Skip to content

Commit

Permalink
cleanup
Browse files Browse the repository at this point in the history
  • Loading branch information
mmaietta committed Sep 9, 2024
1 parent bc6a0c5 commit 0d24b78
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 37 deletions.
54 changes: 26 additions & 28 deletions packages/app-builder-lib/src/codeSign/windowsCodeSign.ts
Original file line number Diff line number Diff line change
Expand Up @@ -60,28 +60,23 @@ export async function sign(options: WindowsSignOptions, packager: WinPackager):
}

log.info(null, "signing with signtool.exe")
const message = "deprecated field. Please move to win.signtoolOptions.<field_name>"
if (options.options.certificateFile) {
log.info({ field: "certificateFile" }, message)
}
if (options.options.certificatePassword) {
log.info({ field: "certificatePassword" }, message)
}
if (options.options.certificateSha1) {
log.info({ field: "certificateSha1" }, message)
}
if (options.options.certificateSubjectName) {
log.info({ field: "certificateSubjectName" }, message)
}
if (options.options.additionalCertificateFile) {
log.info({ field: "additionalCertificateFile" }, message)
}
if (options.options.rfc3161TimeStampServer) {
log.info({ field: "rfc3161TimeStampServer" }, message)
}
if (options.options.timeStampServer) {
log.info({ field: "timeStampServer" }, message)
}
const deprecatedFields = {
sign: options.options.sign,
signDlls: options.options.signDlls,
signingHashAlgorithms: options.options.signingHashAlgorithms,
certificateFile: options.options.certificateFile,
certificatePassword: options.options.certificatePassword,
certificateSha1: options.options.certificateSha1,
certificateSubjectName: options.options.certificateSubjectName,
additionalCertificateFile: options.options.additionalCertificateFile,
rfc3161TimeStampServer: options.options.rfc3161TimeStampServer,
timeStampServer: options.options.timeStampServer,
}
Object.entries(deprecatedFields).forEach((field, value) => {
if (value) {
log.info({ field }, `deprecated field. Please move to win.signtoolOptions.${field}`)
}
})
return signUsingSigntool(options, packager)
}

Expand Down Expand Up @@ -187,8 +182,8 @@ export interface CertificateFromStoreInfo {
}

export async function getCertificateFromStoreInfo(options: WindowsConfiguration, vm: VmManager): Promise<CertificateFromStoreInfo> {
const certificateSubjectName = options.signtoolOptions?.certificateSubjectName
const certificateSha1 = options.signtoolOptions?.certificateSha1 ? options.signtoolOptions?.certificateSha1.toUpperCase() : options.signtoolOptions?.certificateSha1
const certificateSubjectName = chooseNotNull(options.signtoolOptions?.certificateSubjectName, options.certificateSubjectName)
const certificateSha1 = chooseNotNull(options.signtoolOptions?.certificateSha1, options.certificateSha1)?.toUpperCase()

const ps = await getPSCmd(vm)
const rawResult = await vm.exec(ps, [
Expand Down Expand Up @@ -278,11 +273,13 @@ function computeSignToolArgs(options: WindowsSignTaskConfiguration, isWin: boole
const args = isWin ? ["sign"] : ["-in", inputFile, "-out", outputPath]

if (process.env.ELECTRON_BUILDER_OFFLINE !== "true") {
const timestampingServiceUrl = options.options.signtoolOptions?.timeStampServer || "http://timestamp.digicert.com"
const timestampingServiceUrl = chooseNotNull(options.options.signtoolOptions?.timeStampServer, options.options.timeStampServer) || "http://timestamp.digicert.com"
if (isWin) {
args.push(
options.isNest || options.hash === "sha256" ? "/tr" : "/t",
options.isNest || options.hash === "sha256" ? options.options.signtoolOptions?.rfc3161TimeStampServer || "http://timestamp.digicert.com" : timestampingServiceUrl
options.isNest || options.hash === "sha256"
? chooseNotNull(options.options.signtoolOptions?.rfc3161TimeStampServer, options.options.rfc3161TimeStampServer) || "http://timestamp.digicert.com"
: timestampingServiceUrl
)
} else {
args.push("-t", timestampingServiceUrl)
Expand Down Expand Up @@ -336,8 +333,9 @@ function computeSignToolArgs(options: WindowsSignTaskConfiguration, isWin: boole
args.push(isWin ? "/p" : "-pass", password)
}

if (options.options.signtoolOptions?.additionalCertificateFile) {
args.push(isWin ? "/ac" : "-ac", vm.toVmFile(options.options.signtoolOptions?.additionalCertificateFile))
const additionalCert = chooseNotNull(options.options.signtoolOptions?.additionalCertificateFile, options.options.additionalCertificateFile)
if (additionalCert) {
args.push(isWin ? "/ac" : "-ac", vm.toVmFile(additionalCert))
}

const httpsProxyFromEnv = process.env.HTTPS_PROXY
Expand Down
18 changes: 9 additions & 9 deletions packages/app-builder-lib/src/options/winOptions.ts
Original file line number Diff line number Diff line change
Expand Up @@ -25,51 +25,51 @@ export interface WindowsConfiguration extends PlatformSpecificBuildOptions {

/**
* Array of signing algorithms used. For AppX `sha256` is always used.
* @deprecated Please use win.signtoolSigning.signingHashAlgorithms
* @deprecated Please use win.signtoolOptions.signingHashAlgorithms
*/
readonly signingHashAlgorithms?: Array<"sha1" | "sha256"> | null
/**
* The custom function (or path to file or module id) to sign Windows executables
* @deprecated Please use win.signtoolSigning.sign
* @deprecated Please use win.signtoolOptions.sign
*/
readonly sign?: CustomWindowsSign | string | null
/**
* The path to the *.pfx certificate you want to sign with. Please use it only if you cannot use env variable `CSC_LINK` (`WIN_CSC_LINK`) for some reason.
* Please see [Code Signing](/code-signing).
* @deprecated Please use win.signtoolSigning.certificateFile
* @deprecated Please use win.signtoolOptions.certificateFile
*/
readonly certificateFile?: string | null
/**
* The password to the certificate provided in `certificateFile`. Please use it only if you cannot use env variable `CSC_KEY_PASSWORD` (`WIN_CSC_KEY_PASSWORD`) for some reason.
* Please see [Code Signing](/code-signing).
* @deprecated Please use win.signtoolSigning.certificatePassword
* @deprecated Please use win.signtoolOptions.certificatePassword
*/
readonly certificatePassword?: string | null
/**
* The name of the subject of the signing certificate, which is often labeled with the field name `issued to`. Required only for EV Code Signing and works only on Windows (or on macOS if [Parallels Desktop](https://www.parallels.com/products/desktop/) Windows 10 virtual machines exits).
* @deprecated Please use win.signtoolSigning.certificateSubjectName
* @deprecated Please use win.signtoolOptions.certificateSubjectName
*/
readonly certificateSubjectName?: string | null
/**
* The SHA1 hash of the signing certificate. The SHA1 hash is commonly specified when multiple certificates satisfy the criteria specified by the remaining switches. Works only on Windows (or on macOS if [Parallels Desktop](https://www.parallels.com/products/desktop/) Windows 10 virtual machines exits).
* @deprecated Please use win.signtoolSigning.certificateSha1
* @deprecated Please use win.signtoolOptions.certificateSha1
*/
readonly certificateSha1?: string | null
/**
* The path to an additional certificate file you want to add to the signature block.
* @deprecated Please use win.signtoolSigning.additionalCertificateFile
* @deprecated Please use win.signtoolOptions.additionalCertificateFile
*/
readonly additionalCertificateFile?: string | null
/**
* The URL of the RFC 3161 time stamp server.
* @default http://timestamp.digicert.com
* @deprecated Please use win.signtoolSigning.rfc3161TimeStampServer
* @deprecated Please use win.signtoolOptions.rfc3161TimeStampServer
*/
readonly rfc3161TimeStampServer?: string | null
/**
* The URL of the time stamp server.
* @default http://timestamp.digicert.com
* @deprecated Please use win.signtoolSigning.timeStampServer
* @deprecated Please use win.signtoolOptions.timeStampServer
*/
readonly timeStampServer?: string | null

Expand Down

0 comments on commit 0d24b78

Please sign in to comment.