diff --git a/package.json b/package.json index e015d8b..00563c0 100644 --- a/package.json +++ b/package.json @@ -157,14 +157,12 @@ "win": { "target": [ "squirrel" - ], - "sign": "scripts/electron_winSign" + ] }, "directories": { "output": "dist" }, "afterPack": "scripts/electron_afterPack", - "afterSign": "scripts/electron_afterSign", "protocols": [ { "name": "element", diff --git a/scripts/electron_afterSign.js b/scripts/electron_afterSign.js deleted file mode 100644 index f5ba340..0000000 --- a/scripts/electron_afterSign.js +++ /dev/null @@ -1,40 +0,0 @@ -const { notarize } = require("@electron/notarize"); - -let warned = false; -exports.default = async function (context) { - const { electronPlatformName, appOutDir } = context; - const appId = context.packager.info.appInfo.id; - - if (electronPlatformName === "darwin") { - const appName = context.packager.appInfo.productFilename; - - const notarizeToolCredentials = {}; - if (process.env.NOTARIZE_KEYCHAIN_PROFILE) { - notarizeToolCredentials.keychainProfile = process.env.NOTARIZE_KEYCHAIN_PROFILE; - notarizeToolCredentials.keychain = process.env.NOTARIZE_KEYCHAIN; - } else if (process.env.NOTARIZE_APPLE_ID && process.env.NOTARIZE_APPLE_ID_PASSWORD && process.env.NOTARIZE_TEAM_ID) { - notarizeToolCredentials.appleId = process.env.NOTARIZE_APPLE_ID; - notarizeToolCredentials.appleIdPassword = process.env.NOTARIZE_APPLE_ID_PASSWORD; - notarizeToolCredentials.teamId = process.env.NOTARIZE_TEAM_ID; - } else { - if (!warned) { - console.log("*****************************************"); - console.log("* This build will NOT be notarised. *"); - console.log("* Provide NOTARIZE_KEYCHAIN_PROFILE or *"); - console.log("* NOTARIZE_APPLE_ID, NOTARIZE_TEAM_ID *"); - console.log("* and NOTARIZE_APPLE_ID_PASSWORD *"); - console.log("*****************************************"); - warned = true; - } - return; - } - - console.log("Notarising macOS app. This may be some time."); - return await notarize({ - tool: "notarytool", - appBundleId: appId, - appPath: `${appOutDir}/${appName}.app`, - ...notarizeToolCredentials, - }); - } -}; diff --git a/scripts/electron_winSign.js b/scripts/electron_winSign.js deleted file mode 100644 index abacd95..0000000 --- a/scripts/electron_winSign.js +++ /dev/null @@ -1,78 +0,0 @@ -const { execFile } = require("child_process"); - -// Loosely based on computeSignToolArgs from app-builder-lib/src/codeSign/windowsCodeSign.ts -function computeSignToolArgs(options, keyContainer) { - const args = []; - - if (process.env.ELECTRON_BUILDER_OFFLINE !== "true") { - const timestampingServiceUrl = options.options.timeStampServer || "http://timestamp.digicert.com"; - args.push( - options.isNest || options.hash === "sha256" ? "/tr" : "/t", - options.isNest || options.hash === "sha256" - ? options.options.rfc3161TimeStampServer || "http://timestamp.comodoca.com/rfc3161" - : timestampingServiceUrl, - ); - } - - args.push("/kc", keyContainer); - // To use the hardware token (this should probably be less hardcoded) - args.push("/csp", "eToken Base Cryptographic Provider"); - // The certificate file. Somehow this appears to be the only way to specify - // the cert that works. If you specify the subject name or hash, it will - // say it can't associate the private key to the certificate. - // TODO: Find a way to pass this through from the electron-builder config - // so we don't have to hard-code this here - // fwiw https://stackoverflow.com/questions/17927895/automate-extended-validation-ev-code-signing - // is about the most useful resource on automating code signing... - args.push("/f", "element.io\\New_Vector_Ltd.pem"); - - if (options.hash !== "sha1") { - args.push("/fd", options.hash); - if (process.env.ELECTRON_BUILDER_OFFLINE !== "true") { - args.push("/td", "sha256"); - } - } - - // msi does not support dual-signing - if (options.isNest) { - args.push("/as"); - } - - // https://github.com/electron-userland/electron-builder/issues/2875#issuecomment-387233610 - args.push("/debug"); - // must be last argument - args.push(options.path); - - return args; -} - -let warned = false; -exports.default = async function (options) { - const keyContainer = process.env.SIGNING_KEY_CONTAINER; - if (keyContainer === undefined) { - if (!warned) { - console.warn( - "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n" + - "! Skipping Windows signing. !\n" + - "! SIGNING_KEY_CONTAINER not defined. !\n" + - "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!", - ); - warned = true; - } - return; - } - - return new Promise((resolve, reject) => { - const args = ["sign"].concat(computeSignToolArgs(options, keyContainer)); - - execFile("signtool", args, {}, (error, stdout) => { - if (error) { - console.error("signtool failed with code " + error); - reject("signtool failed with code " + error); - console.log(stdout); - } else { - resolve(); - } - }); - }); -}; diff --git a/scripts/generate-builder-config.ts b/scripts/generate-builder-config.ts index 1ba707b..7168fa7 100755 --- a/scripts/generate-builder-config.ts +++ b/scripts/generate-builder-config.ts @@ -8,7 +8,7 @@ * Prefixes the nightly version with `0.0.1-nightly.` as it breaks if it is not semver * * On macOS: - * Passes --notarytool-team-id to build.mac.notarize.notarize if specified and removes build.mac.afterSign + * Passes --notarytool-team-id to build.mac.notarize.notarize if specified * * On Linux: * Replaces spaces in the product name with dashes as spaces in paths can cause issues @@ -87,14 +87,12 @@ async function main(): Promise { } if (argv["signtool-thumbprint"] && argv["signtool-subject-name"]) { - delete cfg.win!.sign; cfg.win!.signingHashAlgorithms = ["sha256"]; cfg.win!.certificateSubjectName = argv["signtool-subject-name"]; cfg.win!.certificateSha1 = argv["signtool-thumbprint"]; } if (argv["notarytool-team-id"]) { - delete cfg.afterSign; cfg.mac!.notarize = { teamId: argv["notarytool-team-id"], };