Make sure to sign all EXEs (#16141)

* Make sure to sign all EXEs

* type dev->dir

* Adjust code to sign all EXEs

build_scripts/build_windows-2-installer.ps1

@@ -68,14 +68,33 @@ mv temp.json package.json
 Write-Output "   ---"
 
 Write-Output "   ---"
-Write-Output "electron-builder"
-electron-builder build --win --x64 --config.productName="Chia"
+Write-Output "electron-builder create package directory"
+electron-builder build --win --x64 --config.productName="Chia" --dir
 Get-ChildItem dist\win-unpacked\resources
 Write-Output "   ---"
 
 If ($env:HAS_SIGNING_SECRET) {
    Write-Output "   ---"
-   Write-Output "Sign App"
+   Write-Output "Sign all EXEs"
+   Get-ChildItem ".\dist\win-unpacked" -Recurse | Where-Object { $_.Extension -eq ".exe" } | ForEach-Object {
+      $exePath = $_.FullName
+      Write-Output "Signing $exePath"
+      signtool.exe sign /sha1 $env:SM_CODE_SIGNING_CERT_SHA1_HASH /tr http://timestamp.digicert.com /td SHA256 /fd SHA256 $exePath
+      Write-Output "Verify signature"
+      signtool.exe verify /v /pa $exePath
+  }
+}    Else    {
+   Write-Output "Skipping verify signatures - no authorization to install certificates"
+}
+
+Write-Output "   ---"
+Write-Output "electron-builder create installer"
+electron-builder build --win --x64 --config.productName="Chia" --pd ".\dist\win-unpacked"
+Write-Output "   ---"
+
+If ($env:HAS_SIGNING_SECRET) {
+   Write-Output "   ---"
+   Write-Output "Sign Final Installer App"
    signtool.exe sign /sha1 $env:SM_CODE_SIGNING_CERT_SHA1_HASH /tr http://timestamp.digicert.com /td SHA256 /fd SHA256 .\dist\ChiaSetup-$packageVersion.exe
    Write-Output "   ---"
    Write-Output "Verify signature"