mirror of
https://github.com/bitwarden/browser
synced 2026-02-07 20:24:01 +00:00
61 lines
2.1 KiB
JavaScript
61 lines
2.1 KiB
JavaScript
/* eslint-disable @typescript-eslint/no-require-imports, no-console */
|
|
const child_process = require("child_process");
|
|
|
|
exports.default = async function (configuration) {
|
|
const ext = configuration.path.split(".").at(-1);
|
|
if (parseInt(process.env.ELECTRON_BUILDER_SIGN) === 1 && ext == "exe") {
|
|
console.log(`[*] Signing file: ${configuration.path}`);
|
|
child_process.execFileSync(
|
|
"azuresigntool",
|
|
// prettier-ignore
|
|
[
|
|
"sign",
|
|
"-v",
|
|
"-kvu", process.env.SIGNING_VAULT_URL,
|
|
"-kvi", process.env.SIGNING_CLIENT_ID,
|
|
"-kvt", process.env.SIGNING_TENANT_ID,
|
|
"-kvs", process.env.SIGNING_CLIENT_SECRET,
|
|
"-kvc", process.env.SIGNING_CERT_NAME,
|
|
"-fd", configuration.hash,
|
|
"-du", configuration.site,
|
|
"-tr", "http://timestamp.digicert.com",
|
|
configuration.path,
|
|
],
|
|
{
|
|
stdio: "inherit",
|
|
},
|
|
);
|
|
} else if (process.env.ELECTRON_BUILDER_SIGN_CERT && ["exe", "appx"].includes(ext)) {
|
|
console.log(`[*] Signing file: ${configuration.path}`);
|
|
if (process.platform !== "win32") {
|
|
console.warn(
|
|
"Signing Windows executables on non-Windows platforms is not supported. Not signing.",
|
|
);
|
|
return;
|
|
}
|
|
const certFile = process.env.ELECTRON_BUILDER_SIGN_CERT;
|
|
const certPw = process.env.ELECTRON_BUILDER_SIGN_CERT_PW;
|
|
if (!certPw) {
|
|
throw new Error(
|
|
"The certificate file password must be set in ELECTRON_BUILDER_SIGN_CERT_PW in order to sign files.",
|
|
);
|
|
}
|
|
try {
|
|
child_process.execFileSync(
|
|
"signtool.exe",
|
|
["sign", "/fd", "SHA256", "/a", "/f", certFile, "/p", certPw, configuration.path],
|
|
{
|
|
stdio: "inherit",
|
|
},
|
|
);
|
|
console.info(`Signed ${configuration.path} successfully.`);
|
|
} catch (error) {
|
|
throw new Error(
|
|
`Failed to sign ${configuration.path}: ${error.message}\n` +
|
|
`Check that ELECTRON_BUILDER_SIGN_CERT points to a valid PKCS12 file ` +
|
|
`and ELECTRON_BUILDER_SIGN_CERT_PW is correct.`,
|
|
);
|
|
}
|
|
}
|
|
};
|