From 35716d9249876cf7c163b338eee65838f9efb4d5 Mon Sep 17 00:00:00 2001 From: Sandeep Somavarapu Date: Mon, 3 Jun 2024 09:49:18 +0200 Subject: [PATCH 1/9] add signing in vsce --- package-lock.json | 196 ++++++++++++++++++++++++++++++++++++++++++++++ package.json | 1 + src/main.ts | 6 ++ src/package.ts | 28 +++++++ src/publish.ts | 17 +++- 5 files changed, 244 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index b5c7a21f..2c37c10d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,6 +10,7 @@ "license": "MIT", "dependencies": { "@azure/identity": "^4.1.0", + "@vscode/vsce-sign": "2.0.3", "azure-devops-node-api": "^12.5.0", "chalk": "^2.4.2", "cheerio": "^1.0.0-rc.9", @@ -597,6 +598,131 @@ "integrity": "sha512-sL/cEvJWAnClXw0wHk85/2L0G6Sj8UB0Ctc1TEMbKSsmpRosqhwj9gWgFRZSrBr2f9tiXISwNhCPmlfqUqyb9Q==", "dev": true }, + "node_modules/@vscode/vsce-sign": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/@vscode/vsce-sign/-/vsce-sign-2.0.3.tgz", + "integrity": "sha512-NYktTVXYIjJ41CTfImuWLYSw2UoZwYYFk7VcVYTjTZnD7NnuaM3DizaFZfuRG5YMRT/oZa1t1d4bwzrBALR3VQ==", + "hasInstallScript": true, + "optionalDependencies": { + "@vscode/vsce-sign-alpine-arm64": "2.0.1", + "@vscode/vsce-sign-alpine-x64": "2.0.1", + "@vscode/vsce-sign-darwin-arm64": "2.0.1", + "@vscode/vsce-sign-darwin-x64": "2.0.1", + "@vscode/vsce-sign-linux-arm": "2.0.1", + "@vscode/vsce-sign-linux-arm64": "2.0.1", + "@vscode/vsce-sign-linux-x64": "2.0.1", + "@vscode/vsce-sign-win32-arm64": "2.0.1", + "@vscode/vsce-sign-win32-x64": "2.0.1" + } + }, + "node_modules/@vscode/vsce-sign-alpine-arm64": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@vscode/vsce-sign-alpine-arm64/-/vsce-sign-alpine-arm64-2.0.1.tgz", + "integrity": "sha512-HM2BHzyRKoUHVaaVmLFYcKlnMOcUAfU99oA1yAWX46D6iLZ8rWJYy2IOKTSMOXtVoc5d2hQdZR4+BCV5By4Flg==", + "cpu": [ + "arm64" + ], + "optional": true, + "os": [ + "alpine" + ] + }, + "node_modules/@vscode/vsce-sign-alpine-x64": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@vscode/vsce-sign-alpine-x64/-/vsce-sign-alpine-x64-2.0.1.tgz", + "integrity": "sha512-GNh4dNmqwQqEDP2ngUgdu5ZYkJZAHomTppMI0v9sveFoZdML5iWuNGemvCEyInUpSb6Xjxc78ejeMoDay22wBw==", + "cpu": [ + "x64" + ], + "optional": true, + "os": [ + "alpine" + ] + }, + "node_modules/@vscode/vsce-sign-darwin-arm64": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@vscode/vsce-sign-darwin-arm64/-/vsce-sign-darwin-arm64-2.0.1.tgz", + "integrity": "sha512-iFnCbC8RBUyT0ZKEmop5yi7/NxP5G2gIW/giJHYDYppkhfyAR5STxlpf8Vx9hqIS0jPbeldNSn5a5BGMKtGXug==", + "cpu": [ + "arm64" + ], + "optional": true, + "os": [ + "darwin" + ] + }, + "node_modules/@vscode/vsce-sign-darwin-x64": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@vscode/vsce-sign-darwin-x64/-/vsce-sign-darwin-x64-2.0.1.tgz", + "integrity": "sha512-Dpv3PRpOzfDpji9JGVxe+hHyh41evyquMeXYykkTdcB3u3bZMoAgYoBlEOGnu87xb4s2J5DTj/J590yN0+dI0A==", + "cpu": [ + "x64" + ], + "optional": true, + "os": [ + "darwin" + ] + }, + "node_modules/@vscode/vsce-sign-linux-arm": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@vscode/vsce-sign-linux-arm/-/vsce-sign-linux-arm-2.0.1.tgz", + "integrity": "sha512-iltMQuS8K63aIabVrPBB8P2L37XkSwUqPTFLYlH6Bw+UpWJTFFvFFCKlmbxWrq1j8WkG+68Fm437ZfAkRW/rjQ==", + "cpu": [ + "arm" + ], + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@vscode/vsce-sign-linux-arm64": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@vscode/vsce-sign-linux-arm64/-/vsce-sign-linux-arm64-2.0.1.tgz", + "integrity": "sha512-SL6MeobrArp5SKPeUYVr5chp7a42L83vYAzLvD+oQM8fQ8DrZWYpNIyVkxGgsppZRyAt0UU2/5ShPxuNKfnZOA==", + "cpu": [ + "arm64" + ], + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@vscode/vsce-sign-linux-x64": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@vscode/vsce-sign-linux-x64/-/vsce-sign-linux-x64-2.0.1.tgz", + "integrity": "sha512-6N6dkZoJX/WKezZ3efCKVKjnbx+TlnUtNUkepyUUhCa3dGjGDqUkeakE2Kz266Bsp0Mm/68zS9HLKVOEv9vn0A==", + "cpu": [ + "x64" + ], + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@vscode/vsce-sign-win32-arm64": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@vscode/vsce-sign-win32-arm64/-/vsce-sign-win32-arm64-2.0.1.tgz", + "integrity": "sha512-t4uYPpQummrmKaDw5Ka6QMEQ+We/Uo6xDEytFjN2jZ3jNOno3Mi7yWlTLg3VDAteHNGA7eBbMZ89Habl6xn8bg==", + "cpu": [ + "arm64" + ], + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@vscode/vsce-sign-win32-x64": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@vscode/vsce-sign-win32-x64/-/vsce-sign-win32-x64-2.0.1.tgz", + "integrity": "sha512-ofY1iXoXaNlM3zDt5jw7v59NMh0y2GvKrP4A74aUDJjaXaDd6n/hLaOpDLk4a+MjX6HWiEBr5yNqHGKYa+t2jg==", + "cpu": [ + "x64" + ], + "optional": true, + "os": [ + "win32" + ] + }, "node_modules/acorn": { "version": "8.8.1", "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.8.1.tgz", @@ -3891,6 +4017,76 @@ "integrity": "sha512-sL/cEvJWAnClXw0wHk85/2L0G6Sj8UB0Ctc1TEMbKSsmpRosqhwj9gWgFRZSrBr2f9tiXISwNhCPmlfqUqyb9Q==", "dev": true }, + "@vscode/vsce-sign": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/@vscode/vsce-sign/-/vsce-sign-2.0.3.tgz", + "integrity": "sha512-NYktTVXYIjJ41CTfImuWLYSw2UoZwYYFk7VcVYTjTZnD7NnuaM3DizaFZfuRG5YMRT/oZa1t1d4bwzrBALR3VQ==", + "requires": { + "@vscode/vsce-sign-alpine-arm64": "2.0.1", + "@vscode/vsce-sign-alpine-x64": "2.0.1", + "@vscode/vsce-sign-darwin-arm64": "2.0.1", + "@vscode/vsce-sign-darwin-x64": "2.0.1", + "@vscode/vsce-sign-linux-arm": "2.0.1", + "@vscode/vsce-sign-linux-arm64": "2.0.1", + "@vscode/vsce-sign-linux-x64": "2.0.1", + "@vscode/vsce-sign-win32-arm64": "2.0.1", + "@vscode/vsce-sign-win32-x64": "2.0.1" + } + }, + "@vscode/vsce-sign-alpine-arm64": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@vscode/vsce-sign-alpine-arm64/-/vsce-sign-alpine-arm64-2.0.1.tgz", + "integrity": "sha512-HM2BHzyRKoUHVaaVmLFYcKlnMOcUAfU99oA1yAWX46D6iLZ8rWJYy2IOKTSMOXtVoc5d2hQdZR4+BCV5By4Flg==", + "optional": true + }, + "@vscode/vsce-sign-alpine-x64": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@vscode/vsce-sign-alpine-x64/-/vsce-sign-alpine-x64-2.0.1.tgz", + "integrity": "sha512-GNh4dNmqwQqEDP2ngUgdu5ZYkJZAHomTppMI0v9sveFoZdML5iWuNGemvCEyInUpSb6Xjxc78ejeMoDay22wBw==", + "optional": true + }, + "@vscode/vsce-sign-darwin-arm64": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@vscode/vsce-sign-darwin-arm64/-/vsce-sign-darwin-arm64-2.0.1.tgz", + "integrity": "sha512-iFnCbC8RBUyT0ZKEmop5yi7/NxP5G2gIW/giJHYDYppkhfyAR5STxlpf8Vx9hqIS0jPbeldNSn5a5BGMKtGXug==", + "optional": true + }, + "@vscode/vsce-sign-darwin-x64": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@vscode/vsce-sign-darwin-x64/-/vsce-sign-darwin-x64-2.0.1.tgz", + "integrity": "sha512-Dpv3PRpOzfDpji9JGVxe+hHyh41evyquMeXYykkTdcB3u3bZMoAgYoBlEOGnu87xb4s2J5DTj/J590yN0+dI0A==", + "optional": true + }, + "@vscode/vsce-sign-linux-arm": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@vscode/vsce-sign-linux-arm/-/vsce-sign-linux-arm-2.0.1.tgz", + "integrity": "sha512-iltMQuS8K63aIabVrPBB8P2L37XkSwUqPTFLYlH6Bw+UpWJTFFvFFCKlmbxWrq1j8WkG+68Fm437ZfAkRW/rjQ==", + "optional": true + }, + "@vscode/vsce-sign-linux-arm64": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@vscode/vsce-sign-linux-arm64/-/vsce-sign-linux-arm64-2.0.1.tgz", + "integrity": "sha512-SL6MeobrArp5SKPeUYVr5chp7a42L83vYAzLvD+oQM8fQ8DrZWYpNIyVkxGgsppZRyAt0UU2/5ShPxuNKfnZOA==", + "optional": true + }, + "@vscode/vsce-sign-linux-x64": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@vscode/vsce-sign-linux-x64/-/vsce-sign-linux-x64-2.0.1.tgz", + "integrity": "sha512-6N6dkZoJX/WKezZ3efCKVKjnbx+TlnUtNUkepyUUhCa3dGjGDqUkeakE2Kz266Bsp0Mm/68zS9HLKVOEv9vn0A==", + "optional": true + }, + "@vscode/vsce-sign-win32-arm64": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@vscode/vsce-sign-win32-arm64/-/vsce-sign-win32-arm64-2.0.1.tgz", + "integrity": "sha512-t4uYPpQummrmKaDw5Ka6QMEQ+We/Uo6xDEytFjN2jZ3jNOno3Mi7yWlTLg3VDAteHNGA7eBbMZ89Habl6xn8bg==", + "optional": true + }, + "@vscode/vsce-sign-win32-x64": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@vscode/vsce-sign-win32-x64/-/vsce-sign-win32-x64-2.0.1.tgz", + "integrity": "sha512-ofY1iXoXaNlM3zDt5jw7v59NMh0y2GvKrP4A74aUDJjaXaDd6n/hLaOpDLk4a+MjX6HWiEBr5yNqHGKYa+t2jg==", + "optional": true + }, "acorn": { "version": "8.8.1", "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.8.1.tgz", diff --git a/package.json b/package.json index b6454611..86028937 100644 --- a/package.json +++ b/package.json @@ -39,6 +39,7 @@ }, "dependencies": { "@azure/identity": "^4.1.0", + "@vscode/vsce-sign": "2.0.3", "azure-devops-node-api": "^12.5.0", "chalk": "^2.4.2", "cheerio": "^1.0.0-rc.9", diff --git a/src/main.ts b/src/main.ts index ad1cc62c..e65e204a 100644 --- a/src/main.ts +++ b/src/main.ts @@ -117,6 +117,7 @@ module.exports = function (argv: string[]): void { .option('--allow-star-activation', 'Allow using * in activation events') .option('--allow-missing-repository', 'Allow missing a repository URL in package.json') .option('--skip-license', 'Allow packaging without license file') + .option('--sign', 'Script to sign the VSIX package. VSIX manifest will be passed as an argument.') .action( ( version, @@ -143,6 +144,7 @@ module.exports = function (argv: string[]): void { allowStarActivation, allowMissingRepository, skipLicense, + sign, } ) => main( @@ -170,6 +172,7 @@ module.exports = function (argv: string[]): void { allowStarActivation, allowMissingRepository, skipLicense, + sign, }) ) ); @@ -195,6 +198,7 @@ module.exports = function (argv: string[]): void { .option('--no-update-package-json', 'Do not update `package.json`. Valid only when [version] is provided.') .option('-i, --packagePath ', 'Publish the provided VSIX packages.') .option('--sigzipPath ', 'Signature archives to publish alongside the VSIX packages.') + .option('--sign', 'Script to sign the VSIX package. VSIX manifest will be passed as an argument. This will be ignored if --sigzipPath is provided.') .option( '--githubBranch ', 'The GitHub branch used to infer relative links in README.md. Can be overridden by --baseContentUrl and --baseImagesUrl.' @@ -249,6 +253,7 @@ module.exports = function (argv: string[]): void { allowMissingRepository, skipDuplicate, skipLicense, + sign, } ) => main( @@ -280,6 +285,7 @@ module.exports = function (argv: string[]): void { allowMissingRepository, skipDuplicate, skipLicense, + sign }) ) ); diff --git a/src/package.ts b/src/package.ts index 4e5b2efa..826ee3f2 100644 --- a/src/package.ts +++ b/src/package.ts @@ -24,6 +24,7 @@ import { detectYarn, getDependencies } from './npm'; import * as GitHost from 'hosted-git-info'; import parseSemver from 'parse-semver'; import * as jsonc from 'jsonc-parser'; +import { generateManifest, zip } from '@vscode/vsce-sign'; const MinimatchOptions: minimatch.IOptions = { dot: true }; @@ -151,6 +152,8 @@ export interface IPackageOptions { readonly allowStarActivation?: boolean; readonly allowMissingRepository?: boolean; readonly skipLicense?: boolean; + + readonly sign?: string; } export interface IProcessor { @@ -1840,6 +1843,26 @@ export async function pack(options: IPackageOptions = {}): Promise { + const manifestPath = await generateManifest(packagePath); + await new Promise((c, e) => { + const proc = cp.execFile(signScript, [manifestPath], {}, (error, _stdout, stderr) => { + if (error) { + return e(error); + } + if (stderr) { + return e(); + } + return c(); + }); + proc.stdout!.on('data', (data) => { + console.log(data.toString('utf8')); + }); + }); + const signatureFile = path.join(path.dirname(packagePath), '.signature.p7s'); + return zip(packagePath, signatureFile); +} + export async function packageCommand(options: IPackageOptions = {}): Promise { const cwd = options.cwd || process.cwd(); const manifest = await readManifest(cwd); @@ -1849,6 +1872,11 @@ export async function packageCommand(options: IPackageOptions = {}): Promise { @@ -117,7 +118,13 @@ export async function publish(options: IPublishOptions = {}): Promise { validateMarketplaceRequirements(vsix.manifest, options); - await _publish(packagePath, options.sigzipPath?.[index], vsix.manifest, { ...options, target }); + let sigzipPath = options.sigzipPath?.[index]; + if (!sigzipPath && options.sign) { + sigzipPath = await signPackage(packagePath, options.sign); + } + + + await _publish(packagePath, sigzipPath, vsix.manifest, { ...options, target }); } } else { const cwd = options.cwd || process.cwd(); @@ -134,12 +141,14 @@ export async function publish(options: IPublishOptions = {}): Promise { for (const target of options.targets) { const packagePath = await tmpName(); const packageResult = await pack({ ...options, target, packagePath }); - await _publish(packagePath, undefined, packageResult.manifest, { ...options, target }); + const sigzipPath = options.sign ? await signPackage(packagePath, options.sign) : undefined; + await _publish(packagePath, sigzipPath, packageResult.manifest, { ...options, target }); } } else { const packagePath = await tmpName(); const packageResult = await pack({ ...options, packagePath }); - await _publish(packagePath, undefined, packageResult.manifest, options); + const sigzipPath = options.sign ? await signPackage(packagePath, options.sign) : undefined; + await _publish(packagePath, sigzipPath, packageResult.manifest, options); } } } From 4f6b3ecf943a71b77b2b57732d15b8b54f87c307 Mon Sep 17 00:00:00 2001 From: Sandeep Somavarapu Date: Mon, 3 Jun 2024 10:05:52 +0200 Subject: [PATCH 2/9] fix zip --- src/package.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/package.ts b/src/package.ts index 826ee3f2..c4304329 100644 --- a/src/package.ts +++ b/src/package.ts @@ -1860,7 +1860,7 @@ export async function signPackage(packagePath: string, signScript: string): Prom }); }); const signatureFile = path.join(path.dirname(packagePath), '.signature.p7s'); - return zip(packagePath, signatureFile); + return zip(manifestPath, signatureFile); } export async function packageCommand(options: IPackageOptions = {}): Promise { From b888537c899c90ec8486b5c6e2230b63b91261c5 Mon Sep 17 00:00:00 2001 From: Sandeep Somavarapu Date: Mon, 3 Jun 2024 10:06:32 +0200 Subject: [PATCH 3/9] do optional check --- src/package.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/package.ts b/src/package.ts index c4304329..f028192f 100644 --- a/src/package.ts +++ b/src/package.ts @@ -1855,7 +1855,7 @@ export async function signPackage(packagePath: string, signScript: string): Prom } return c(); }); - proc.stdout!.on('data', (data) => { + proc.stdout?.on('data', (data) => { console.log(data.toString('utf8')); }); }); From 66f17d58a04e46839796b1e6f9978b79d2edb810 Mon Sep 17 00:00:00 2001 From: Sandeep Somavarapu Date: Mon, 3 Jun 2024 10:47:23 +0200 Subject: [PATCH 4/9] fix signature zip path --- src/package.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/package.ts b/src/package.ts index f028192f..27717568 100644 --- a/src/package.ts +++ b/src/package.ts @@ -1860,7 +1860,7 @@ export async function signPackage(packagePath: string, signScript: string): Prom }); }); const signatureFile = path.join(path.dirname(packagePath), '.signature.p7s'); - return zip(manifestPath, signatureFile); + return zip(manifestPath, signatureFile, path.basename(packagePath, '.vsix') + '.signature.zip'); } export async function packageCommand(options: IPackageOptions = {}): Promise { From 007e4f4e4913c9a9053c871d736cdf740b8ca07d Mon Sep 17 00:00:00 2001 From: Sandeep Somavarapu Date: Mon, 3 Jun 2024 10:51:09 +0200 Subject: [PATCH 5/9] doc - add where .signature.zip is generated --- src/main.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main.ts b/src/main.ts index e65e204a..66f39028 100644 --- a/src/main.ts +++ b/src/main.ts @@ -117,7 +117,7 @@ module.exports = function (argv: string[]): void { .option('--allow-star-activation', 'Allow using * in activation events') .option('--allow-missing-repository', 'Allow missing a repository URL in package.json') .option('--skip-license', 'Allow packaging without license file') - .option('--sign', 'Script to sign the VSIX package. VSIX manifest will be passed as an argument.') + .option('--sign', 'Script to sign the VSIX package. VSIX manifest will be passed as an argument. Generates .signature.zip alongside the VSIX package.') .action( ( version, From a1ededd004abcba5e8a76848acc166bed380dee7 Mon Sep 17 00:00:00 2001 From: Sandeep Somavarapu Date: Mon, 3 Jun 2024 10:59:24 +0200 Subject: [PATCH 6/9] fix version --- package-lock.json | 2 +- package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package-lock.json b/package-lock.json index 2c37c10d..70279176 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,7 +10,7 @@ "license": "MIT", "dependencies": { "@azure/identity": "^4.1.0", - "@vscode/vsce-sign": "2.0.3", + "@vscode/vsce-sign": "^2.0.0", "azure-devops-node-api": "^12.5.0", "chalk": "^2.4.2", "cheerio": "^1.0.0-rc.9", diff --git a/package.json b/package.json index 86028937..d992984f 100644 --- a/package.json +++ b/package.json @@ -39,7 +39,7 @@ }, "dependencies": { "@azure/identity": "^4.1.0", - "@vscode/vsce-sign": "2.0.3", + "@vscode/vsce-sign": "^2.0.0", "azure-devops-node-api": "^12.5.0", "chalk": "^2.4.2", "cheerio": "^1.0.0-rc.9", From 0690689d5548451336125e0aaa50b25f94f5d1c1 Mon Sep 17 00:00:00 2001 From: Sandeep Somavarapu Date: Mon, 3 Jun 2024 13:19:26 +0200 Subject: [PATCH 7/9] feedback --- src/main.ts | 2 +- src/package.ts | 30 ++++++++++++------------------ 2 files changed, 13 insertions(+), 19 deletions(-) diff --git a/src/main.ts b/src/main.ts index 66f39028..08f03d94 100644 --- a/src/main.ts +++ b/src/main.ts @@ -117,7 +117,7 @@ module.exports = function (argv: string[]): void { .option('--allow-star-activation', 'Allow using * in activation events') .option('--allow-missing-repository', 'Allow missing a repository URL in package.json') .option('--skip-license', 'Allow packaging without license file') - .option('--sign', 'Script to sign the VSIX package. VSIX manifest will be passed as an argument. Generates .signature.zip alongside the VSIX package.') + .option('--signtool', 'Path to the VSIX signing tool. Will be invoked with two arguments: `SIGNTOOL `.') .action( ( version, diff --git a/src/package.ts b/src/package.ts index 27717568..c6c354b6 100644 --- a/src/package.ts +++ b/src/package.ts @@ -1843,24 +1843,18 @@ export async function pack(options: IPackageOptions = {}): Promise { - const manifestPath = await generateManifest(packagePath); - await new Promise((c, e) => { - const proc = cp.execFile(signScript, [manifestPath], {}, (error, _stdout, stderr) => { - if (error) { - return e(error); - } - if (stderr) { - return e(); - } - return c(); - }); - proc.stdout?.on('data', (data) => { - console.log(data.toString('utf8')); - }); - }); - const signatureFile = path.join(path.dirname(packagePath), '.signature.p7s'); - return zip(manifestPath, signatureFile, path.basename(packagePath, '.vsix') + '.signature.zip'); +export async function signPackage(packageFile: string, signScript: string): Promise { + const packageFolder = path.dirname(packageFile); + const packageName = path.basename(packageFile, '.vsix'); + const manifestFile = path.join(packageFolder, `${packageName}.signature.manifest`); + const signatureFile = path.join(packageFolder, `${packageName}.signature.p7s`); + const signatureZip = path.join(packageFolder, `${packageName}.signature.zip`); + + await generateManifest(packageFile, manifestFile); + const { stdout } = await promisify(cp.execFile)(signScript, [manifestFile, signatureFile]); + console.log(stdout); + + return zip(manifestFile, signatureFile, signatureZip); } export async function packageCommand(options: IPackageOptions = {}): Promise { From 87fcf52f69a6bd61729d8d349872e84be8fcac82 Mon Sep 17 00:00:00 2001 From: Sandeep Somavarapu Date: Mon, 3 Jun 2024 13:22:34 +0200 Subject: [PATCH 8/9] fix sign tool arg --- src/main.ts | 12 ++++++------ src/package.ts | 6 +++--- src/publish.ts | 10 +++++----- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/src/main.ts b/src/main.ts index 08f03d94..e11843f3 100644 --- a/src/main.ts +++ b/src/main.ts @@ -117,7 +117,7 @@ module.exports = function (argv: string[]): void { .option('--allow-star-activation', 'Allow using * in activation events') .option('--allow-missing-repository', 'Allow missing a repository URL in package.json') .option('--skip-license', 'Allow packaging without license file') - .option('--signtool', 'Path to the VSIX signing tool. Will be invoked with two arguments: `SIGNTOOL `.') + .option('--sign-tool', 'Path to the VSIX signing tool. Will be invoked with two arguments: `SIGNTOOL `.') .action( ( version, @@ -144,7 +144,7 @@ module.exports = function (argv: string[]): void { allowStarActivation, allowMissingRepository, skipLicense, - sign, + signTool, } ) => main( @@ -172,7 +172,7 @@ module.exports = function (argv: string[]): void { allowStarActivation, allowMissingRepository, skipLicense, - sign, + signTool, }) ) ); @@ -198,7 +198,7 @@ module.exports = function (argv: string[]): void { .option('--no-update-package-json', 'Do not update `package.json`. Valid only when [version] is provided.') .option('-i, --packagePath ', 'Publish the provided VSIX packages.') .option('--sigzipPath ', 'Signature archives to publish alongside the VSIX packages.') - .option('--sign', 'Script to sign the VSIX package. VSIX manifest will be passed as an argument. This will be ignored if --sigzipPath is provided.') + .option('--sign-tool', 'Path to the VSIX signing tool. Will be invoked with two arguments: `SIGNTOOL `. This will be ignored if --sigzipPath is provided.') .option( '--githubBranch ', 'The GitHub branch used to infer relative links in README.md. Can be overridden by --baseContentUrl and --baseImagesUrl.' @@ -253,7 +253,7 @@ module.exports = function (argv: string[]): void { allowMissingRepository, skipDuplicate, skipLicense, - sign, + signTool, } ) => main( @@ -285,7 +285,7 @@ module.exports = function (argv: string[]): void { allowMissingRepository, skipDuplicate, skipLicense, - sign + signTool }) ) ); diff --git a/src/package.ts b/src/package.ts index c6c354b6..698ce527 100644 --- a/src/package.ts +++ b/src/package.ts @@ -153,7 +153,7 @@ export interface IPackageOptions { readonly allowMissingRepository?: boolean; readonly skipLicense?: boolean; - readonly sign?: string; + readonly signTool?: string; } export interface IProcessor { @@ -1867,8 +1867,8 @@ export async function packageCommand(options: IPackageOptions = {}): Promise { @@ -119,8 +119,8 @@ export async function publish(options: IPublishOptions = {}): Promise { validateMarketplaceRequirements(vsix.manifest, options); let sigzipPath = options.sigzipPath?.[index]; - if (!sigzipPath && options.sign) { - sigzipPath = await signPackage(packagePath, options.sign); + if (!sigzipPath && options.signTool) { + sigzipPath = await signPackage(packagePath, options.signTool); } @@ -141,13 +141,13 @@ export async function publish(options: IPublishOptions = {}): Promise { for (const target of options.targets) { const packagePath = await tmpName(); const packageResult = await pack({ ...options, target, packagePath }); - const sigzipPath = options.sign ? await signPackage(packagePath, options.sign) : undefined; + const sigzipPath = options.signTool ? await signPackage(packagePath, options.signTool) : undefined; await _publish(packagePath, sigzipPath, packageResult.manifest, { ...options, target }); } } else { const packagePath = await tmpName(); const packageResult = await pack({ ...options, packagePath }); - const sigzipPath = options.sign ? await signPackage(packagePath, options.sign) : undefined; + const sigzipPath = options.signTool ? await signPackage(packagePath, options.signTool) : undefined; await _publish(packagePath, sigzipPath, packageResult.manifest, options); } } From ac401b7ecd63b0b9006aec2dc207f2a0f1e6d2e0 Mon Sep 17 00:00:00 2001 From: Sandeep Somavarapu Date: Mon, 3 Jun 2024 13:34:18 +0200 Subject: [PATCH 9/9] feedback --- src/package.ts | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/package.ts b/src/package.ts index 698ce527..e09866bc 100644 --- a/src/package.ts +++ b/src/package.ts @@ -1850,10 +1850,13 @@ export async function signPackage(packageFile: string, signScript: string): Prom const signatureFile = path.join(packageFolder, `${packageName}.signature.p7s`); const signatureZip = path.join(packageFolder, `${packageName}.signature.zip`); + // Generate the signature manifest file await generateManifest(packageFile, manifestFile); - const { stdout } = await promisify(cp.execFile)(signScript, [manifestFile, signatureFile]); - console.log(stdout); + // Sign the manifest file to generate the signature file + cp.spawnSync(signScript, [manifestFile, signatureFile], { stdio: 'inherit' }); + + // Create a signature zip file containing the manifest and signature file return zip(manifestFile, signatureFile, signatureZip); }