Skip to content

Commit

Permalink
feat: win code sign timestamp server option
Browse files Browse the repository at this point in the history
Closes #951
  • Loading branch information
develar committed Nov 30, 2016
1 parent da16181 commit c2eb8c2
Show file tree
Hide file tree
Showing 6 changed files with 19 additions and 12 deletions.
2 changes: 1 addition & 1 deletion docs/Multi Platform Build.md
Original file line number Diff line number Diff line change
Expand Up @@ -81,4 +81,4 @@ dist: trusty
## Windows
Use [Docker](https://github.com/electron-userland/electron-builder/wiki/Docker).
Please use [Docker](https://github.com/electron-userland/electron-builder/wiki/Docker).
1 change: 1 addition & 0 deletions docs/Options.md
Original file line number Diff line number Diff line change
Expand Up @@ -278,6 +278,7 @@ Windows specific build options.
| certificatePassword | <a name="WinBuildOptions-certificatePassword"></a><p>The password to the certificate provided in <code>certificateFile</code>. Please use it only if you cannot use env variable <code>CSC_KEY_PASSWORD</code> (<code>WIN_CSC_KEY_PASSWORD</code>) for some reason. Please see [Code Signing](https://github.com/electron-userland/electron-builder/wiki/Code-Signing).</p>
| certificateSubjectName | <a name="WinBuildOptions-certificateSubjectName"></a>The name of the subject of the signing certificate. Required only for EV Code Signing and works only on Windows.
| rfc3161TimeStampServer | <a name="WinBuildOptions-rfc3161TimeStampServer"></a>The URL of the RFC 3161 time stamp server. Defaults to `http://timestamp.comodoca.com/rfc3161`.
| timeStampServer | <a name="WinBuildOptions-timeStampServer"></a>The URL of the time stamp server. Defaults to `http://timestamp.verisign.com/scripts/timstamp.dll`.

<a name="MetadataDirectories"></a>
## `.directories`
Expand Down
5 changes: 5 additions & 0 deletions src/options/winOptions.ts
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,11 @@ export interface WinBuildOptions extends PlatformSpecificBuildOptions {
The URL of the RFC 3161 time stamp server. Defaults to `http://timestamp.comodoca.com/rfc3161`.
*/
readonly rfc3161TimeStampServer?: string

/*
The URL of the time stamp server. Defaults to `http://timestamp.verisign.com/scripts/timstamp.dll`.
*/
readonly timeStampServer?: string
}

/*
Expand Down
7 changes: 4 additions & 3 deletions src/packager.ts
Original file line number Diff line number Diff line change
Expand Up @@ -285,7 +285,7 @@ function checkConflictingOptions(options: any) {

async function checkWineVersion(checkPromise: Promise<string>) {
function wineError(prefix: string): string {
return `${prefix}, please see https://github.com/electron-userland/electron-builder/wiki/Multi-Platform-Build#${(process.platform === "linux" ? "linux" : "os-x")}`
return `${prefix}, please see https://github.com/electron-userland/electron-builder/wiki/Multi-Platform-Build#${(process.platform === "linux" ? "linux" : "macos")}`
}

let wineVersion: string
Expand All @@ -305,8 +305,9 @@ async function checkWineVersion(checkPromise: Promise<string>) {
wineVersion = wineVersion.substring("wine-".length)
}

if (wineVersion.split(" ").length > 1) {
wineVersion = wineVersion.split(" ")[0]
const spaceIndex = wineVersion.indexOf(" ")
if (spaceIndex > 0) {
wineVersion = wineVersion.substring(0, spaceIndex)
}

if (wineVersion.split(".").length === 2) {
Expand Down
3 changes: 1 addition & 2 deletions src/winPackager.ts
Original file line number Diff line number Diff line change
Expand Up @@ -134,8 +134,7 @@ export class WinPackager extends PlatformPackager<WinBuildOptions> {
password: cscInfo.password,
name: this.appInfo.productName,
site: await this.appInfo.computePackageUrl(),
hash: this.platformSpecificBuildOptions.signingHashAlgorithms,
tr: this.platformSpecificBuildOptions.rfc3161TimeStampServer,
options: this.platformSpecificBuildOptions,
})
}

Expand Down
13 changes: 7 additions & 6 deletions src/windowsCodeSign.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,12 @@ import * as path from "path"
import { release } from "os"
import { getBinFromBintray } from "./util/binDownload"
import isCi from "is-ci"
import { WinBuildOptions } from "./options/winOptions"

const TOOLS_VERSION = "1.5.0"

export function getSignVendorPath() {
//noinspection SpellCheckingInspection
return getBinFromBintray("winCodeSign", TOOLS_VERSION, "5febefb4494f0f62f0f5c0cd6408f0930caf5943ccfeea2bbf90d2eeb34c571d")
}

Expand All @@ -20,13 +22,12 @@ export interface SignOptions {
readonly name?: string | null
readonly password?: string | null
readonly site?: string | null
readonly hash?: Array<string> | null

readonly tr?: string | null
readonly options: WinBuildOptions
}

export async function sign(options: SignOptions) {
let hashes = options.hash
let hashes = options.options.signingHashAlgorithms
// msi does not support dual-signing
if (options.path.endsWith(".msi")) {
hashes = [hashes != null && !hashes.includes("sha1") ? "sha256" : "sha1"]
Expand All @@ -47,7 +48,7 @@ export async function sign(options: SignOptions) {
let nest = false
//noinspection JSUnusedAssignment
let outputPath = ""
for (let hash of hashes) {
for (const hash of hashes) {
outputPath = isWin ? options.path : getOutputPath(options.path, hash)
await spawnSign(options, options.path, outputPath, hash, nest)
nest = true
Expand All @@ -63,9 +64,9 @@ async function spawnSign(options: SignOptions, inputPath: string, outputPath: st
const args = isWin ? ["sign"] : ["-in", inputPath, "-out", outputPath]

if (process.env.ELECTRON_BUILDER_OFFLINE !== "true") {
const timestampingServiceUrl = "http://timestamp.verisign.com/scripts/timstamp.dll"
const timestampingServiceUrl = options.options.timeStampServer || "http://timestamp.verisign.com/scripts/timstamp.dll"
if (isWin) {
args.push(nest || hash === "sha256" ? "/tr" : "/t", nest || hash === "sha256" ? (options.tr || "http://timestamp.comodoca.com/rfc3161") : timestampingServiceUrl)
args.push(nest || hash === "sha256" ? "/tr" : "/t", nest || hash === "sha256" ? (options.options.rfc3161TimeStampServer || "http://timestamp.comodoca.com/rfc3161") : timestampingServiceUrl)
}
else {
args.push("-t", timestampingServiceUrl)
Expand Down

0 comments on commit c2eb8c2

Please sign in to comment.