remove the need for CERT_PWD

Author: kjk

do/build.go

@@ -383,13 +383,6 @@ func signFilesMust(dir string) {
 	signMust(filepath.Join(dir, "SumatraPDF-dll.exe"))
 }
 
-func signFilesOptional(dir string) {
-	if !hasCertPwd() {
-		return
-	}
-	signFilesMust(dir)
-}
-
 const (
 	kPlatformIntel32 = "Win32"
 	kPlatformIntel64 = "x64"
@@ -632,7 +625,6 @@ func buildSmoke() {
 
 // 	p := fmt.Sprintf(`/p:Configuration=%s;Platform=%s`, config, platform)
 // 	runExeLoggedMust(msbuildPath, slnPath, `/t:SumatraPDF`, p, `/m`)
-// 	signFilesOptional(dir)
 // }
 
 func buildTestUtil() {

do/main.go

@@ -20,7 +20,6 @@ var (
 	b2Access          string
 	b2Secret          string
 	transUploadSecret string
-	certPwd           string
 )
 
 func loadSecrets() bool {
@@ -49,7 +48,6 @@ func loadSecrets() bool {
 	getEnv("BB_ACCESS", &b2Access, 8)
 	getEnv("BB_SECRET", &b2Secret, 8)
 	getEnv("TRANS_UPLOAD_SECRET", &transUploadSecret, 4)
-	getEnv("CERT_PWD", &certPwd, 4)
 	return true
 }
 
@@ -69,7 +67,6 @@ func getSecrets() {
 	b2Access = os.Getenv("BB_ACCESS")
 	b2Secret = os.Getenv("BB_SECRET")
 	transUploadSecret = os.Getenv("TRANS_UPLOAD_SECRET")
-	certPwd = os.Getenv("CERT_PWD")
 }
 
 func regenPremake() {
@@ -190,9 +187,6 @@ func ensureBuildOptionsPreRequesites(opts *BuildOptions) {
 		ensureAllUploadCreds()
 	}
 
-	if opts.sign {
-		panicIf(!hasCertPwd(), "CERT_PWD env variable is not set")
-	}
 	if opts.verifyTranslationUpToDate {
 		verifyTranslationsMust()
 	}

do/sign.go

@@ -18,8 +18,12 @@ func runCmdLoggedRedacted(cmd *exec.Cmd, redact string) error {
 	return cmd.Run()
 }
 
-func hasCertPwd() bool {
-	return strings.TrimSpace(certPwd) != ""
+func runCmdLogged(cmd *exec.Cmd) error {
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	s := cmd.String()
+	fmt.Printf("> %s\n", s)
+	return cmd.Run()
 }
 
 // https://zabkat.com/blog/code-signing-sha1-armageddon.htm
@@ -38,15 +42,6 @@ func signMust(path string) {
 	// the sign tool is finicky, so copy the cert to the same dir as
 	// the exe we're signing
 
-	if false {
-		if certPwd == "" {
-			if flgSkipSign {
-				return
-			}
-		}
-		panicIf(certPwd == "", "CERT_PWD env variable not set")
-	}
-
 	// retry 3 times because signing might fail due to temorary error
 	// ("The specified timestamp server either could not be reached or")
 	var err error
@@ -67,10 +62,11 @@ func signMust(path string) {
 				"/fd", "sha256",
 				fileName)
 			cmd.Dir = fileDir
-			err = runCmdLoggedRedacted(cmd, certPwd)
+			err = runCmdLogged(cmd)
 		}
 
 		if false && err == nil {
+			certPwd := ""
 			// double-sign with sha2 for win7+ ater Jan 2016
 			cmd := exec.Command(signtoolPath, "sign", "/fd", "sha256", "/tr", signServer,
 				"/td", "sha256", "/f", "cert.pfx",