Sign all of the Windows executable files
We can actually just supply a custom signing module here to do our signing rather than manually signing things in the afterSign hook. This means all 4 executable files get signed (the main exe, the stub exe, Update.exe and the installer).
This commit is contained in:
parent
bf26ec9d1a
commit
070d5fc6e8
3 changed files with 68 additions and 53 deletions
|
@ -186,7 +186,8 @@
|
|||
"win": {
|
||||
"target": {
|
||||
"target": "squirrel"
|
||||
}
|
||||
},
|
||||
"sign": "scripts/electron_winSign"
|
||||
},
|
||||
"directories": {
|
||||
"buildResources": "electron_app/build",
|
||||
|
|
|
@ -1,7 +1,4 @@
|
|||
const { notarize } = require('electron-notarize');
|
||||
const { exec, execFile } = require('child_process');
|
||||
const fs = require('fs');
|
||||
const shellescape = require('shell-escape');
|
||||
|
||||
exports.default = async function(context) {
|
||||
const { electronPlatformName, appOutDir } = context;
|
||||
|
@ -23,54 +20,5 @@ exports.default = async function(context) {
|
|||
appleId: userId,
|
||||
appleIdPassword: '@keychain:NOTARIZE_CREDS',
|
||||
});
|
||||
} else if (electronPlatformName === 'win32') {
|
||||
// This signs the actual Riot executable
|
||||
const appName = context.packager.appInfo.productFilename;
|
||||
|
||||
// get the token passphrase from the keychain
|
||||
const tokenPassphrase = await new Promise((resolve, reject) => {
|
||||
execFile(
|
||||
'security',
|
||||
['find-generic-password', '-s', 'riot_signing_token', '-w'],
|
||||
{},
|
||||
(err, stdout) => {
|
||||
if (err) {
|
||||
reject(err);
|
||||
} else {
|
||||
resolve(stdout.trim());
|
||||
}
|
||||
},
|
||||
);
|
||||
});
|
||||
|
||||
return new Promise((resolve, reject) => {
|
||||
let cmdLine = 'osslsigncode sign ';
|
||||
if (process.env.OSSLSIGNCODE_SIGNARGS) {
|
||||
cmdLine += process.env.OSSLSIGNCODE_SIGNARGS + ' ';
|
||||
}
|
||||
const tmpFile = 'tmp_' + Math.random().toString(36).substring(2, 15) + '.exe';
|
||||
cmdLine += shellescape([
|
||||
'-pass', tokenPassphrase,
|
||||
'-in', `${appOutDir}/${appName}.exe`,
|
||||
'-out', `${appOutDir}/${tmpFile}`,
|
||||
]);
|
||||
|
||||
const signproc = exec(cmdLine, {}, (error, stdout) => {
|
||||
console.log(stdout);
|
||||
});
|
||||
signproc.on('exit', (code) => {
|
||||
if (code !== 0) {
|
||||
reject("osslsigncode failed with code " + code);
|
||||
return;
|
||||
}
|
||||
fs.rename(`${appOutDir}/${tmpFile}`, `${appOutDir}/${appName}.exe`, (err) => {
|
||||
if (err) {
|
||||
reject(err);
|
||||
} else {
|
||||
resolve();
|
||||
}
|
||||
});
|
||||
});
|
||||
});
|
||||
}
|
||||
};
|
||||
|
|
66
scripts/electron_winSign.js
Normal file
66
scripts/electron_winSign.js
Normal file
|
@ -0,0 +1,66 @@
|
|||
const { exec, execFile } = require('child_process');
|
||||
const fs = require('fs');
|
||||
const path = require('path');
|
||||
const shellescape = require('shell-escape');
|
||||
|
||||
exports.default = async function(options) {
|
||||
const inPath = options.path;
|
||||
const appOutDir = path.dirname(inPath);
|
||||
|
||||
// get the token passphrase from the keychain
|
||||
const tokenPassphrase = await new Promise((resolve, reject) => {
|
||||
execFile(
|
||||
'security',
|
||||
['find-generic-password', '-s', 'riot_signing_token', '-w'],
|
||||
{},
|
||||
(err, stdout) => {
|
||||
if (err) {
|
||||
console.error("Couldn't find signing token in keychain", err);
|
||||
// electron-builder seems to print '[object Object]' on the
|
||||
// console whether you reject with an Error or a string...
|
||||
reject(err);
|
||||
} else {
|
||||
resolve(stdout.trim());
|
||||
}
|
||||
},
|
||||
);
|
||||
});
|
||||
|
||||
return new Promise((resolve, reject) => {
|
||||
let cmdLine = 'osslsigncode sign ';
|
||||
if (process.env.OSSLSIGNCODE_SIGNARGS) {
|
||||
cmdLine += process.env.OSSLSIGNCODE_SIGNARGS + ' ';
|
||||
}
|
||||
const tmpFile = path.join(
|
||||
appOutDir,
|
||||
'tmp_' + Math.random().toString(36).substring(2, 15) + '.exe',
|
||||
);
|
||||
const args = [
|
||||
'-hash', options.hash,
|
||||
'-pass', tokenPassphrase,
|
||||
'-in', inPath,
|
||||
'-out', tmpFile,
|
||||
];
|
||||
if (options.isNest) args.push('-nest');
|
||||
cmdLine += shellescape(args);
|
||||
|
||||
const signproc = exec(cmdLine, {}, (error, stdout) => {
|
||||
console.log(stdout);
|
||||
});
|
||||
signproc.on('exit', (code) => {
|
||||
if (code !== 0) {
|
||||
console.error("osslsigncode failed with code " + code);
|
||||
reject("osslsigncode failed with code " + code);
|
||||
return;
|
||||
}
|
||||
fs.rename(tmpFile, inPath, (err) => {
|
||||
if (err) {
|
||||
console.error("Error renaming file", err);
|
||||
reject(err);
|
||||
} else {
|
||||
resolve();
|
||||
}
|
||||
});
|
||||
});
|
||||
});
|
||||
};
|
Loading…
Reference in a new issue