for-windows · Aug 24, 2016 · 4ddc5d6 · 4ddc5d6
1 parent 73d60ff
commit 4ddc5d6
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/mingw-w64-git/PKGBUILD b/mingw-w64-git/PKGBUILD
@@ -141,7 +141,17 @@ include Makefile
 
 print-builtins:
 	@echo $(BUILT_INS)
+
+sign-executables:
+ifeq (,$(SIGNTOOL))
+	@echo Skipping code-signing
+else
+	@eval $(SIGNTOOL) $(filter %.exe,$(ALL_PROGRAMS)) \
+		contrib/credential/wincred/git-credential-wincred.exe git.exe \
+		cmd/git{,-gui,k}.exe compat-bash.exe git-{bash,cmd}.exe
+endif
 EOF
+  make -f print.mak sign-executables &&
   make -f print.mak print-builtins | tr ' ' '\n' > builtins.txt &&
 
   CC=gcc make -C contrib/credential/wincred