From c2d83782a4a5f855c0da12a75a5a5bacdc8ec2ca Mon Sep 17 00:00:00 2001
From: Jeremy Spiegel <jeremy.spiegel@frontapp.com>
Date: Tue, 1 Nov 2022 13:43:44 -0700
Subject: [PATCH 1/4] fix: support powershell constrained language mode

---
 .../src/windowsExecutableCodeSignatureVerifier.ts          | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts b/packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts
index 6c75b880a71..79d6002119f 100644
--- a/packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts
+++ b/packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts
@@ -31,16 +31,17 @@ export function verifySignature(publisherNames: Array<string>, unescapedTempUpda
     // https://github.com/electron-userland/electron-builder/issues/2421
     // https://github.com/electron-userland/electron-builder/issues/2535
     execFile(
-      "powershell.exe",
+      "chcp 65001 >NUL & powershell.exe",
       [
         "-NoProfile",
         "-NonInteractive",
         "-InputFormat",
         "None",
         "-Command",
-        `Get-AuthenticodeSignature -LiteralPath '${tempUpdateFile}' | ConvertTo-Json -Compress | ForEach-Object { [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($_)) }`,
+        `Get-AuthenticodeSignature -LiteralPath '${tempUpdateFile}' | ConvertTo-Json -Compress`,
       ],
       {
+        shell: true,
         timeout: 20 * 1000,
       },
       (error, stdout, stderr) => {
@@ -51,7 +52,7 @@ export function verifySignature(publisherNames: Array<string>, unescapedTempUpda
             return
           }
 
-          const data = parseOut(Buffer.from(stdout, "base64").toString("utf-8"))
+          const data = parseOut(stdout)
           if (data.Status === 0) {
             const subject = parseDn(data.SignerCertificate.Subject)
             let match = false

From 2f2b66755c034d4a4d38664667c86b08d3ef37e3 Mon Sep 17 00:00:00 2001
From: Jeremy Spiegel <jeremy.s.spiegel@gmail.com>
Date: Tue, 1 Nov 2022 15:19:31 -0700
Subject: [PATCH 2/4] Create real-olives-film.md

---
 .changeset/real-olives-film.md | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 .changeset/real-olives-film.md

diff --git a/.changeset/real-olives-film.md b/.changeset/real-olives-film.md
new file mode 100644
index 00000000000..60b1691a689
--- /dev/null
+++ b/.changeset/real-olives-film.md
@@ -0,0 +1,5 @@
+---
+"electron-updater": patch
+---
+
+fix: support powershell constrained language mode

From db3683027eb0999e7ccec0aa6cd6713f52829b40 Mon Sep 17 00:00:00 2001
From: Jeremy Spiegel <jeremy.spiegel@frontapp.com>
Date: Tue, 1 Nov 2022 16:09:12 -0700
Subject: [PATCH 3/4] Fix lint

---
 .../src/windowsExecutableCodeSignatureVerifier.ts        | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts b/packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts
index 79d6002119f..7b876b57f82 100644
--- a/packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts
+++ b/packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts
@@ -32,14 +32,7 @@ export function verifySignature(publisherNames: Array<string>, unescapedTempUpda
     // https://github.com/electron-userland/electron-builder/issues/2535
     execFile(
       "chcp 65001 >NUL & powershell.exe",
-      [
-        "-NoProfile",
-        "-NonInteractive",
-        "-InputFormat",
-        "None",
-        "-Command",
-        `Get-AuthenticodeSignature -LiteralPath '${tempUpdateFile}' | ConvertTo-Json -Compress`,
-      ],
+      ["-NoProfile", "-NonInteractive", "-InputFormat", "None", "-Command", `Get-AuthenticodeSignature -LiteralPath '${tempUpdateFile}' | ConvertTo-Json -Compress`],
       {
         shell: true,
         timeout: 20 * 1000,

From dbece13de36b5b713178a39014a461296ec53b22 Mon Sep 17 00:00:00 2001
From: Jeremy Spiegel <jeremy.spiegel@frontapp.com>
Date: Tue, 1 Nov 2022 17:22:24 -0700
Subject: [PATCH 4/4] Add quotes

---
 .../src/windowsExecutableCodeSignatureVerifier.ts               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts b/packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts
index 7b876b57f82..28e624204a6 100644
--- a/packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts
+++ b/packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts
@@ -32,7 +32,7 @@ export function verifySignature(publisherNames: Array<string>, unescapedTempUpda
     // https://github.com/electron-userland/electron-builder/issues/2535
     execFile(
       "chcp 65001 >NUL & powershell.exe",
-      ["-NoProfile", "-NonInteractive", "-InputFormat", "None", "-Command", `Get-AuthenticodeSignature -LiteralPath '${tempUpdateFile}' | ConvertTo-Json -Compress`],
+      ["-NoProfile", "-NonInteractive", "-InputFormat", "None", "-Command", `"Get-AuthenticodeSignature -LiteralPath '${tempUpdateFile}' | ConvertTo-Json -Compress"`],
       {
         shell: true,
         timeout: 20 * 1000,