From 6bbf0d3271d73c51ff009bf6f081ebd47a699c55 Mon Sep 17 00:00:00 2001 From: Damien Guard Date: Fri, 8 Apr 2016 14:36:51 -0700 Subject: [PATCH] Signing support on Windows with P12 keys --- build/certs/AtomDevTestSignKey.p12 | Bin 0 -> 1765 bytes build/tasks/codesign-task.coffee | 49 +++++++++++++++++++++++------ 2 files changed, 40 insertions(+), 9 deletions(-) create mode 100644 build/certs/AtomDevTestSignKey.p12 diff --git a/build/certs/AtomDevTestSignKey.p12 b/build/certs/AtomDevTestSignKey.p12 new file mode 100644 index 0000000000000000000000000000000000000000..a93e9a9f042a29411a05cdf832c99041fd6d6180 GIT binary patch literal 1765 zcmb7FX;c$e6n--kgF*JN2!|yK2+B4g2@((#0yaktvM6vs!xADON+3jBs7iveDWJuQ ziqXi9R0Tv-tY8rX9wVq&WDBAqu2rcDiWT~>Ew$(Pr{~U_x%a#8yLaZ!d}nY8@d1ip zxP&Mrk`|=1)5p{i6+|W><`N{tYzU|0670%s?L4xjU5^!8sZU|RO&n#=eOfsq7hlf{6-QGPd zN^vc!Deho{doNAf#RQ#~XIp7Y+8y#MRqlJ#@k~9(=3BFrSs$#) zd`02jljrXL(%+Ok-0#^`u^d}9vO^@U?$q;@+In8I=`m4T+c+6{px0}~J+FPmzwWKd zeqEGpwK$VJ=x>-|q7c1Z>Z@?RU+;Qj!l?Sy>E;50oa3e~tZE=*0IBDrJ#O-}|*FF1AK)**vT^=o;o>j|mW?snuqjixmXK+hj zN`w|G?ec{)iIhv?jK*-|9AqM^Vty+n$s*?M^*z01XKSLas@&W;l4t|sxH_ykg=>tq zJauamQN71Cm)ck|s}z;iEmyc*NWY9^=YRI)fgR7S$F-Y{lp@`H_OeBq0@|Ltn-k)* zY|gGPcyIM=vN>qU@9t3+^O`z4l|E8#wm-#l6fPLKK>k$+XUFRb%gxJb=dK=IM?({ReW?q|0{~WUz_};=g+EdmI z%~zF1YgcX0vs|$&wUuEpX4qnt?UI|rxP+=jW?p$3Js4y7v!yUb{fJz!cb_<+>%_rs zzZa!hvWnHpxx-E4f$5{RZ7Dv|P;{C|cVM%XBR%1#4nD zyfS9>7clzBqO!n&>r`+hasWA(R7OfFaA>eEdSwHW}%srI-n5nD~b$d(==!A6P~KbgNlkiZvGR`HWWlz`ai z_}KVpipM5Vj6fJG+KQVRs8gMAnj;Oz=}vU#5Ce4@lj=x=2ZPCAhTsdS44n2?McZ#x zWC^19(`8wFp(u7;EH6UD$Hm9LzByzDz{EKK7iXbjF=&~`>Fe^F`*2|UZnM}0-M1$` z-C>80Z8Tu`sQA51JQq}$U{aEztr3=Z>@;=3HY3}*5)~5z>H0WEuEc^xk87-OXUm39 zI-FX1Ap5$3z;Q4^(OY?A_vmN#4}^St@y>)4JqB})=foL*_Z7tlU$>lR8&*B`ST>;1 znWNM66Q}zziXi|gPQnv$HTY;IWCWQcpg6!IrXqw8f(NH+HQ$wNeG`1b_l=|>53PA0 ze!}tpPgkN9IIoAB_GDron={)vb6_Il>zTk8hQVQwf}aD$Ctgs4^jMjTB9x-aCA>ho zt*I++$>lTUbY-dRWN5h?=_unYJMFDp=aqUgXY}Lz{oV}QXGra6QO7P$M0ZbzfrI@} zx#8^F^6}#|{STkpTccWTF7c+|)+J_FG5*2W(K(vdXj>ugqjGf8CGMcvfboa1uCTo8cd_e`A@*-rK0Jqhg6_rrc^3ot+O=)Q RYtV|ry%{EHmBgtZ&Yvnyq?G^w literal 0 HcmV?d00001 diff --git a/build/tasks/codesign-task.coffee b/build/tasks/codesign-task.coffee index 2a061742b..a00e2d358 100644 --- a/build/tasks/codesign-task.coffee +++ b/build/tasks/codesign-task.coffee @@ -1,24 +1,46 @@ path = require 'path' +fs = require 'fs' +request = require 'request' module.exports = (grunt) -> {spawn} = require('./task-helpers')(grunt) + signUsingWindowsSDK = (exeToSign, callback) -> + {WIN_P12KEY_PASSWORD, WIN_P12KEY_URL} = process.env + if WIN_P12KEY_URL? + grunt.log.ok("Obtaining signing key") + downloadedKeyFile = path.resolve(__dirname, 'DownloadedSignKey.p12') + downloadFile WIN_P12KEY_URL, downloadedKeyFile, (done) -> + signUsingWindowsSDKTool exeToSign, downloadedKeyFile, WIN_P12KEY_PASSWORD, (done) -> + fs.unlinkSync(downloadedKeyFile) + callback() + else + signUsingWindowsSDKTool exeToSign, path.resolve(__dirname, '..', 'certs', 'AtomDevTestSignKey.p12'), 'password', callback + + signUsingWindowsSDKTool = (exeToSign, keyFilePath, password, callback) -> + grunt.log.ok("Signing #{exeToSign}") + args = ['sign', '/v', '/p', password, '/f', keyFilePath, exeToSign] + spawn {cmd: 'C:\\Program Files (x86)\\Microsoft SDKs\\Windows\\v7.1A\\bin\\signtool.exe', args: args}, callback + + signUsingJanky = (exeToSign, callback) -> + spawn {cmd: 'signtool', args: [exeToSign]}, callback + + signWindowsExecutable = if process.env.JANKY_SIGNTOOL then signUsingJanky else signUsingWindowsSDK + grunt.registerTask 'codesign:exe', 'CodeSign Atom.exe and Update.exe', -> done = @async() spawn {cmd: 'taskkill', args: ['/F', '/IM', 'atom.exe']}, -> - cmd = process.env.JANKY_SIGNTOOL ? 'signtool' atomExePath = path.join(grunt.config.get('atom.shellAppDir'), 'atom.exe') - spawn {cmd, args: [atomExePath]}, (error) -> + signWindowsExecutable atomExePath, (error) -> return done(error) if error? updateExePath = path.resolve(__dirname, '..', 'node_modules', 'grunt-electron-installer', 'vendor', 'Update.exe') - spawn {cmd, args: [updateExePath]}, (error) -> done(error) + signWindowsExecutable updateExePath, (error) -> done(error) grunt.registerTask 'codesign:installer', 'CodeSign AtomSetup.exe', -> done = @async() - cmd = process.env.JANKY_SIGNTOOL ? 'signtool' atomSetupExePath = path.resolve(grunt.config.get('atom.buildDir'), 'installer', 'AtomSetup.exe') - spawn {cmd, args: [atomSetupExePath]}, (error) -> done(error) + signWindowsExecutable atomSetupExePath, (error) -> done(error) grunt.registerTask 'codesign:app', 'CodeSign Atom.app', -> done = @async() @@ -26,14 +48,23 @@ module.exports = (grunt) -> unlockKeychain (error) -> return done(error) if error? - cmd = 'codesign' args = ['--deep', '--force', '--verbose', '--sign', 'Developer ID Application: GitHub', grunt.config.get('atom.shellAppDir')] - spawn {cmd, args}, (error) -> done(error) + spawn {cmd: 'codesign', args: args}, (error) -> done(error) unlockKeychain = (callback) -> return callback() unless process.env.XCODE_KEYCHAIN - cmd = 'security' {XCODE_KEYCHAIN_PASSWORD, XCODE_KEYCHAIN} = process.env args = ['unlock-keychain', '-p', XCODE_KEYCHAIN_PASSWORD, XCODE_KEYCHAIN] - spawn {cmd, args}, (error) -> callback(error) + spawn {cmd: 'security', args: args}, (error) -> callback(error) + + downloadFile = (sourceUrl, targetPath, callback) -> + options = { + url: sourceUrl + headers: { + 'User-Agent': 'Atom Signing Key build task', + 'Accept': 'application/vnd.github.VERSION.raw' } + } + request(options) + .pipe(fs.createWriteStream(targetPath)) + .on('finish', callback)