Merge pull request #12 from vector-im/dbkr/windows_signing

Sign natively on Windows
2025-01-18 15:34:59 +01:00 · 2019-12-12 09:47:09 +00:00 · 2019-12-12 09:47:09 +00:00 · c43a742df4
commit c43a742df4
parent 754634ef31 dff36277c4
3 changed files with 1 additions and 104 deletions
--- a/package.json
+++ b/package.json
@ -79,7 +79,7 @@
          "ia32"
        ]
      },
-      "sign": "scripts/electron_winSign"
+      "certificateSubjectName": "New Vector Ltd"
    },
    "directories": {
      "output": "dist"
--- a/riot.im/New_Vector_Ltd.pem
+++ b/riot.im/New_Vector_Ltd.pem
@ -1,34 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIF0jCCBLqgAwIBAgIRAISYBqZi3VvCUeSfHXF+cbwwDQYJKoZIhvcNAQELBQAw
-gZExCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
-BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTcwNQYD
-VQQDEy5DT01PRE8gUlNBIEV4dGVuZGVkIFZhbGlkYXRpb24gQ29kZSBTaWduaW5n
-IENBMB4XDTE3MDgyMzAwMDAwMFoXDTIwMDgyMjIzNTk1OVowgdgxETAPBgNVBAUT
-CDEwODczNjYxMRMwEQYLKwYBBAGCNzwCAQMTAkdCMR0wGwYDVQQPExRQcml2YXRl
-IE9yZ2FuaXphdGlvbjELMAkGA1UEBhMCR0IxETAPBgNVBBEMCFdDMVIgNEFHMQ8w
-DQYDVQQIDAZMb25kb24xDzANBgNVBAcMBkxvbmRvbjEbMBkGA1UECQwSMjYgUmVk
-IExpb24gU3F1YXJlMRcwFQYDVQQKDA5OZXcgVmVjdG9yIEx0ZDEXMBUGA1UEAwwO
-TmV3IFZlY3RvciBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7
-X0HP3oM/SVr6PboD03ndtYTONZDcJ/GJ3EyYi6UNrcbKjuDHwPktx9hjAhNjcVkG
-lmuTEPluPj9DbvjaTrers0cQsAS1vJ0RHjLfA93Flg1ys9Q6OThUMw77FtFPtiJU
-z5cSYzfFAhn/4dv7BcgGptn+Mv/8CaTu+RUZJUgoSlRWcT1TREmxkzWotbblqsHO
-zjDmUg20tL5/qpt6BSWsNespf5udKQFXMtqkczBcLvBLmql0vurVcQy8BibB+Q89
-QKwRzwLgaIa7O8WEssFcW8uJe9s0SNtUy8ehbuoSxpA/DbHFwsiDbNA78vp7HrqM
-qY6t6OIgLtDYBFCfe/btAgMBAAGjggHaMIIB1jAfBgNVHSMEGDAWgBTfj/MgDOnK
-pgTYW1g3Kj2rRtyDSTAdBgNVHQ4EFgQUH+mDOdRkF3bYDxCWEaGB4lxiCxcwDgYD
-VR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwMw
-EQYJYIZIAYb4QgEBBAQDAgQQMEYGA1UdIAQ/MD0wOwYMKwYBBAGyMQECAQYBMCsw
-KQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20vQ1BTMFUGA1Ud
-HwROMEwwSqBIoEaGRGh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1JTQUV4
-dGVuZGVkVmFsaWRhdGlvbkNvZGVTaWduaW5nQ0EuY3JsMIGGBggrBgEFBQcBAQR6
-MHgwUAYIKwYBBQUHMAKGRGh0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JT
-QUV4dGVuZGVkVmFsaWRhdGlvbkNvZGVTaWduaW5nQ0EuY3J0MCQGCCsGAQUFBzAB
-hhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wJgYDVR0RBB8wHaAbBggrBgEFBQcI
-A6APMA0MC0dCLTEwODczNjYxMA0GCSqGSIb3DQEBCwUAA4IBAQBJ2aH4aixh0aiz
-4WKlK+LMVLHpQ2POE3FZYNpAW7o1q2YDGEADXdGrygPE9NCGNBXKo0CAemCYNWfX
-Ov/jdoiMfeqW3vrZ66oEy8OqbvJSwK1xmomWuYw3wYPWcPVG+YbWYD2CGdQu8jTz
-fzAJCpvAuY3Wji3fQjiecAC7JCSB4fBHa0ALJOmiSqKQUUpkXs5kW7O0lPBnHzNF
-2tQGltXMSIrq1QfFtcreMyKlwDOxPIh360dv5aHhaeSRDRKxq7uq5ikQF2gjKx4k
-ieg2HRbAW6fVPpFr4zRS5umpeZV3i06i11VQQPS/mA/OBEXyaqzx4mr6B7U6ptrp
-jMqiUv2w
-----END CERTIFICATE-----
--- a/scripts/electron_winSign.js
+++ b/scripts/electron_winSign.js
@ -1,69 +0,0 @@
-const { exec, execFile } = require('child_process');
-const fs = require('fs');
-const path = require('path');
-const shellescape = require('shell-escape');
-
-exports.default = async function(options) {
-    const inPath = options.path;
-    const appOutDir = path.dirname(inPath);
-
-    // get the token passphrase from the keychain
-    const tokenPassphrase = await new Promise((resolve, reject) => {
-        execFile(
-            'security',
-            ['find-generic-password', '-s', 'riot_signing_token', '-w'],
-            {},
-            (err, stdout) => {
-                if (err) {
-                    console.error("Couldn't find signing token in keychain", err);
-                    // electron-builder seems to print '[object Object]' on the
-                    // console whether you reject with an Error or a string...
-                    reject(err);
-                } else {
-                    resolve(stdout.trim());
-                }
-            },
-        );
-    });
-
-    return new Promise((resolve, reject) => {
-        let cmdLine = 'osslsigncode sign ';
-        if (process.env.OSSLSIGNCODE_SIGNARGS) {
-            cmdLine += process.env.OSSLSIGNCODE_SIGNARGS + ' ';
-        }
-        const tmpFile = path.join(
-            appOutDir,
-            'tmp_' + Math.random().toString(36).substring(2, 15) + '.exe',
-        );
-        const args = [
-            '-h', options.hash,
-            '-pass', tokenPassphrase,
-            '-in', inPath,
-            '-out', tmpFile,
-        ];
-        if (options.isNest) args.push('-nest');
-        cmdLine += shellescape(args);
-
-        let signStdout;
-        const signproc = exec(cmdLine, {}, (error, stdout) => {
-            signStdout = stdout;
-        });
-        signproc.on('exit', (code) => {
-            if (code !== 0) {
-                console.log("Running", cmdLine);
-                console.log(signStdout);
-                console.error("osslsigncode failed with code " + code);
-                reject("osslsigncode failed with code " + code);
-                return;
-            }
-            fs.rename(tmpFile, inPath, (err) => {
-                if (err) {
-                    console.error("Error renaming file", err);
-                    reject(err);
-                } else {
-                    resolve();
-                }
-            });
-        });
-    });
-};