hide some build output and more consistent cert checks in post build

Tools/sign_binaries.ps1

@@ -12,6 +12,7 @@ param (
     $Exclude,
 
     [string]
+    [AllowEmptyString()]
     # The code signing certificate to use when signing the files.
     $CertificatePath,
 
@@ -29,55 +30,59 @@ Write-Output "===== Beginning $($PSCmdlet.MyInvocation.MyCommand) ====="
 $timeserver = "http://timestamp.verisign.com/scripts/timstamp.dll"
 
 
-if ($ConfigurationName -notmatch "Release") {
-    Write-Output "This is not a release build - we won't sign files."
-    return
-}
+#  validate release versions and if the certificate value was passed
+if ($ConfigurationName -match "Release" -And ($CertificatePath)) {
 
-if(-Not ([string]::IsNullOrEmpty($Env:APPVEYOR_BUILD_FOLDER)) ) {
-	$CertificatePath = Join-Path -Path $SolutionDir -ChildPath $CertificatePath
-}
+	if(-Not ([string]::IsNullOrEmpty($Env:APPVEYOR_BUILD_FOLDER)) ) {
+		$CertificatePath = Join-Path -Path $SolutionDir -ChildPath $CertificatePath
+	}
 
-if ($CertificatePath -eq "" -or !(Test-Path -Path $CertificatePath -PathType Leaf)) {
-    Write-Output "Certificate is not present - we won't sign files."
-    return
-}
+	# make sure the cert is actually available
+	if ($CertificatePath -eq "" -or !(Test-Path -Path $CertificatePath -PathType Leaf))
+	{
+	    Write-Output "Certificate is not present - we won't sign files."
+	    return
+	}
 
-if ($CertificatePassword -eq "") {
-    Write-Output "No certificate password was provided - we won't sign files."
-    return
-}
+	if ($CertificatePassword -eq "") {
+	    Write-Output "No certificate password was provided - we won't sign files."
+	    return
+	}
 
-try {
-    $certKeyStore = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::MachineKeySet
-    $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($CertificatePath, $CertificatePassword, $certKeyStore) -ErrorAction Stop
-} catch {
-    Write-Output "Error loading certificate file - we won't sign files."
-    Write-Output $Error[0]
-    return
-}
+	try {
+	    $certKeyStore = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::MachineKeySet
+	    $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($CertificatePath, $CertificatePassword, $certKeyStore) -ErrorAction Stop
+	} catch {
+	    Write-Output "Error loading certificate file - we won't sign files."
+	    Write-Output $Error[0]
+	    return
+	}
 
-# Sign MSI if we are building a release version and the certificate is available
-Write-Output "Signing Binaries"
-Write-Output "Getting files from path: $TargetDir"
-$signableFiles = Get-ChildItem -Path $TargetDir -Recurse | ?{$_.Extension -match "dll|exe|msi"} | ?{$Exclude -notcontains $_.Name}
+	# Sign MSI if we are building a release version and the certificate is available
+	Write-Output "Signing Binaries"
+	Write-Output "Getting files from path: $TargetDir"
+	$signableFiles = Get-ChildItem -Path $TargetDir -Recurse | ?{$_.Extension -match "dll|exe|msi"} | ?{$Exclude -notcontains $_.Name}
 
-$excluded_files = Get-ChildItem -Path $TargetDir -Recurse | ?{$_.Extension -match "dll|exe|msi"} | ?{$Exclude -contains $_.Name}
-$excluded_files | ForEach-Object `
-    -Begin { Write-Output "The following files were excluded from signing due to being on the exclusion list:" } `
-    -Process { Write-Output "-- $($_.FullName)" }
+	$excluded_files = Get-ChildItem -Path $TargetDir -Recurse | ?{$_.Extension -match "dll|exe|msi"} | ?{$Exclude -contains $_.Name}
+	$excluded_files | ForEach-Object `
+	    -Begin { Write-Output "The following files were excluded from signing due to being on the exclusion list:" } `
+	    -Process { Write-Output "-- $($_.FullName)" }
 
-Write-Output "Signable files count: $($signableFiles.Count)"
+	Write-Output "Signable files count: $($signableFiles.Count)"
 
 
-foreach ($file in $signableFiles) {
-    Set-AuthenticodeSignature -Certificate $cert -TimestampServer $timeserver -IncludeChain all -FilePath $file.FullName
-}
+	foreach ($file in $signableFiles) {
+	    Set-AuthenticodeSignature -Certificate $cert -TimestampServer $timeserver -IncludeChain all -FilePath $file.FullName
+	}
 
 
-# Release certificate
-if ($cert -ne $null) {
-    $cert.Dispose()
+	# Release certificate
+	if ($cert -ne $null) {
+	    $cert.Dispose()
+	}
+} else {
+    Write-Output "This is not a release build or CertificatePath wasn't provided - we won't sign files."
+    Write-Output "Config: $($ConfigurationName)`tCertPath: $($CertificatePath)"
 }
 
 Write-Output ""

Tools/verify_binary_signatures.ps1

@@ -9,6 +9,7 @@ param (
     
     [string]
     [Parameter(Mandatory=$true)]
+    [AllowEmptyString()]
     # The code signing certificate to use when signing the files.
     $CertificatePath,
     
@@ -19,13 +20,14 @@ param (
 
 Write-Output "===== Beginning $($PSCmdlet.MyInvocation.MyCommand) ====="
 
-#  validate release versions and if the certificate is available
-if ($ConfigurationName -match "Release") {
+#  validate release versions and if the certificate value was passed
+if ($ConfigurationName -match "Release" -And ($CertificatePath)) {
 	
 	if(-Not ([string]::IsNullOrEmpty($Env:APPVEYOR_BUILD_FOLDER)) ) {
 		$CertificatePath = Join-Path -Path $SolutionDir -ChildPath $CertificatePath
 	}
 	
+	# make sure the cert is actually available
 	if ($CertificatePath -eq "" -or !(Test-Path -Path $CertificatePath -PathType Leaf))
 	{
 	    Write-Output "Certificate is not present - files likely not signed - we won't verify file signatures."
@@ -50,7 +52,8 @@ if ($ConfigurationName -match "Release") {
         Write-Output "All files have valid signatures."
     }
 } else {
-    Write-Output "This is not a release build - we won't verify file signatures."
+    Write-Output "This is not a release build or CertificatePath wasn't provided - we won't verify file signatures."
+    Write-Output "Config: $($ConfigurationName)`tCertPath: $($CertificatePath)"
 }
 
 Write-Output ""