From ffef11db2f71d99734c1624a3477fd0f757fb602 Mon Sep 17 00:00:00 2001 From: Brendan Forster Date: Mon, 4 Jul 2016 15:25:36 +1000 Subject: [PATCH] implement certificate setup and cleanup and pass arguments to signtool --- script/cleanup-windows-certificate.ps1 | 7 +++++++ script/package | 19 ++++++++++++++++--- script/setup-windows-certificate.ps1 | 9 +++++++++ 3 files changed, 32 insertions(+), 3 deletions(-) create mode 100644 script/cleanup-windows-certificate.ps1 create mode 100644 script/setup-windows-certificate.ps1 diff --git a/script/cleanup-windows-certificate.ps1 b/script/cleanup-windows-certificate.ps1 new file mode 100644 index 00000000000..aaf7292e3e4 --- /dev/null +++ b/script/cleanup-windows-certificate.ps1 @@ -0,0 +1,7 @@ +$scriptPath = split-path -parent $MyInvocation.MyCommand.Definition + +$file = "$scriptPath\windows-certificate.pfx" + +if ((Test-Path $file)) { + Remove-Item $file +} diff --git a/script/package b/script/package index 2439ae69e7a..4c9d831e505 100644 --- a/script/package +++ b/script/package @@ -30,16 +30,29 @@ function packageOSX () { function packageWindows () { const electronInstaller = require('electron-winstaller') const outputDir = path.join(distPath, '..', 'installer') - // TODO: We'll need to sign this shit. + const setupCertificatePath = path.join(__dirname, 'setup-windows-certificate.ps1') + const cleanupCertificatePath = path.join(__dirname, 'cleanup-windows-certificate.ps1') + + if (process.env.APPVEYOR) { + cp.execSync(`powershell ${setupCertificatePath}`) + } + + const certificatePath = path.join(__dirname, 'windows-certificate.pfx') + electronInstaller .createWindowsInstaller({ appDirectory: distPath, outputDirectory: outputDir, authors: distInfo.getCompanyName(), - exe: `${productName}.exe` + exe: `${productName}.exe`, + signWithParams: `/f ${certificatePath} /p ${process.env.WINDOWS_CERT_PASSWORD} /tr http://timestamp.digicert.com /td sha256` + }) + .then(() => { + console.log(`Installers created in ${outputDir}`) + cp.execSync(`powershell ${cleanupCertificatePath}`) }) - .then(() => console.log(`Installers created in ${outputDir}`)) .catch(e => { + cp.execSync(`powershell ${cleanupCertificatePath}`) console.error(`Error packaging: ${e}`) process.exit(1) }) diff --git a/script/setup-windows-certificate.ps1 b/script/setup-windows-certificate.ps1 new file mode 100644 index 00000000000..df3b5b2a75f --- /dev/null +++ b/script/setup-windows-certificate.ps1 @@ -0,0 +1,9 @@ +$scriptPath = split-path -parent $MyInvocation.MyCommand.Definition + +$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]" +$headers.Add("Authorization", "token $env:DESKTOPBOT_TOKEN") +$headers.Add("Accept", 'application/vnd.github.v3.raw') + +Invoke-WebRequest 'https://api.github.com/repos/desktop/desktop-secrets/contents/windows-certificate.pfx' ` + -Headers $headers ` + -OutFile "$scriptPath\windows-certificate.pfx"