From 16eec1724ef916ef1e9eb4be585c2dc27b7a7270 Mon Sep 17 00:00:00 2001
From: Chris Darroch <chrisd8088@github.com>
Date: Fri, 15 Apr 2022 15:25:34 -0700
Subject: [PATCH] Makefile: update Windows signing certificate hash

The Git LFS signing certificate for Windows binaries has changed, so
we update the default signing certificate SHA-1 hash in the Makefile.

(The last update was in 2019 in PR #3623.)

The commands used to generate this hash were:

openssl pkcs12 -info -in codesign.pfx -out foo.pem
openssl x509 -text -in foo.pem -fingerprint | \
  grep Fingerprint | sed 's/^SHA1 Fingerprint=//' | \
  sed 's/://g' | tr [:upper:] [:lower:]

h/t kb2204 for the info on the fingerprint
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 387ae7b8..8a2fbf35 100644
--- a/Makefile
+++ b/Makefile
@@ -68,7 +68,7 @@ TAR_XFORM_CMD ?= $(shell tar --version | grep -q 'GNU tar' && echo 's')
 
 # CERT_SHA1 is the SHA-1 hash of the Windows code-signing cert to use.  The
 # actual signature is made with SHA-256.
-CERT_SHA1 ?= 824455beeb23fe270e756ca04ec8e902d19c62aa
+CERT_SHA1 ?= 27ea8f81ce920bccd2174e3b272f2ba247605be6
 
 # CERT_FILE is the PKCS#12 file holding the certificate.
 CERT_FILE ?=