From f7c13a306317f2df822cab3577f37edf234565d6 Mon Sep 17 00:00:00 2001
From: Jay Lee <jay0lee@gmail.com>
Date: Tue, 24 Sep 2024 11:29:48 -0400
Subject: [PATCH] actions: signtool /pa to trust broader set of CAs

---
 .github/workflows/build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 6aa5d0aa..b81ab93f 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -661,7 +661,7 @@ jobs:
           # remove unsigned gam.exe and rename signed-gam.exe
           rm -v -f "${gampath}/gam.exe"
           mv -v -f "${gampath}/signed-gam.exe" "${gampath}/gam.exe"
-          "/c/Program Files (x86)/Windows Kits/10/bin/10.0.22621.0/x64/signtool.exe" verify /v "$gam"
+          "/c/Program Files (x86)/Windows Kits/10/bin/10.0.22621.0/x64/signtool.exe" verify /v /pa "$gam"
 
       - name: Attest gam executable was generated from this Action
         uses: actions/attest-build-provenance@v1