Skip to content

Adding hash via signWithParams result in error due to duplicating args #46

New issue
New issue
Open
Bug
Open
Adding hash via signWithParams result in error due to duplicating args#46
Bug
@ShGKme

Description

@ShGKme
ShGKme
opened on Nov 20, 2024

No matter what options you have, signWithSignTool always adds hashing/timestampServer params.

windows-sign/src/sign-with-signtool.ts

Lines 25 to 31 in 2605684

// Timestamp
if (hash === HASHES.sha256) {
args.push('/tr', timestampServer);
args.push('/td', hash);
} else {
args.push('/t', timestampServer);
}

Then if you signWithParams with the same params (e.g. /td sha256), signing results in error because duplicating params in signtool is not allowed.

I think this would be good if developers can provide any params in signWithSignTool. Especially because README makes a feeling it is possible:

windows-sign/README.md

Lines 231 to 237 in 2605684

To sign with `@electron/windows-sign` using those instructions, you would take the parameters and add them to `signWithParams`:
```js
await sign({
signWithParams: "/csp \"DigiCert Signing Manager KSP\" /kc <keypair_alias> /f <certificate_file> /tr http://timestamp.digicert.com /td SHA256 /fd SHA256"
})
```

Probably related: Squirrel/Squirrel.Windows#1742

Proposal

After parsing signWithParams, replace duplicating params.

If this is fine, I'm ready to make a PR.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions