From 69b93c1dc5002ab502698209d111ced95d6d9776 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20=C3=85berg?= Date: Thu, 6 Nov 2025 22:30:52 +0100 Subject: [PATCH 01/12] testing a shorter publishername --- apps/desktop/custom-appx-manifest.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/desktop/custom-appx-manifest.xml b/apps/desktop/custom-appx-manifest.xml index 74d5506a069..d5072c89873 100644 --- a/apps/desktop/custom-appx-manifest.xml +++ b/apps/desktop/custom-appx-manifest.xml @@ -15,7 +15,7 @@ xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/re Bitwarden From 873ae64c053dd44f47055811f00054c9b96f8b99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20=C3=85berg?= Date: Thu, 6 Nov 2025 22:38:45 +0100 Subject: [PATCH 02/12] testing quoted --- apps/desktop/custom-appx-manifest.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/desktop/custom-appx-manifest.xml b/apps/desktop/custom-appx-manifest.xml index d5072c89873..c261bf7f77c 100644 --- a/apps/desktop/custom-appx-manifest.xml +++ b/apps/desktop/custom-appx-manifest.xml @@ -15,7 +15,7 @@ xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/re Bitwarden From 0490fd848c4bcce682f9aa407be5f04704c96a65 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20=C3=85berg?= Date: Thu, 6 Nov 2025 22:59:40 +0100 Subject: [PATCH 03/12] Testing different publishername --- apps/desktop/custom-appx-manifest.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/desktop/custom-appx-manifest.xml b/apps/desktop/custom-appx-manifest.xml index c261bf7f77c..c0957aa8a33 100644 --- a/apps/desktop/custom-appx-manifest.xml +++ b/apps/desktop/custom-appx-manifest.xml @@ -15,7 +15,7 @@ xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/re Bitwarden From 919218ff8bf2f2bbd816292cabe4610fd24b21a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20=C3=85berg?= Date: Thu, 6 Nov 2025 23:09:01 +0100 Subject: [PATCH 04/12] Tweak format --- apps/desktop/custom-appx-manifest.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/desktop/custom-appx-manifest.xml b/apps/desktop/custom-appx-manifest.xml index c0957aa8a33..c9917ee473b 100644 --- a/apps/desktop/custom-appx-manifest.xml +++ b/apps/desktop/custom-appx-manifest.xml @@ -15,7 +15,7 @@ xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/re Bitwarden From 0d212a7ebbbf4f59bd5b38440dd8505cb3c2d22a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20=C3=85berg?= Date: Thu, 6 Nov 2025 23:33:00 +0100 Subject: [PATCH 05/12] Changed order --- apps/desktop/custom-appx-manifest.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/desktop/custom-appx-manifest.xml b/apps/desktop/custom-appx-manifest.xml index c9917ee473b..9e896d02b09 100644 --- a/apps/desktop/custom-appx-manifest.xml +++ b/apps/desktop/custom-appx-manifest.xml @@ -15,7 +15,7 @@ xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/re Bitwarden From 7a85771a6ce02ada88ad921a96e9867ed34af7ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20=C3=85berg?= Date: Thu, 6 Nov 2025 23:37:15 +0100 Subject: [PATCH 06/12] Update sign.js --- apps/desktop/sign.js | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/apps/desktop/sign.js b/apps/desktop/sign.js index efbbe3e21ab..8b65962bbc2 100644 --- a/apps/desktop/sign.js +++ b/apps/desktop/sign.js @@ -8,6 +8,34 @@ exports.default = async function (configuration) { configuration.path.endsWith(".msix")) ) { console.log(`[*] Signing file: ${configuration.path}`); + + // If signing APPX/MSIX, inspect the manifest Publisher before signing + if (configuration.path.endsWith(".appx") || configuration.path.endsWith(".msix")) { + try { + const manifestContent = require("child_process").execSync( + `powershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; ` + + `$zip = [System.IO.Compression.ZipFile]::OpenRead('${configuration.path}'); ` + + `$entry = $zip.Entries | Where-Object { $_.FullName -eq 'AppxManifest.xml' }; ` + + `$stream = $entry.Open(); ` + + `$reader = New-Object System.IO.StreamReader($stream); ` + + `$content = $reader.ReadToEnd(); ` + + `$reader.Close(); $stream.Close(); $zip.Dispose(); ` + + `Write-Output $content"`, + { encoding: "utf8" }, + ); + + // Extract and display the Publisher line + const publisherMatch = manifestContent.match(/Publisher='([^']+)'/); + if (publisherMatch) { + console.log(`[*] APPX Manifest Publisher: ${publisherMatch[1]}`); + } else { + console.log(`[*] Could not find Publisher in manifest`); + } + } catch (error) { + console.log(`[!] Failed to read manifest: ${error.message}`); + } + } + require("child_process").execSync( `azuresigntool sign -v ` + `-kvu ${process.env.SIGNING_VAULT_URL} ` + From 9a9ff87735d1d1fd90cf377ccc67dcfb6d74d217 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20=C3=85berg?= Date: Thu, 6 Nov 2025 23:41:47 +0100 Subject: [PATCH 07/12] Testing a different way to print the manifest --- apps/desktop/sign.js | 39 ++++++++++++++++++++++----------------- 1 file changed, 22 insertions(+), 17 deletions(-) diff --git a/apps/desktop/sign.js b/apps/desktop/sign.js index 8b65962bbc2..007ad5a375b 100644 --- a/apps/desktop/sign.js +++ b/apps/desktop/sign.js @@ -12,24 +12,29 @@ exports.default = async function (configuration) { // If signing APPX/MSIX, inspect the manifest Publisher before signing if (configuration.path.endsWith(".appx") || configuration.path.endsWith(".msix")) { try { - const manifestContent = require("child_process").execSync( - `powershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; ` + - `$zip = [System.IO.Compression.ZipFile]::OpenRead('${configuration.path}'); ` + - `$entry = $zip.Entries | Where-Object { $_.FullName -eq 'AppxManifest.xml' }; ` + - `$stream = $entry.Open(); ` + - `$reader = New-Object System.IO.StreamReader($stream); ` + - `$content = $reader.ReadToEnd(); ` + - `$reader.Close(); $stream.Close(); $zip.Dispose(); ` + - `Write-Output $content"`, - { encoding: "utf8" }, - ); + const path = require("path"); + const fs = require("fs"); - // Extract and display the Publisher line - const publisherMatch = manifestContent.match(/Publisher='([^']+)'/); - if (publisherMatch) { - console.log(`[*] APPX Manifest Publisher: ${publisherMatch[1]}`); - } else { - console.log(`[*] Could not find Publisher in manifest`); + // Extract architecture from filename (e.g., "Bitwarden-2025.10.2-x64.appx" -> "x64") + const filename = path.basename(configuration.path); + const archMatch = filename.match(/-(x64|arm64|ia32)\.(appx|msix)$/); + + if (archMatch) { + const arch = archMatch[1]; + const distDir = path.dirname(configuration.path); + const manifestPath = path.join(distDir, `__appx-${arch}`, "AppxManifest.xml"); + + if (fs.existsSync(manifestPath)) { + const manifestContent = fs.readFileSync(manifestPath, "utf8"); + + // Extract and display the Publisher line + const publisherMatch = manifestContent.match(/Publisher='([^']+)'/); + if (publisherMatch) { + console.log(`[*] APPX Manifest Publisher: ${publisherMatch[1]}`); + } + } else { + console.log(`[!] Manifest not found at: ${manifestPath}`); + } } } catch (error) { console.log(`[!] Failed to read manifest: ${error.message}`); From 3a1afe086c125427ec84b7a5c86c16e7c48ba8b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20=C3=85berg?= Date: Fri, 7 Nov 2025 08:57:04 +0100 Subject: [PATCH 08/12] only build one architecture --- apps/desktop/desktop_native/build.js | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/apps/desktop/desktop_native/build.js b/apps/desktop/desktop_native/build.js index 9294b45b69b..21c7a686b1b 100644 --- a/apps/desktop/desktop_native/build.js +++ b/apps/desktop/desktop_native/build.js @@ -6,13 +6,13 @@ const process = require("process"); // Map of the Node arch equivalents for the rust target triplets, used to move the file to the correct location const rustTargetsMap = { - "i686-pc-windows-msvc": { nodeArch: 'ia32', platform: 'win32' }, +// "i686-pc-windows-msvc": { nodeArch: 'ia32', platform: 'win32' }, "x86_64-pc-windows-msvc": { nodeArch: 'x64', platform: 'win32' }, - "aarch64-pc-windows-msvc": { nodeArch: 'arm64', platform: 'win32' }, - "x86_64-apple-darwin": { nodeArch: 'x64', platform: 'darwin' }, - "aarch64-apple-darwin": { nodeArch: 'arm64', platform: 'darwin' }, - 'x86_64-unknown-linux-musl': { nodeArch: 'x64', platform: 'linux' }, - 'aarch64-unknown-linux-musl': { nodeArch: 'arm64', platform: 'linux' }, +// "aarch64-pc-windows-msvc": { nodeArch: 'arm64', platform: 'win32' }, +// "x86_64-apple-darwin": { nodeArch: 'x64', platform: 'darwin' }, +// "aarch64-apple-darwin": { nodeArch: 'arm64', platform: 'darwin' }, +// 'x86_64-unknown-linux-musl': { nodeArch: 'x64', platform: 'linux' }, +// 'aarch64-unknown-linux-musl': { nodeArch: 'arm64', platform: 'linux' }, } // Ensure the dist directory exists From 1d2dc04f28a46d3266f795201a4452fcf9d562f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20=C3=85berg?= Date: Fri, 7 Nov 2025 09:48:28 +0100 Subject: [PATCH 09/12] Extracted cert from exe --- apps/desktop/custom-appx-manifest.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/desktop/custom-appx-manifest.xml b/apps/desktop/custom-appx-manifest.xml index 9e896d02b09..f53707c65e5 100644 --- a/apps/desktop/custom-appx-manifest.xml +++ b/apps/desktop/custom-appx-manifest.xml @@ -15,7 +15,7 @@ xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/re Bitwarden From dcfed6e1b8c9dfed3c14b69e0b9f1dcaa2ebef67 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20=C3=85berg?= Date: Fri, 7 Nov 2025 10:02:30 +0100 Subject: [PATCH 10/12] Revert "only build one architecture" This reverts commit 3a1afe086c125427ec84b7a5c86c16e7c48ba8b4. --- apps/desktop/desktop_native/build.js | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/apps/desktop/desktop_native/build.js b/apps/desktop/desktop_native/build.js index 21c7a686b1b..9294b45b69b 100644 --- a/apps/desktop/desktop_native/build.js +++ b/apps/desktop/desktop_native/build.js @@ -6,13 +6,13 @@ const process = require("process"); // Map of the Node arch equivalents for the rust target triplets, used to move the file to the correct location const rustTargetsMap = { -// "i686-pc-windows-msvc": { nodeArch: 'ia32', platform: 'win32' }, + "i686-pc-windows-msvc": { nodeArch: 'ia32', platform: 'win32' }, "x86_64-pc-windows-msvc": { nodeArch: 'x64', platform: 'win32' }, -// "aarch64-pc-windows-msvc": { nodeArch: 'arm64', platform: 'win32' }, -// "x86_64-apple-darwin": { nodeArch: 'x64', platform: 'darwin' }, -// "aarch64-apple-darwin": { nodeArch: 'arm64', platform: 'darwin' }, -// 'x86_64-unknown-linux-musl': { nodeArch: 'x64', platform: 'linux' }, -// 'aarch64-unknown-linux-musl': { nodeArch: 'arm64', platform: 'linux' }, + "aarch64-pc-windows-msvc": { nodeArch: 'arm64', platform: 'win32' }, + "x86_64-apple-darwin": { nodeArch: 'x64', platform: 'darwin' }, + "aarch64-apple-darwin": { nodeArch: 'arm64', platform: 'darwin' }, + 'x86_64-unknown-linux-musl': { nodeArch: 'x64', platform: 'linux' }, + 'aarch64-unknown-linux-musl': { nodeArch: 'arm64', platform: 'linux' }, } // Ensure the dist directory exists From 445cbe8c4d403d1a4b2e110a76ef747ece7710fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20=C3=85berg?= Date: Fri, 7 Nov 2025 10:06:52 +0100 Subject: [PATCH 11/12] Use variables --- apps/desktop/custom-appx-manifest.xml | 2 +- apps/desktop/electron-builder.beta.json | 2 +- apps/desktop/electron-builder.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/apps/desktop/custom-appx-manifest.xml b/apps/desktop/custom-appx-manifest.xml index f53707c65e5..4eb84cde0e6 100644 --- a/apps/desktop/custom-appx-manifest.xml +++ b/apps/desktop/custom-appx-manifest.xml @@ -15,7 +15,7 @@ xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/re Bitwarden diff --git a/apps/desktop/electron-builder.beta.json b/apps/desktop/electron-builder.beta.json index 630a956560d..00af08b0b85 100644 --- a/apps/desktop/electron-builder.beta.json +++ b/apps/desktop/electron-builder.beta.json @@ -60,7 +60,7 @@ "backgroundColor": "#175DDC", "applicationId": "BitwardenBeta", "identityName": "8bitSolutionsLLC.BitwardenBeta", - "publisher": "CN=14D52771-DE3C-4886-B8BF-825BA7690418", + "publisher": "CN=Bitwarden Inc., O=Bitwarden Inc., L=Santa Barbara, S=California, C=US, SERIALNUMBER=7654941, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US", "publisherDisplayName": "Bitwarden Inc", "languages": [ "en-US", diff --git a/apps/desktop/electron-builder.json b/apps/desktop/electron-builder.json index 285ee91b039..f7f6a4a6f3c 100644 --- a/apps/desktop/electron-builder.json +++ b/apps/desktop/electron-builder.json @@ -178,7 +178,7 @@ "customManifestPath": "./custom-appx-manifest.xml", "applicationId": "bitwardendesktop", "identityName": "8bitSolutionsLLC.bitwardendesktop", - "publisher": "CN=14D52771-DE3C-4886-B8BF-825BA7690418", + "publisher": "CN=Bitwarden Inc., O=Bitwarden Inc., L=Santa Barbara, S=California, C=US, SERIALNUMBER=7654941, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US", "publisherDisplayName": "Bitwarden Inc", "languages": [ "en-US", From c7af27557e46d8a8f6bc8b4f43ec86836bfb1945 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20=C3=85berg?= Date: Fri, 7 Nov 2025 10:35:51 +0100 Subject: [PATCH 12/12] build all targets --- apps/desktop/electron-builder.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/desktop/electron-builder.json b/apps/desktop/electron-builder.json index f7f6a4a6f3c..0bd6d93970b 100644 --- a/apps/desktop/electron-builder.json +++ b/apps/desktop/electron-builder.json @@ -90,7 +90,7 @@ }, "win": { "electronUpdaterCompatibility": ">=0.0.1", - "target": ["appx"], + "target": ["portable", "nsis-web", "appx"], "signtoolOptions": { "sign": "./sign.js", "publisherName": "CN=com.bitwarden.localdevelopment"