bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2026-01-28 15:23:53 +00:00
Code Issues Releases Wiki Activity
Files
6d69abcf19353e161d3d46bc16fe4e00bdc7eecd
browser/apps/desktop/sign.js
Isaiah Inuwa 314a5baada Sign Appx in CI (#17975) 
Changes the publisher to match the Bitwarden signing certificate, and allows
signing of .appx files.

Also removes unused certificateSubjectName parameters from package.json
2026-01-12 14:19:46 -05:00

61 lines
2.1 KiB
JavaScript
Raw Blame History

/* eslint-disable @typescript-eslint/no-require-imports, no-console */
const child_process = require("child_process");
exports.default = async function (configuration) {
const ext = configuration.path.split(".").at(-1);
if (parseInt(process.env.ELECTRON_BUILDER_SIGN) === 1 && ["exe", "appx"].includes(ext)) {
console.log(`[*] Signing file: ${configuration.path}`);
child_process.execFileSync(
"azuresigntool",
// prettier-ignore
[
"sign",
"-v",
"-kvu", process.env.SIGNING_VAULT_URL,
"-kvi", process.env.SIGNING_CLIENT_ID,
"-kvt", process.env.SIGNING_TENANT_ID,
"-kvs", process.env.SIGNING_CLIENT_SECRET,
"-kvc", process.env.SIGNING_CERT_NAME,
"-fd", configuration.hash,
"-du", configuration.site,
"-tr", "http://timestamp.digicert.com",
configuration.path,
],
{
stdio: "inherit",
},
);
} else if (process.env.ELECTRON_BUILDER_SIGN_CERT && ["exe", "appx"].includes(ext)) {
console.log(`[*] Signing file: ${configuration.path}`);
if (process.platform !== "win32") {
console.warn(
"Signing Windows executables on non-Windows platforms is not supported. Not signing.",
);
return;
}
const certFile = process.env.ELECTRON_BUILDER_SIGN_CERT;
const certPw = process.env.ELECTRON_BUILDER_SIGN_CERT_PW;
if (!certPw) {
throw new Error(
"The certificate file password must be set in ELECTRON_BUILDER_SIGN_CERT_PW in order to sign files.",
);
}
try {
child_process.execFileSync(
"signtool.exe",
["sign", "/fd", "SHA256", "/a", "/f", certFile, "/p", certPw, configuration.path],
{
stdio: "inherit",
},
);
console.info(`Signed ${configuration.path} successfully.`);
} catch (error) {
throw new Error(
`Failed to sign ${configuration.path}: ${error.message}\n` +
`Check that ELECTRON_BUILDER_SIGN_CERT points to a valid PKCS12 file ` +
`and ELECTRON_BUILDER_SIGN_CERT_PW is correct.`,
);
}
}
};
Reference in New Issue View Git Blame Copy Permalink