mirror of
https://github.com/atom/atom.git
synced 2026-04-28 03:01:47 -04:00
45 lines
1.8 KiB
JavaScript
45 lines
1.8 KiB
JavaScript
const downloadFileFromGithub = require('./download-file-from-github')
|
|
const fs = require('fs-extra')
|
|
const os = require('os')
|
|
const path = require('path')
|
|
const {spawnSync} = require('child_process')
|
|
|
|
module.exports = function (fileToSignPath) {
|
|
if (!process.env.ATOM_WIN_CODE_SIGNING_CERT_DOWNLOAD_URL && !process.env.ATOM_WIN_CODE_SIGNING_CERT_PATH) {
|
|
console.log('Skipping code signing because the ATOM_WIN_CODE_SIGNING_CERT_DOWNLOAD_URL environment variable is not defined'.gray)
|
|
return
|
|
}
|
|
|
|
let certPath = process.env.ATOM_WIN_CODE_SIGNING_CERT_PATH
|
|
if (!certPath) {
|
|
certPath = path.join(os.tmpdir(), 'win.p12')
|
|
downloadFileFromGithub(process.env.ATOM_WIN_CODE_SIGNING_CERT_DOWNLOAD_URL, certPath)
|
|
}
|
|
try {
|
|
console.log(`Code-signing executable at ${fileToSignPath}`)
|
|
signFile(fileToSignPath)
|
|
} finally {
|
|
if (!process.env.ATOM_WIN_CODE_SIGNING_CERT_PATH) {
|
|
fs.removeSync(certPath)
|
|
}
|
|
}
|
|
|
|
function signFile (fileToSignPath) {
|
|
const signCommand = path.resolve(__dirname, '..', 'node_modules', 'electron-winstaller', 'vendor', 'signtool.exe')
|
|
const args = [
|
|
'sign',
|
|
`/f ${certPath}`, // Signing cert file
|
|
`/p ${process.env.ATOM_WIN_CODE_SIGNING_CERT_PASSWORD}`, // Signing cert password
|
|
'/fd sha256', // File digest algorithm
|
|
'/tr http://timestamp.digicert.com', // Time stamp server
|
|
'/td sha256', // Times stamp algorithm
|
|
`"${fileToSignPath}"`
|
|
]
|
|
const result = spawnSync(signCommand, args, {stdio: 'inherit', shell: true})
|
|
if (result.status !== 0) {
|
|
// Ensure we do not dump the signing password into the logs if something goes wrong
|
|
throw new Error(`Command ${signCommand} ${args.map(a => a.replace(process.env.ATOM_WIN_CODE_SIGNING_CERT_PASSWORD, '******')).join(' ')} exited with code ${result.status}`)
|
|
}
|
|
}
|
|
}
|