Add custom signing script

kiwix · Aug 17, 2024 · 8436a22 · 8436a22
1 parent 3460593
commit 8436a22
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 1 deletion.
diff --git a/package.json b/package.json
@@ -17,7 +17,8 @@
  "signingHashAlgorithms": [
  "sha256"
  ],
- "timeStampServer": "http://ts.ssl.com",
+ "rfc3161TimeStampServer": "http://ts.ssl.com",
+ "sign": "node sign.js",
  "asar": "true",
  "extraResources": {
  "from": "archives",

diff --git a/scripts/sign.js b/scripts/sign.js
@@ -0,0 +1,34 @@
+const { execSync } = require('child_process');
+const fs = require('fs');
+const path = require('path');
+
+// Read package.json
+const packageJsonPath = path.resolve(__dirname, 'package.json');
+const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf8'));
+
+// Extract rfc3161TimeStampServer from package.json
+const rfc3161TimeStampServer = packageJson.build.win.rfc3161TimeStampServer;
+
+const fileToSign = process.argv[2];
+const sha1 = process.env.ED_SIGNTOOL_THUMBPRINT;
+const signToolPath = process.env.SIGNTOOL_PATH;
+
+if (!sha1) {
+ console.error('Environment variable SIGNING_CERT_SHA1 is not set.');
+ process.exit(1);
+}
+
+if (!rfc3161TimeStampServer) {
+ console.error('rfc3161TimeStampServer is not set in package.json.');
+ process.exit(1);
+}
+
+const signCommand = `"${signToolPath}" sign /tr ${rfc3161TimeStampServer} /sha1 ${sha1} /s My /fd sha256 /td sha256 /d "Kiwix JS Electron" /du "https://github.com/kiwix/kiwix-js-pwa#readme" /debug "${fileToSign}"`;
+
+try {
+ execSync(signCommand, { stdio: 'inherit' });
+ console.log(`Successfully signed ${fileToSign}`);
+} catch (error) {
+ console.error(`Failed to sign ${fileToSign}`);
+ process.exit(1);
+}