feat: WIN_CSC_KEY_PASSWORD electron-userland#822

docs/Code Signing.md

@@ -1,13 +1,13 @@
 macOS and Windows code signing is supported. Windows is dual code-signed (SHA1 & SHA256 hashing algorithms).
 On a macOS development machine valid and appropriate identity from your keychain will be automatically used.
 
-| Env name       |  Description
+| Env Name       |  Description
 | -------------- | -----------
 | `CSC_LINK`                   | The HTTPS link (or base64-encoded data, or `file://` link) to certificate (`*.p12` or `*.pfx` file).
 | `CSC_KEY_PASSWORD`           | The password to decrypt the certificate given in `CSC_LINK`.
 | `CSC_NAME`                   | *macOS-only* Name of certificate (to retrieve from login.keychain). Useful on a development machine (not on CI) if you have several identities (otherwise don't specify it).
 
-If you are building Windows on Mac and need to set a different certificate and password (than the ones set in `CSC_*` env vars) you can use [`certificateFile`](https://github.com/electron-userland/electron-builder/wiki/Options#WinBuildOptions-certificateFile) and [`certificatePassword`](https://github.com/electron-userland/electron-builder/wiki/Options#WinBuildOptions-certificatePassword) in `.build.win` section.
+If you are building Windows on macOS and need to set a different certificate and password (than the ones set in `CSC_*` env vars) you can use `WIN_CSC_LINK` and `WIN_CSC_KEY_PASSWORD`.
 
 ## Travis, AppVeyor and other CI Servers
 To sign app on build server you need to set `CSC_LINK`, `CSC_KEY_PASSWORD`:

package.json

@@ -94,7 +94,7 @@
     "yargs": "^6.3.0"
   },
   "devDependencies": {
-    "@develar/semantic-release": "^6.3.9",
+    "@develar/semantic-release": "^6.3.10",
     "@develar/types": "^1.0.1",
     "@types/ini": "^1.3.29",
     "@types/js-yaml": "^3.5.28",

src/platformPackager.ts

@@ -132,7 +132,7 @@ export abstract class PlatformPackager<DC extends PlatformSpecificBuildOptions>
   abstract createTargets(targets: Array<string>, mapper: (name: string, factory: (outDir: string) => Target) => void, cleanupTasks: Array<() => Promise<any>>): void
 
   protected getCscPassword(): string {
-    const password = this.options.cscKeyPassword || process.env.CSC_KEY_PASSWORD
+    const password = this.doGetCscPassword()
     if (isEmptyOrSpaces(password)) {
       log("CSC_KEY_PASSWORD is not defined, empty password will be used")
       return ""
@@ -142,6 +142,10 @@ export abstract class PlatformPackager<DC extends PlatformSpecificBuildOptions>
     }
   }
 
+  protected doGetCscPassword() {
+    return this.options.cscKeyPassword || process.env.CSC_KEY_PASSWORD
+  }
+
   get relativeBuildResourcesDirname() {
     return use(this.devMetadata.directories, it => it!.buildResources) || "build"
   }

src/winPackager.ts

@@ -32,7 +32,7 @@ export class WinPackager extends PlatformPackager<WinBuildOptions> {
     if (subjectName == null) {
       const certificateFile = this.platformSpecificBuildOptions.certificateFile
       if (certificateFile != null) {
-        const certificatePassword = this.platformSpecificBuildOptions.certificatePassword || this.getCscPassword()
+        const certificatePassword = this.getCscPassword()
         this.cscInfo = BluebirdPromise.resolve({
           file: certificateFile,
           password: certificatePassword == null ? null : certificatePassword.trim(),
@@ -63,6 +63,10 @@ export class WinPackager extends PlatformPackager<WinBuildOptions> {
     this.iconPath = this.getValidIconPath()
   }
 
+  protected doGetCscPassword(): string {
+    return this.platformSpecificBuildOptions.certificatePassword || process.env.WIN_CSC_KEY_PASSWORD || super.doGetCscPassword()
+  }
+
   createTargets(targets: Array<string>, mapper: (name: string, factory: (outDir: string) => Target) => void, cleanupTasks: Array<() => Promise<any>>): void {
     for (let name of targets) {
       if (name === DIR_TARGET) {

yarn.lock

@@ -1,8 +1,8 @@
 # THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
 # yarn lockfile v1
 "@develar/semantic-release@^6.3.9":
-  version "6.3.9"
-  resolved "https://registry.yarnpkg.com/@develar/semantic-release/-/semantic-release-6.3.9.tgz#7a6b67b2db4048f9040c929dd66f738eb213d4a7"
+  version "6.3.10"
+  resolved "https://registry.yarnpkg.com/@develar/semantic-release/-/semantic-release-6.3.10.tgz#e06eadf3bf8fa37a8d97c3a18e5c623a8ae248c5"
   dependencies:
     "@semantic-release/commit-analyzer" "^2.0.0"
     "@semantic-release/condition-travis" "^5.0.0"
@@ -58,7 +58,7 @@
   version "1.3.29"
   resolved "https://registry.yarnpkg.com/@types/ini/-/ini-1.3.29.tgz#1325e981e047d40d13ce0359b821475b97741d2f"
 
-"@types/js-yaml":
+"@types/js-yaml@^3.5.28":
   version "3.5.28"
   resolved "https://registry.yarnpkg.com/@types/js-yaml/-/js-yaml-3.5.28.tgz#efd7614f8eb1b924c41235ff653b7370da467fac"
 
@@ -1034,7 +1034,7 @@ binary@^0.3.0:
     buffers "~0.1.1"
     chainsaw "~0.1.0"
 
-bl@^1.0.0, bl@~1.1.2:
+bl@^1.0.0:
   version "1.1.2"
   resolved "https://registry.yarnpkg.com/bl/-/bl-1.1.2.tgz#fdca871a99713aa00d19e3bbba41c44787a65398"
   dependencies:
@@ -1891,13 +1891,13 @@ forever-agent@~0.6.1:
   version "0.6.1"
   resolved "https://registry.yarnpkg.com/forever-agent/-/forever-agent-0.6.1.tgz#fbc71f0c41adeb37f96c577ad1ed42d8fdacca91"
 
-form-data@~2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/form-data/-/form-data-2.0.0.tgz#6f0aebadcc5da16c13e1ecc11137d85f9b883b25"
+form-data@~2.1.1:
+  version "2.1.1"
+  resolved "https://registry.yarnpkg.com/form-data/-/form-data-2.1.1.tgz#4adf0342e1a79afa1e84c8c320a9ffc82392a1f3"
   dependencies:
     asynckit "^0.4.0"
     combined-stream "^1.0.5"
-    mime-types "^2.1.11"
+    mime-types "^2.1.12"
 
 from@~0:
   version "0.1.3"
@@ -2851,7 +2851,7 @@ mime-db@~1.24.0:
   version "1.24.0"
   resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.24.0.tgz#e2d13f939f0016c6e4e9ad25a8652f126c467f0c"
 
-mime-types@^2.1.11, mime-types@~2.1.7:
+mime-types@^2.1.12, mime-types@~2.1.7:
   version "2.1.12"
   resolved "https://registry.yarnpkg.com/mime-types/-/mime-types-2.1.12.tgz#152ba256777020dd4663f54c2e7bc26381e71729"
   dependencies:
@@ -2893,7 +2893,11 @@ modify-values@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/modify-values/-/modify-values-1.0.0.tgz#e2b6cdeb9ce19f99317a53722f3dbf5df5eaaab2"
 
-ms@^0.7.1, [email protected]:
+ms@^0.7.1:
+  version "0.7.2"
+  resolved "https://registry.yarnpkg.com/ms/-/ms-0.7.2.tgz#ae25cf2512b3885a1d95d7f037868d8431124765"
+
+[email protected]:
   version "0.7.1"
   resolved "https://registry.yarnpkg.com/ms/-/ms-0.7.1.tgz#9cd13c03adbff25b65effde7ce864ee952017098"
 
@@ -3371,9 +3375,9 @@ q@^1.1.2, q@^1.4.1:
   version "1.4.1"
   resolved "https://registry.yarnpkg.com/q/-/q-1.4.1.tgz#55705bcd93c5f3673530c2c2cbc0c2b3addc286e"
 
-qs@~6.2.0:
-  version "6.2.1"
-  resolved "https://registry.yarnpkg.com/qs/-/qs-6.2.1.tgz#ce03c5ff0935bc1d9d69a9f14cbd18e568d67625"
+qs@~6.3.0:
+  version "6.3.0"
+  resolved "https://registry.yarnpkg.com/qs/-/qs-6.3.0.tgz#f403b264f23bc01228c74131b407f18d5ea5d442"
 
 randomatic@^1.1.3:
   version "1.1.5"
@@ -3557,17 +3561,16 @@ repeating@^3.0.0:
   resolved "https://registry.yarnpkg.com/repeating/-/repeating-3.0.0.tgz#f4c376fdd2015761f6f96f4303b1224d581e802f"
 
 request@^2.45.0, request@^2.74.0, request@^2.75.0:
-  version "2.75.0"
-  resolved "https://registry.yarnpkg.com/request/-/request-2.75.0.tgz#d2b8268a286da13eaa5d01adf5d18cc90f657d93"
+  version "2.76.0"
+  resolved "https://registry.yarnpkg.com/request/-/request-2.76.0.tgz#be44505afef70360a0436955106be3945d95560e"
   dependencies:
     aws-sign2 "~0.6.0"
     aws4 "^1.2.1"
-    bl "~1.1.2"
     caseless "~0.11.0"
     combined-stream "~1.0.5"
     extend "~3.0.0"
     forever-agent "~0.6.1"
-    form-data "~2.0.0"
+    form-data "~2.1.1"
     har-validator "~2.0.6"
     hawk "~3.1.3"
     http-signature "~1.1.0"
@@ -3577,7 +3580,7 @@ request@^2.45.0, request@^2.74.0, request@^2.75.0:
     mime-types "~2.1.7"
     node-uuid "~1.4.7"
     oauth-sign "~0.8.1"
-    qs "~6.2.0"
+    qs "~6.3.0"
     stringstream "~0.0.4"
     tough-cookie "~2.3.0"
     tunnel-agent "~0.4.1"