Skip to content

Commit

Permalink
Sign Windows binaries with Azure Trusted Signing.
Browse files Browse the repository at this point in the history
Signed-off-by: Anders Kaseorg <[email protected]>
  • Loading branch information
andersk committed Aug 23, 2024
1 parent 981a262 commit b268fe9
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 1 deletion.
7 changes: 6 additions & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,11 @@
}
],
"icon": "build/icon.ico",
"publisherName": "Kandra Labs, Inc."
"publisherName": "Kandra Labs, Inc.",
"sign": "./scripts/win-sign.js",
"signingHashAlgorithms": [
"sha256"
]
},
"msi": {
"artifactName": "${productName}-${version}-${arch}.${ext}"
Expand Down Expand Up @@ -308,6 +312,7 @@
},
{
"files": [
"scripts/win-sign.js",
"tests/**/*.js"
],
"parserOptions": {
Expand Down
20 changes: 20 additions & 0 deletions scripts/win-sign.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
"use strict";

const childProcess = require("node:child_process");
const {promisify} = require("node:util");

const exec = promisify(childProcess.exec);

exports.default = async ({path, hash}) => {
await exec(
`powershell.exe Invoke-TrustedSigning \
-Endpoint https://eus.codesigning.azure.net/ \
-CodeSigningAccountName kandralabs \
-CertificateProfileName kandralabs \
-Files '${path}' \
-FileDigest '${hash}' \
-TimestampRfc3161 http://timestamp.acs.microsoft.com \
-TimestampDigest '${hash}'`,
{stdio: "inherit"},
);
};

0 comments on commit b268fe9

Please sign in to comment.