From 1d7aa701bf4a3482ec51a425d6e4d34150b7aba9 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Fri, 15 Jan 2021 00:56:02 +0000 Subject: [PATCH 1/8] casting to integer --- sign.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sign.js b/sign.js index 14bee183..cbae2b0a 100644 --- a/sign.js +++ b/sign.js @@ -1,5 +1,5 @@ exports.default = async function(configuration) { - if (process.env.ELECTRON_BUILDER_SIGN === 1) { + if (parseInt(process.env.ELECTRON_BUILDER_SIGN) === 1) { require("child_process").execSync( `azuresigntool sign ` + `-kvu ${process.env.SIGNING_VAULT_URL} ` + From 081dfaaa04ca23674fbd95b756f798d4c0f78917 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Fri, 15 Jan 2021 01:07:10 +0000 Subject: [PATCH 2/8] chaning back to the other cert to test the signing --- .github/workflows/build-and-sign.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-sign.yml b/.github/workflows/build-and-sign.yml index f825a9a7..2d5e872e 100644 --- a/.github/workflows/build-and-sign.yml +++ b/.github/workflows/build-and-sign.yml @@ -13,7 +13,7 @@ on: jobs: windows: runs-on: windows-latest - environment: prod + environment: test_ast steps: - name: Set up dotnet uses: actions/setup-dotnet@v1 From 67367bb71b3c9a0b26f4ac8d9e6b602d210791b9 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Fri, 15 Jan 2021 01:24:06 +0000 Subject: [PATCH 3/8] chaning back to prod after updating client secret --- .github/workflows/build-and-sign.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-sign.yml b/.github/workflows/build-and-sign.yml index 2d5e872e..f825a9a7 100644 --- a/.github/workflows/build-and-sign.yml +++ b/.github/workflows/build-and-sign.yml @@ -13,7 +13,7 @@ on: jobs: windows: runs-on: windows-latest - environment: test_ast + environment: prod steps: - name: Set up dotnet uses: actions/setup-dotnet@v1 From 81a5c77b5edf2926ed0d288ea0bf57b3fb683594 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Fri, 15 Jan 2021 15:37:49 +0000 Subject: [PATCH 4/8] listing all of the files that electron-builder is trying to sign --- sign.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sign.js b/sign.js index cbae2b0a..68b2ac42 100644 --- a/sign.js +++ b/sign.js @@ -1,5 +1,7 @@ exports.default = async function(configuration) { if (parseInt(process.env.ELECTRON_BUILDER_SIGN) === 1) { + console.log(`[++] File to sign: ${configuration.path}`) + /* require("child_process").execSync( `azuresigntool sign ` + `-kvu ${process.env.SIGNING_VAULT_URL} ` + @@ -15,5 +17,6 @@ exports.default = async function(configuration) { stdio: "inherit" } ); + */ } }; From 404e4130dabcd5d3137a74bbfca76e2d78537040 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Fri, 15 Jan 2021 16:00:55 +0000 Subject: [PATCH 5/8] seeing what file it fails on, specifically --- sign.js | 2 -- 1 file changed, 2 deletions(-) diff --git a/sign.js b/sign.js index 68b2ac42..8639b9b6 100644 --- a/sign.js +++ b/sign.js @@ -1,7 +1,6 @@ exports.default = async function(configuration) { if (parseInt(process.env.ELECTRON_BUILDER_SIGN) === 1) { console.log(`[++] File to sign: ${configuration.path}`) - /* require("child_process").execSync( `azuresigntool sign ` + `-kvu ${process.env.SIGNING_VAULT_URL} ` + @@ -17,6 +16,5 @@ exports.default = async function(configuration) { stdio: "inherit" } ); - */ } }; From b4a36dbfd2a7e925c5cbd90bcc889f8f7d5f36dd Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Fri, 15 Jan 2021 16:18:14 +0000 Subject: [PATCH 6/8] only signing .exe --- sign.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/sign.js b/sign.js index 8639b9b6..456de36a 100644 --- a/sign.js +++ b/sign.js @@ -1,6 +1,5 @@ exports.default = async function(configuration) { - if (parseInt(process.env.ELECTRON_BUILDER_SIGN) === 1) { - console.log(`[++] File to sign: ${configuration.path}`) + if (parseInt(process.env.ELECTRON_BUILDER_SIGN) === 1 && configuration.path.slice(-4) == ".exe") { require("child_process").execSync( `azuresigntool sign ` + `-kvu ${process.env.SIGNING_VAULT_URL} ` + From 429b0abf42e03a5983b9dedfc39215f573e15956 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Fri, 15 Jan 2021 17:19:34 +0000 Subject: [PATCH 7/8] excluding the unpacked appx executables --- sign.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/sign.js b/sign.js index 456de36a..509902be 100644 --- a/sign.js +++ b/sign.js @@ -1,5 +1,9 @@ exports.default = async function(configuration) { - if (parseInt(process.env.ELECTRON_BUILDER_SIGN) === 1 && configuration.path.slice(-4) == ".exe") { + if ( + parseInt(process.env.ELECTRON_BUILDER_SIGN) === 1 && + configuration.path.slice(-4) == ".exe" && + !(configuration.path.includes('win-unpacked') || configuration.path.includes('win-ia32-unpacked')) + ) { require("child_process").execSync( `azuresigntool sign ` + `-kvu ${process.env.SIGNING_VAULT_URL} ` + From 8ddc5381597fbbbeef482fa74fc80aa7569b7857 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Fri, 15 Jan 2021 17:42:44 +0000 Subject: [PATCH 8/8] adding signing logging --- sign.js | 1 + 1 file changed, 1 insertion(+) diff --git a/sign.js b/sign.js index 509902be..107f048d 100644 --- a/sign.js +++ b/sign.js @@ -4,6 +4,7 @@ exports.default = async function(configuration) { configuration.path.slice(-4) == ".exe" && !(configuration.path.includes('win-unpacked') || configuration.path.includes('win-ia32-unpacked')) ) { + console.log(`[*] Signing file: ${configuration.path}`) require("child_process").execSync( `azuresigntool sign ` + `-kvu ${process.env.SIGNING_VAULT_URL} ` +