From 909d8b8a0484410d31f032372c2be6777da38a02 Mon Sep 17 00:00:00 2001
From: Le Roux Bodenstein <lerouxb@gmail.com>
Date: Tue, 11 Feb 2025 13:30:40 +0000
Subject: [PATCH] fail if the file is not signed on windows

---
 .evergreen/verify-artifacts.sh | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.evergreen/verify-artifacts.sh b/.evergreen/verify-artifacts.sh
index 11864a81b55..a223d8fb4c2 100755
--- a/.evergreen/verify-artifacts.sh
+++ b/.evergreen/verify-artifacts.sh
@@ -34,6 +34,13 @@ verify_using_gpg() {
 verify_using_powershell() {
   echo "Verifying $1 using powershell"
   powershell Get-AuthenticodeSignature -FilePath $ARTIFACTS_DIR/$1 > "$TMP_FILE" 2>&1
+
+  # Get-AuthenticodeSignature just outputs text, it doesn't exit with a non-zero
+  # code if the file is not signed
+  if grep -q NotSigned "$TMP_FILE"; then
+    echo "File $1 is not signed"
+    exit 1
+  fi
 }
 
 verify_using_codesign() {