diff --git a/electron_app/riot.im/env.sh b/electron_app/riot.im/env.sh index 79cb6e4e..0ee81052 100644 --- a/electron_app/riot.im/env.sh +++ b/electron_app/riot.im/env.sh @@ -1 +1 @@ -export OSSLSIGNCODE_SIGNARGS='-pkcs11module /Library/Frameworks/eToken.framework/Versions/Current/libeToken.dylib -pkcs11engine /usr/local/lib/engines/engine_pkcs11.so -certs electron_app/riot.im/New_Vector_Ltd.pem -key 0a3271cbc1ec0fd8afb37f6bbe0cd65ba08d3b4d -t http://timestamp.comodoca.com -h sha256 -verbose' +export OSSLSIGNCODE_SIGNARGS='-pkcs11module /Library/Frameworks/eToken.framework/Versions/Current/libeToken.dylib -pkcs11engine /usr/local/lib/engines/engine_pkcs11.so -certs electron_app/riot.im/New_Vector_Ltd.pem -key 0a3271cbc1ec0fd8afb37f6bbe0cd65ba08d3b4d -t http://timestamp.comodoca.com -verbose' diff --git a/scripts/electron-package.sh b/scripts/electron-package.sh index 7a8a5ca7..f92c1387 100755 --- a/scripts/electron-package.sh +++ b/scripts/electron-package.sh @@ -131,19 +131,18 @@ pubdir="$projdir/electron_app/pub" rm -r "$pubdir" || true mkdir -p "$pubdir" rm -r "$projdir/electron_app/dist" || true -mkdir -p "$projdir/electron_app/dist/unsigned/" +mkdir -p "$projdir/electron_app/dist" # Install packages: what the user downloads the first time, # (DMGs for mac, exe installer for windows) mkdir -p "$pubdir/install/macos" cp $distdir/*.dmg "$pubdir/install/macos/" -# Windows installers need signing, this comes later mkdir -p "$pubdir/install/win32/ia32/" -mkdir -p "$projdir/electron_app/dist/unsigned/ia32/" +cp $distdir/squirrel-windows-ia32/*.exe "$pubdir/install/win32/ia32/" mkdir -p "$pubdir/install/win32/x64/" -mkdir -p "$projdir/electron_app/dist/unsigned/x64/" +cp $distdir/squirrel-windows/*.exe "$pubdir/install/win32/x64/" # Packages for auto-update mkdir -p "$pubdir/update/macos" @@ -165,20 +164,6 @@ cp $distdir/squirrel-windows/RELEASES "$pubdir/update/win32/x64/" # longer appears to work). cp $distdir/*_amd64.deb "$projdir/electron_app/dist/" -# Now we sign the windows installer executables (as opposed to the main binary which -# is signed in the electron afteSign hook) -echo "Signing Windows installers..." - -exe32=( "$distdir"/squirrel-windows-ia32/*.exe ) -basename32=`basename "$exe32"` -osslsigncode sign $OSSLSIGNCODE_SIGNARGS -pass "$token_password" -in "$exe32" -out "$projdir/electron_app/pub/install/win32/ia32/$basename32" - -exe64=( "$distdir"/squirrel-windows/*.exe ) -basename64=`basename "$exe64"` -osslsigncode sign $OSSLSIGNCODE_SIGNARGS -pass "$token_password" -in "$exe64" -out "$projdir/electron_app/pub/install/win32/x64/$basename64" - -echo "Installers signed" - rm -rf "$builddir" echo "$pubdir can now be hosted on your web server." diff --git a/scripts/electron_winSign.js b/scripts/electron_winSign.js index 9cd2d3f6..d55b8528 100644 --- a/scripts/electron_winSign.js +++ b/scripts/electron_winSign.js @@ -36,7 +36,7 @@ exports.default = async function(options) { 'tmp_' + Math.random().toString(36).substring(2, 15) + '.exe', ); const args = [ - '-hash', options.hash, + '-h', options.hash, '-pass', tokenPassphrase, '-in', inPath, '-out', tmpFile, @@ -44,11 +44,14 @@ exports.default = async function(options) { if (options.isNest) args.push('-nest'); cmdLine += shellescape(args); + let signStdout; const signproc = exec(cmdLine, {}, (error, stdout) => { - console.log(stdout); + signStdout = stdout; }); signproc.on('exit', (code) => { if (code !== 0) { + console.log("Running", cmdLine); + console.log(signStdout); console.error("osslsigncode failed with code " + code); reject("osslsigncode failed with code " + code); return;