matrix-bot/scripts/electron_afterSign.js

77 lines
2.8 KiB
JavaScript

const { notarize } = require('electron-notarize');
const { exec, execFile } = require('child_process');
const fs = require('fs');
const shellescape = require('shell-escape');
exports.default = async function(context) {
const { electronPlatformName, appOutDir } = context;
if (electronPlatformName === 'darwin') {
const appName = context.packager.appInfo.productFilename;
// We get the password from keychain. The keychain stores
// user IDs too, but apparently altool can't get the user ID
// from the keychain, so we need to get it from the environment.
const userId = process.env.NOTARIZE_APPLE_ID;
if (userId === undefined) {
throw new Error("User ID not found. Set NOTARIZE_APPLE_ID.");
}
console.log("Notarising macOS app. This may be some time.");
return await notarize({
appBundleId: 'im.riot.app',
appPath: `${appOutDir}/${appName}.app`,
appleId: userId,
appleIdPassword: '@keychain:NOTARIZE_CREDS',
});
} else if (electronPlatformName === 'win32') {
// This signs the actual Riot executable
const appName = context.packager.appInfo.productFilename;
// get the token passphrase from the keychain
const tokenPassphrase = await new Promise((resolve, reject) => {
execFile(
'security',
['find-generic-password', '-s', 'riot_signing_token', '-w'],
{},
(err, stdout) => {
if (err) {
reject(err);
} else {
resolve(stdout.trim());
}
},
);
});
return new Promise((resolve, reject) => {
let cmdLine = 'osslsigncode sign ';
if (process.env.OSSLSIGNCODE_SIGNARGS) {
cmdLine += process.env.OSSLSIGNCODE_SIGNARGS + ' ';
}
const tmpFile = 'tmp_' + Math.random().toString(36).substring(2, 15) + '.exe';
cmdLine += shellescape([
'-pass', tokenPassphrase,
'-in', `${appOutDir}/${appName}.exe`,
'-out', `${appOutDir}/${tmpFile}`,
]);
const signproc = exec(cmdLine, {}, (error, stdout) => {
console.log(stdout);
});
signproc.on('exit', (code) => {
if (code !== 0) {
reject("osslsigncode failed with code " + code);
return;
}
fs.rename(`${appOutDir}/${tmpFile}`, `${appOutDir}/${appName}.exe`, (err) => {
if (err) {
reject(err);
} else {
resolve();
}
});
});
});
}
};