Add option for weak verification

Add the option to pass only an assembly path to `signcode.verify` and
skip the leaf hash check. This is useful if the only goal is to check
for the presence of a signature.

Author: knuton

index.js

@@ -134,11 +134,16 @@ function spawnVerify (options, callback) {
   var args = [
     'verify',
     '-in',
-    options.path,
-    '-require-leaf-hash',
-    options.hash
+    options.path
   ]
 
+  if (options.hash != null) {
+    args.push(
+      '-require-leaf-hash',
+      options.hash
+    )
+  }
+
   var signcode = ChildProcess.spawn(getSigncodePath(), args)
 
   var stdout = ''

test/signcode-test.js

@@ -214,6 +214,13 @@ describe('signcode', function () {
   })
 
   describe('.verify(options)', function () {
+    it('verifies the presence of a signature on the executable', function (done) {
+      var verifyOptions = {
+        path: path.join(__dirname, 'fixtures', 'electron-signed.exe')
+      }
+      signcode.verify(verifyOptions, done)
+    })
+
     it('verifies the sha1 signature on the executable', function (done) {
       var verifyOptions = {
         hash: 'sha1:9BF51511E06FA5FFE1CE408584B9981AA4EFE7EA',