mirror of
https://github.com/vector-im/element-desktop.git
synced 2024-07-13 09:44:05 +00:00
69 lines
2.5 KiB
JavaScript
69 lines
2.5 KiB
JavaScript
const { execFile } = require('child_process');
|
|
const path = require('path');
|
|
|
|
// Loosely based on computeSignToolArgs from app-builder-lib/src/codeSign/windowsCodeSign.ts
|
|
function computeSignToolArgs(options, keyContainer) {
|
|
const args = [];
|
|
|
|
if (process.env.ELECTRON_BUILDER_OFFLINE !== "true") {
|
|
const timestampingServiceUrl = options.options.timeStampServer || "http://timestamp.digicert.com";
|
|
args.push(options.isNest || options.hash === "sha256" ? "/tr" : "/t", options.isNest || options.hash === "sha256" ? (options.options.rfc3161TimeStampServer || "http://timestamp.comodoca.com/rfc3161") : timestampingServiceUrl);
|
|
}
|
|
|
|
// We simplify and just specify the certificate subject name for our purposes
|
|
//args.push('/n', options.options.certificateSubjectName);
|
|
args.push('/kc', keyContainer);
|
|
// To use the hardware token (this should probably be less hardcoded)
|
|
args.push('/csp', 'eToken Base Cryptographic Provider');
|
|
args.push('/sha1', '83:0B:DA:5F:80:07:B1:74:6D:E9:32:DD:EC:8A:28:5B:69:41:3D:6C');
|
|
|
|
if (options.hash !== "sha1") {
|
|
args.push("/fd", options.hash)
|
|
if (process.env.ELECTRON_BUILDER_OFFLINE !== "true") {
|
|
args.push("/td", "sha256")
|
|
}
|
|
}
|
|
|
|
// msi does not support dual-signing
|
|
if (options.isNest) {
|
|
args.push("/as")
|
|
}
|
|
|
|
// https://github.com/electron-userland/electron-builder/issues/2875#issuecomment-387233610
|
|
args.push("/debug")
|
|
// must be last argument
|
|
args.push(options.path)
|
|
|
|
return args;
|
|
}
|
|
|
|
exports.default = async function(options) {
|
|
const keyContainer = process.env.SIGNING_KEY_CONTAINER;
|
|
if (keyContainer === undefined) {
|
|
console.warn(
|
|
"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n" +
|
|
"! Skipping Windows signing. !\n" +
|
|
"! SIGNING_KEY_CONTAINER not defined. !\n" +
|
|
"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!",
|
|
);
|
|
return;
|
|
}
|
|
|
|
const inPath = options.path;
|
|
const appOutDir = path.dirname(inPath);
|
|
|
|
return new Promise((resolve, reject) => {
|
|
const args = ['sign'].concat(computeSignToolArgs(options, keyContainer));
|
|
|
|
execFile('signtool', args, {}, (error, stdout) => {
|
|
if (error) {
|
|
console.error("signtool failed with code " + error);
|
|
reject("signtool failed with code " + error);
|
|
console.log(stdout);
|
|
} else {
|
|
resolve();
|
|
}
|
|
});
|
|
});
|
|
};
|