Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add @electron/windows-sign #1609

Merged
merged 2 commits into from
Nov 30, 2023
Merged

feat: Add @electron/windows-sign #1609

merged 2 commits into from
Nov 30, 2023

Conversation

felixrieseberg
Copy link
Member

  • I have read the contribution documentation for this project.
  • I agree to follow the code of conduct that this project follows, as appropriate.
  • The changes are appropriately documented (if applicable).
  • The changes have sufficient test coverage (if applicable).
  • The testsuite passes successfully on my local machine (if applicable).

Summarize your changes:

This PR adds @electron/windows-sign, enabling this module to codesign Windows binary files. Both logic and configuration are analogous to @electron/osx-sign -- on purpose, to keep the API simple and easy to use.

@felixrieseberg felixrieseberg requested a review from a team as a code owner November 22, 2023 20:31
MarshallOfSound
MarshallOfSound reviewed Nov 23, 2023
View reviewed changes
src/win32.js Outdated Show resolved Hide resolved
src/win32.js
async create () {
await this.initialize()
await this.renameElectron()
await this.copyExtraResources()
await this.runRcedit()
await this.signAppIfSpecified()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this definitely run after the afterCopy hook? Just double checking this is run after any potential mutations to the exe. E.g. via fuses

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep! The only thing that happens after is moving the package to its final destination and the afterComplete hook. For future convenience, this is also exactly when we sign & notarize on macOS.

@felixrieseberg @MarshallOfSound
Update src/win32.js
099a82a 
Co-authored-by: Samuel Attard <sam@electronjs.org>
@felixrieseberg felixrieseberg merged commit 80b5afa into main Nov 30, 2023
3 checks passed
@felixrieseberg felixrieseberg deleted the felixr-windows-sign branch November 30, 2023 17:33
@continuous-auth Continuous Auth
Copy link

🎉 This PR is included in version 18.1.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

@savely-krasovsky
Copy link

savely-krasovsky commented Jan 18, 2024
edited
Loading

@felixrieseberg how exactly I should use it? I tried object with just signWithParams (we use cert from system storage), but it throws path-related error. I tried to specify appDirectory, it goes further but there are no binary at this moment yet (they are in some packager temporary dir).

UPD:
Fixed it with config like this, but it seems for me counter-intuitive.

windowsSign: {
  appDirectory: process.env.LOCALAPPDATA + "\\Temp\\electron-packager",
  signWithParams: "/sha1 certhash"
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MarshallOfSound MarshallOfSound MarshallOfSound left review comments

@erikian erikian erikian approved these changes

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@felixrieseberg @savely-krasovsky @MarshallOfSound @erikian