Skip to content

Commit

Permalink
fix: add support for Time-Stamping Protocol for Windows codesigning (fix
Browse files Browse the repository at this point in the history
 #3563) (#3570)

Co-authored-by: Lucas Fernandes Nogueira <lucas@tauri.studio>
  • Loading branch information
gardc and lucasfernog committed Mar 7, 2022
1 parent 76c791b commit bdd5f7c
Show file tree
Hide file tree
Showing 7 changed files with 35 additions and 1 deletion.
9 changes: 9 additions & 0 deletions .changes/bundler-add-tsp-signing.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
---
"tauri-bundler": patch
"cli.rs": patch
"cli.js": patch
"tauri": patch
---

Added `tsp` config option under `tauri > bundle > windows`, which enables Time-Stamp Protocol (RFC 3161) for the timestamping
server under code signing on Windows if set to `true`.
3 changes: 3 additions & 0 deletions core/tauri-utils/src/config.rs
Original file line number Diff line number Diff line change
Expand Up @@ -239,6 +239,9 @@ pub struct WindowsConfig {
pub certificate_thumbprint: Option<String>,
/// Server to use during timestamping.
pub timestamp_url: Option<String>,
/// Whether to use Time-Stamp Protocol (TSP, a.k.a. RFC 3161) for the timestamp server. Your code signing provider may
/// use a TSP timestamp server, like e.g. SSL.com does. If so, enable TSP by setting to true.
pub tsp: Option<bool>,
/// Path to the webview fixed runtime to use.
///
/// The fixed version can be downloaded [on the official website](https://developer.microsoft.com/en-us/microsoft-edge/webview2/#download-section).
Expand Down
4 changes: 4 additions & 0 deletions tooling/bundler/src/bundle/settings.rs
Original file line number Diff line number Diff line change
Expand Up @@ -241,6 +241,9 @@ pub struct WindowsSettings {
pub certificate_thumbprint: Option<String>,
/// Server to use during timestamping.
pub timestamp_url: Option<String>,
/// Whether to use Time-Stamp Protocol (TSP, a.k.a. RFC 3161) for the timestamp server. Your code signing provider may
/// use a TSP timestamp server, like e.g. SSL.com does. If so, enable TSP by setting to true.
pub tsp: Option<bool>,
/// WiX configuration.
pub wix: Option<WixSettings>,
/// The path to the application icon. Defaults to `./icons/icon.ico`.
Expand All @@ -255,6 +258,7 @@ impl Default for WindowsSettings {
digest_algorithm: None,
certificate_thumbprint: None,
timestamp_url: None,
tsp: None,
wix: None,
icon_path: PathBuf::from("icons/icon.ico"),
webview_fixed_runtime_path: None,
Expand Down
1 change: 1 addition & 0 deletions tooling/bundler/src/bundle/windows/msi/wix.rs
Original file line number Diff line number Diff line change
Expand Up @@ -404,6 +404,7 @@ pub fn build_wix_app_installer(
.timestamp_url
.as_ref()
.map(|url| url.to_string()),
tsp: settings.windows().tsp,
},
)?;
}
Expand Down
8 changes: 7 additions & 1 deletion tooling/bundler/src/bundle/windows/sign.rs
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ pub struct SignParams {
pub digest_algorithm: String,
pub certificate_thumbprint: String,
pub timestamp_url: Option<String>,
pub tsp: Option<bool>,
}

// sign code forked from https://github.com/forbjok/rust-codesign
Expand Down Expand Up @@ -101,7 +102,12 @@ pub fn sign<P: AsRef<Path>>(path: P, params: &SignParams) -> crate::Result<()> {
cmd.args(&["/sha1", &params.certificate_thumbprint]);

if let Some(ref timestamp_url) = params.timestamp_url {
cmd.args(&["/t", timestamp_url]);
if params.tsp == Some(true) {
cmd.args(&["/tr", timestamp_url]);
cmd.args(&["/td", &params.digest_algorithm]);
} else {
cmd.args(&["/t", timestamp_url]);
}
}

cmd.arg(path_str);
Expand Down
10 changes: 10 additions & 0 deletions tooling/cli/schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -147,6 +147,7 @@
"certificateThumbprint": null,
"digestAlgorithm": null,
"timestampUrl": null,
"tsp": null,
"webviewFixedRuntimePath": null,
"wix": null
}
Expand Down Expand Up @@ -563,6 +564,7 @@
"certificateThumbprint": null,
"digestAlgorithm": null,
"timestampUrl": null,
"tsp": null,
"webviewFixedRuntimePath": null,
"wix": null
},
Expand Down Expand Up @@ -1640,6 +1642,7 @@
"certificateThumbprint": null,
"digestAlgorithm": null,
"timestampUrl": null,
"tsp": null,
"webviewFixedRuntimePath": null,
"wix": null
}
Expand Down Expand Up @@ -2072,6 +2075,13 @@
"null"
]
},
"tsp": {
"description": "Whether to use Time-Stamp Protocol (TSP, a.k.a. RFC 3161) for the timestamp server. Your code signing provider may use a TSP timestamp server, like e.g. SSL.com does. If so, enable TSP by setting to true.",
"type": [
"boolean",
"null"
]
},
"webviewFixedRuntimePath": {
"description": "Path to the webview fixed runtime to use.\n\nThe fixed version can be downloaded [on the official website](https://developer.microsoft.com/en-us/microsoft-edge/webview2/#download-section). The `.cab` file must be extracted to a folder and this folder path must be defined on this field.",
"type": [
Expand Down
1 change: 1 addition & 0 deletions tooling/cli/src/interface/rust.rs
Original file line number Diff line number Diff line change
Expand Up @@ -479,6 +479,7 @@ fn tauri_config_to_bundle_settings(
},
windows: WindowsSettings {
timestamp_url: config.windows.timestamp_url,
tsp: config.windows.tsp,
digest_algorithm: config.windows.digest_algorithm,
certificate_thumbprint: config.windows.certificate_thumbprint,
wix: config.windows.wix.map(|w| {
Expand Down

0 comments on commit bdd5f7c

Please sign in to comment.