diff --git a/.changeset/purple-sheep-share.md b/.changeset/purple-sheep-share.md new file mode 100644 index 00000000000..76dab9a0ab6 --- /dev/null +++ b/.changeset/purple-sheep-share.md @@ -0,0 +1,8 @@ +--- +"app-builder-lib": major +--- + +chore: remove deprecated fields from `winOptions` and `macOptions` + +For `winOptions` signing configuration, it has been moved to `win.signtoolOptions` in order to support `azureOptions` as a separate field and avoid bloating `win` configuration object +For `macOptions`, notarize options has been deprecated in favor of env vars for quite some time. Env vars are much more secure diff --git a/packages/app-builder-lib/scheme.json b/packages/app-builder-lib/scheme.json index bd141e9ce3f..0abde256964 100644 --- a/packages/app-builder-lib/scheme.json +++ b/packages/app-builder-lib/scheme.json @@ -2703,18 +2703,8 @@ ] }, "notarize": { - "anyOf": [ - { - "$ref": "#/definitions/NotarizeNotaryOptions" - }, - { - "type": [ - "null", - "boolean" - ] - } - ], - "description": "Options to use for" + "description": "Whether to disable electron-builder's [@electron/notarize](https://github.com/electron/notarize) integration.\n\nNote: In order to activate the notarization step You MUST specify one of the following via environment variables:\n\n1. `APPLE_API_KEY`, `APPLE_API_KEY_ID` and `APPLE_API_ISSUER`.\n2. `APPLE_ID`, `APPLE_APP_SPECIFIC_PASSWORD`, and `APPLE_TEAM_ID`\n3. `APPLE_KEYCHAIN` and `APPLE_KEYCHAIN_PROFILE`\n\nFor security reasons it is recommended to use the first option (see https://github.com/electron-userland/electron-builder/issues/7859)", + "type": "boolean" }, "preAutoEntitlements": { "default": true, @@ -3345,18 +3335,8 @@ ] }, "notarize": { - "anyOf": [ - { - "$ref": "#/definitions/NotarizeNotaryOptions" - }, - { - "type": [ - "null", - "boolean" - ] - } - ], - "description": "Options to use for" + "description": "Whether to disable electron-builder's [@electron/notarize](https://github.com/electron/notarize) integration.\n\nNote: In order to activate the notarization step You MUST specify one of the following via environment variables:\n\n1. `APPLE_API_KEY`, `APPLE_API_KEY_ID` and `APPLE_API_ISSUER`.\n2. `APPLE_ID`, `APPLE_APP_SPECIFIC_PASSWORD`, and `APPLE_TEAM_ID`\n3. `APPLE_KEYCHAIN` and `APPLE_KEYCHAIN_PROFILE`\n\nFor security reasons it is recommended to use the first option (see https://github.com/electron-userland/electron-builder/issues/7859)", + "type": "boolean" }, "preAutoEntitlements": { "default": true, @@ -3866,16 +3846,6 @@ }, "type": "object" }, - "NotarizeNotaryOptions": { - "additionalProperties": false, - "properties": { - "teamId": { - "description": "The team ID you want to notarize under for when using `notarytool`", - "type": "string" - } - }, - "type": "object" - }, "NsisOptions": { "additionalProperties": false, "properties": { @@ -6179,13 +6149,6 @@ "WindowsConfiguration": { "additionalProperties": false, "properties": { - "additionalCertificateFile": { - "description": "The path to an additional certificate file you want to add to the signature block.", - "type": [ - "null", - "string" - ] - }, "appId": { "default": "com.electron.${name}", "description": "The application id. Used as [CFBundleIdentifier](https://developer.apple.com/library/ios/documentation/General/Reference/InfoPlistKeyReference/Articles/CoreFoundationKeys.html#//apple_ref/doc/uid/20001431-102070) for MacOS and as\n[Application User Model ID](https://msdn.microsoft.com/en-us/library/windows/desktop/dd378459(v=vs.85).aspx) for Windows (NSIS target only, Squirrel.Windows not supported). It is strongly recommended that an explicit ID is set.", @@ -6244,34 +6207,6 @@ ], "description": "Options for usage of Azure Trusted Signing (beta)" }, - "certificateFile": { - "description": "The path to the *.pfx certificate you want to sign with. Please use it only if you cannot use env variable `CSC_LINK` (`WIN_CSC_LINK`) for some reason.\nPlease see [Code Signing](./code-signing.md).", - "type": [ - "null", - "string" - ] - }, - "certificatePassword": { - "description": "The password to the certificate provided in `certificateFile`. Please use it only if you cannot use env variable `CSC_KEY_PASSWORD` (`WIN_CSC_KEY_PASSWORD`) for some reason.\nPlease see [Code Signing](./code-signing.md).", - "type": [ - "null", - "string" - ] - }, - "certificateSha1": { - "description": "The SHA1 hash of the signing certificate. The SHA1 hash is commonly specified when multiple certificates satisfy the criteria specified by the remaining switches. Works only on Windows (or on macOS if [Parallels Desktop](https://www.parallels.com/products/desktop/) Windows 10 virtual machines exits).", - "type": [ - "null", - "string" - ] - }, - "certificateSubjectName": { - "description": "The name of the subject of the signing certificate, which is often labeled with the field name `issued to`. Required only for EV Code Signing and works only on Windows (or on macOS if [Parallels Desktop](https://www.parallels.com/products/desktop/) Windows 10 virtual machines exits).", - "type": [ - "null", - "string" - ] - }, "compression": { "anyOf": [ { @@ -6519,23 +6454,6 @@ ], "description": "Publisher configuration. See [Auto Update](./publish.md) for more information." }, - "publisherName": { - "anyOf": [ - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "type": [ - "null", - "string" - ] - } - ], - "description": "[The publisher name](https://github.com/electron-userland/electron-builder/issues/1187#issuecomment-278972073), exactly as in your code signed certificate. Several names can be provided.\nDefaults to common name from your code signing certificate." - }, "releaseInfo": { "$ref": "#/definitions/ReleaseInfo", "description": "The release info. Intended for command line usage:\n\n```\n-c.releaseInfo.releaseNotes=\"new features\"\n```" @@ -6557,38 +6475,11 @@ "default": "asInvoker", "description": "The [security level](https://msdn.microsoft.com/en-us/library/6ad1fshk.aspx#Anchor_9) at which the application requests to be executed.\nCannot be specified per target, allowed only in the `win`." }, - "rfc3161TimeStampServer": { - "default": "http://timestamp.digicert.com", - "description": "The URL of the RFC 3161 time stamp server.", - "type": [ - "null", - "string" - ] - }, - "sign": { - "anyOf": [ - { - "typeof": "function" - }, - { - "type": [ - "null", - "string" - ] - } - ], - "description": "The custom function (or path to file or module id) to sign Windows executables" - }, "signAndEditExecutable": { "default": true, "description": "Whether to sign and add metadata to executable. Advanced option.", "type": "boolean" }, - "signDlls": { - "default": false, - "description": "Whether to sign DLL files. Advanced option.", - "type": "boolean" - }, "signExts": { "anyOf": [ { @@ -6604,24 +6495,6 @@ "default": null, "description": "Explicit file extensions to also sign. Advanced option." }, - "signingHashAlgorithms": { - "anyOf": [ - { - "items": { - "enum": [ - "sha1", - "sha256" - ], - "type": "string" - }, - "type": "array" - }, - { - "type": "null" - } - ], - "description": "Array of signing algorithms used. For AppX `sha256` is always used." - }, "signtoolOptions": { "anyOf": [ { @@ -6661,14 +6534,6 @@ "default": "nsis", "description": "The target package type: list of `nsis`, `nsis-web` (Web installer), `portable` ([portable]./nsis.md#portable) app without installation), `appx`, `msi`, `msi-wrapped`, `squirrel`, `7z`, `zip`, `tar.xz`, `tar.lz`, `tar.gz`, `tar.bz2`, `dir`.\nAppX package can be built only on Windows 10.\n\nTo use Squirrel.Windows please install `electron-builder-squirrel-windows` dependency." }, - "timeStampServer": { - "default": "http://timestamp.digicert.com", - "description": "The URL of the time stamp server.", - "type": [ - "null", - "string" - ] - }, "verifyUpdateCodeSignature": { "default": true, "description": "Whether to verify the signature of an available update before installation.\nThe [publisher name](#publisherName) will be used for the signature verification.", diff --git a/packages/app-builder-lib/src/codeSign/windowsCodeSign.ts b/packages/app-builder-lib/src/codeSign/windowsCodeSign.ts index de324c0583a..dafdb935fbb 100644 --- a/packages/app-builder-lib/src/codeSign/windowsCodeSign.ts +++ b/packages/app-builder-lib/src/codeSign/windowsCodeSign.ts @@ -17,25 +17,6 @@ export async function signWindows(options: WindowsSignOptions, packager: WinPack log.info({ path: log.filePath(options.path) }, "signing with Azure Trusted Signing (beta)") } else { log.info({ path: log.filePath(options.path) }, "signing with signtool.exe") - const deprecatedFields = { - sign: options.options.sign, - signDlls: options.options.signDlls, - signingHashAlgorithms: options.options.signingHashAlgorithms, - certificateFile: options.options.certificateFile, - certificatePassword: options.options.certificatePassword, - certificateSha1: options.options.certificateSha1, - certificateSubjectName: options.options.certificateSubjectName, - additionalCertificateFile: options.options.additionalCertificateFile, - rfc3161TimeStampServer: options.options.rfc3161TimeStampServer, - timeStampServer: options.options.timeStampServer, - publisherName: options.options.publisherName, - } - const fields = Object.entries(deprecatedFields) - .filter(([, value]) => !!value) - .map(([field]) => field) - if (fields.length) { - log.warn({ fields, reason: "please move to win.signtoolOptions." }, `deprecated field`) - } } return signWithRetry(async () => packageManager.signFile(options)) diff --git a/packages/app-builder-lib/src/codeSign/windowsSignToolManager.ts b/packages/app-builder-lib/src/codeSign/windowsSignToolManager.ts index ad33bfb29d7..1c574733fd7 100644 --- a/packages/app-builder-lib/src/codeSign/windowsSignToolManager.ts +++ b/packages/app-builder-lib/src/codeSign/windowsSignToolManager.ts @@ -10,7 +10,6 @@ import { resolveFunction } from "../util/resolve" import { isUseSystemSigncode } from "../util/flags" import { VmManager } from "../vm/vm" import { WinPackager } from "../winPackager" -import { chooseNotNull } from "../platformPackager" import { WindowsSignOptions } from "./windowsCodeSign" import { getPSCmd } from "./windowsCodeSign" import { MemoLazy, parseDn } from "builder-util-runtime" @@ -76,7 +75,7 @@ export class WindowsSignToolManager implements SignManager { } readonly computedPublisherName = new Lazy | null>(async () => { - const publisherName = chooseNotNull(this.platformSpecificBuildOptions.signtoolOptions?.publisherName, this.platformSpecificBuildOptions.publisherName) + const publisherName = this.platformSpecificBuildOptions.signtoolOptions?.publisherName if (publisherName === null) { return null } else if (publisherName != null) { @@ -114,14 +113,14 @@ export class WindowsSignToolManager implements SignManager { readonly cscInfo = new MemoLazy( () => this.platformSpecificBuildOptions, platformSpecificBuildOptions => { - const subjectName = chooseNotNull(platformSpecificBuildOptions.signtoolOptions?.certificateSubjectName, platformSpecificBuildOptions.certificateSubjectName) - const shaType = chooseNotNull(platformSpecificBuildOptions.signtoolOptions?.certificateSha1, platformSpecificBuildOptions.certificateSha1) + const subjectName = platformSpecificBuildOptions.signtoolOptions?.certificateSubjectName + const shaType = platformSpecificBuildOptions.signtoolOptions?.certificateSha1 if (subjectName != null || shaType != null) { return this.packager.vm.value .then(vm => this.getCertificateFromStoreInfo(platformSpecificBuildOptions, vm)) .catch((e: any) => { // https://github.com/electron-userland/electron-builder/pull/2397 - if (chooseNotNull(platformSpecificBuildOptions.signtoolOptions?.sign, platformSpecificBuildOptions.sign) == null) { + if (platformSpecificBuildOptions.signtoolOptions?.sign == null) { throw e } else { log.debug({ error: e }, "getCertificateFromStoreInfo error") @@ -130,7 +129,7 @@ export class WindowsSignToolManager implements SignManager { }) } - const certificateFile = chooseNotNull(platformSpecificBuildOptions.signtoolOptions?.certificateFile, platformSpecificBuildOptions.certificateFile) + const certificateFile = platformSpecificBuildOptions.signtoolOptions?.certificateFile if (certificateFile != null) { const certificatePassword = this.packager.getCscPassword() return Promise.resolve({ @@ -184,7 +183,7 @@ export class WindowsSignToolManager implements SignManager { } async signFile(options: WindowsSignOptions): Promise { - let hashes = chooseNotNull(options.options.signtoolOptions?.signingHashAlgorithms, options.options.signingHashAlgorithms) + let hashes = options.options.signtoolOptions?.signingHashAlgorithms // msi does not support dual-signing if (options.path.endsWith(".msi")) { hashes = [hashes != null && !hashes.includes("sha1") ? "sha256" : "sha1"] @@ -199,7 +198,7 @@ export class WindowsSignToolManager implements SignManager { const name = this.packager.appInfo.productName const site = await this.packager.appInfo.computePackageUrl() - const customSign = await resolveFunction(this.packager.appInfo.type, chooseNotNull(options.options.signtoolOptions?.sign, options.options.sign), "sign") + const customSign = await resolveFunction(this.packager.appInfo.type, options.options.signtoolOptions?.sign, "sign") const cscInfo = await this.cscInfo.value if (cscInfo) { @@ -275,13 +274,11 @@ export class WindowsSignToolManager implements SignManager { const args = isWin ? ["sign"] : ["-in", inputFile, "-out", outputPath] if (process.env.ELECTRON_BUILDER_OFFLINE !== "true") { - const timestampingServiceUrl = chooseNotNull(options.options.signtoolOptions?.timeStampServer, options.options.timeStampServer) || "http://timestamp.digicert.com" + const timestampingServiceUrl = options.options.signtoolOptions?.timeStampServer || "http://timestamp.digicert.com" if (isWin) { args.push( options.isNest || options.hash === "sha256" ? "/tr" : "/t", - options.isNest || options.hash === "sha256" - ? chooseNotNull(options.options.signtoolOptions?.rfc3161TimeStampServer, options.options.rfc3161TimeStampServer) || "http://timestamp.digicert.com" - : timestampingServiceUrl + options.isNest || options.hash === "sha256" ? options.options.signtoolOptions?.rfc3161TimeStampServer || "http://timestamp.digicert.com" : timestampingServiceUrl ) } else { args.push("-t", timestampingServiceUrl) @@ -335,7 +332,7 @@ export class WindowsSignToolManager implements SignManager { args.push(isWin ? "/p" : "-pass", password) } - const additionalCert = chooseNotNull(options.options.signtoolOptions?.additionalCertificateFile, options.options.additionalCertificateFile) + const additionalCert = options.options.signtoolOptions?.additionalCertificateFile if (additionalCert) { args.push(isWin ? "/ac" : "-ac", vm.toVmFile(additionalCert)) } @@ -395,8 +392,8 @@ export class WindowsSignToolManager implements SignManager { } async getCertificateFromStoreInfo(options: WindowsConfiguration, vm: VmManager): Promise { - const certificateSubjectName = chooseNotNull(options.signtoolOptions?.certificateSubjectName, options.certificateSubjectName) - const certificateSha1 = chooseNotNull(options.signtoolOptions?.certificateSha1, options.certificateSha1)?.toUpperCase() + const certificateSubjectName = options.signtoolOptions?.certificateSubjectName + const certificateSha1 = options.signtoolOptions?.certificateSha1?.toUpperCase() const ps = await getPSCmd(vm) const rawResult = await vm.exec(ps, [ diff --git a/packages/app-builder-lib/src/index.ts b/packages/app-builder-lib/src/index.ts index 5d5ba0baf13..7a8383797b5 100644 --- a/packages/app-builder-lib/src/index.ts +++ b/packages/app-builder-lib/src/index.ts @@ -36,7 +36,7 @@ export { export { ElectronBrandingOptions, ElectronDownloadOptions, ElectronPlatformName } from "./electron/ElectronFramework" export { PlatformSpecificBuildOptions, AsarOptions, FileSet, Protocol, ReleaseInfo, FilesBuildOptions } from "./options/PlatformSpecificBuildOptions" export { FileAssociation } from "./options/FileAssociation" -export { MacConfiguration, DmgOptions, MasConfiguration, MacOsTargetName, DmgContent, DmgWindow, NotarizeNotaryOptions } from "./options/macOptions" +export { MacConfiguration, DmgOptions, MasConfiguration, MacOsTargetName, DmgContent, DmgWindow } from "./options/macOptions" export { PkgOptions, PkgBackgroundOptions, BackgroundAlignment, BackgroundScaling } from "./options/pkgOptions" export { WindowsConfiguration, WindowsAzureSigningConfiguration, WindowsSigntoolConfiguration } from "./options/winOptions" export { AppXOptions } from "./options/AppXOptions" diff --git a/packages/app-builder-lib/src/macPackager.ts b/packages/app-builder-lib/src/macPackager.ts index fb4031a9e40..49bf36748d2 100644 --- a/packages/app-builder-lib/src/macPackager.ts +++ b/packages/app-builder-lib/src/macPackager.ts @@ -8,7 +8,7 @@ import { AppInfo } from "./appInfo" import { CertType, CodeSigningInfo, createKeychain, CreateKeychainOptions, findIdentity, Identity, isSignAllowed, removeKeychain, reportError, sign } from "./codeSign/macCodeSign" import { DIR_TARGET, Platform, Target } from "./core" import { AfterPackContext, ElectronPlatformName } from "./index" -import { MacConfiguration, MasConfiguration, NotarizeNotaryOptions } from "./options/macOptions" +import { MacConfiguration, MasConfiguration } from "./options/macOptions" import { Packager } from "./packager" import { chooseNotNull, PlatformPackager } from "./platformPackager" import { ArchiveTarget } from "./targets/ArchiveTarget" @@ -531,18 +531,11 @@ export class MacPackager extends PlatformPackager { } private getNotarizeOptions(appPath: string): NotarizeOptionsNotaryTool | undefined { - let teamId = process.env.APPLE_TEAM_ID + const teamId = process.env.APPLE_TEAM_ID const appleId = process.env.APPLE_ID const appleIdPassword = process.env.APPLE_APP_SPECIFIC_PASSWORD - const options = this.platformSpecificBuildOptions.notarize const tool = "notarytool" - const optionsTeamId = (options as NotarizeNotaryOptions)?.teamId - if (optionsTeamId) { - log.warn(null, "Please specify notarization Team ID in the `APPLE_TEAM_ID` env var instead of `notarize.teamId`") - teamId = optionsTeamId - } - // option 1: app specific password if (appleId || appleIdPassword) { if (!appleId) { diff --git a/packages/app-builder-lib/src/options/macOptions.ts b/packages/app-builder-lib/src/options/macOptions.ts index 11703f5db77..9ae69a2b0c6 100644 --- a/packages/app-builder-lib/src/options/macOptions.ts +++ b/packages/app-builder-lib/src/options/macOptions.ts @@ -221,25 +221,17 @@ export interface MacConfiguration extends PlatformSpecificBuildOptions { readonly additionalArguments?: Array | null /** - * Options to use for @electron/notarize (ref: https://github.com/electron/notarize). - * Use `false` to explicitly disable + * Whether to disable electron-builder's [@electron/notarize](https://github.com/electron/notarize) integration. * * Note: In order to activate the notarization step You MUST specify one of the following via environment variables: + * * 1. `APPLE_API_KEY`, `APPLE_API_KEY_ID` and `APPLE_API_ISSUER`. * 2. `APPLE_ID`, `APPLE_APP_SPECIFIC_PASSWORD`, and `APPLE_TEAM_ID` * 3. `APPLE_KEYCHAIN` and `APPLE_KEYCHAIN_PROFILE` * * For security reasons it is recommended to use the first option (see https://github.com/electron-userland/electron-builder/issues/7859) */ - readonly notarize?: NotarizeNotaryOptions | boolean | null -} - -export interface NotarizeNotaryOptions { - /** - * The team ID you want to notarize under for when using `notarytool` - * @deprecated Set the `APPLE_TEAM_ID` environment variable instead - */ - readonly teamId?: string + readonly notarize?: boolean } export interface DmgOptions extends TargetSpecificOptions { diff --git a/packages/app-builder-lib/src/options/winOptions.ts b/packages/app-builder-lib/src/options/winOptions.ts index 84b3fc86c24..29de6e87a92 100644 --- a/packages/app-builder-lib/src/options/winOptions.ts +++ b/packages/app-builder-lib/src/options/winOptions.ts @@ -23,63 +23,6 @@ export interface WindowsConfiguration extends PlatformSpecificBuildOptions { */ readonly legalTrademarks?: string | null - /** - * Array of signing algorithms used. For AppX `sha256` is always used. - * @deprecated Please use {@link signtoolOptions}: {@link WindowsSigntoolConfiguration.signingHashAlgorithms} - */ - readonly signingHashAlgorithms?: Array<"sha1" | "sha256"> | null - /** - * The custom function (or path to file or module id) to sign Windows executables - * @deprecated Please use {@link signtoolOptions}: {@link WindowsSigntoolConfiguration.sign} - */ - readonly sign?: CustomWindowsSign | string | null - /** - * The path to the *.pfx certificate you want to sign with. Please use it only if you cannot use env variable `CSC_LINK` (`WIN_CSC_LINK`) for some reason. - * Please see [Code Signing](./code-signing.md). - * @deprecated Please use {@link signtoolOptions}: {@link WindowsSigntoolConfiguration.certificateFile} - */ - readonly certificateFile?: string | null - /** - * The password to the certificate provided in `certificateFile`. Please use it only if you cannot use env variable `CSC_KEY_PASSWORD` (`WIN_CSC_KEY_PASSWORD`) for some reason. - * Please see [Code Signing](./code-signing.md). - * @deprecated Please use {@link signtoolOptions}: {@link WindowsSigntoolConfiguration.certificatePassword} - */ - readonly certificatePassword?: string | null - /** - * The name of the subject of the signing certificate, which is often labeled with the field name `issued to`. Required only for EV Code Signing and works only on Windows (or on macOS if [Parallels Desktop](https://www.parallels.com/products/desktop/) Windows 10 virtual machines exits). - * @deprecated Please use {@link signtoolOptions}: {@link WindowsSigntoolConfiguration.certificateSubjectName} - */ - readonly certificateSubjectName?: string | null - /** - * The SHA1 hash of the signing certificate. The SHA1 hash is commonly specified when multiple certificates satisfy the criteria specified by the remaining switches. Works only on Windows (or on macOS if [Parallels Desktop](https://www.parallels.com/products/desktop/) Windows 10 virtual machines exits). - * @deprecated Please use {@link signtoolOptions}: {@link WindowsSigntoolConfiguration.certificateSha1} - */ - readonly certificateSha1?: string | null - /** - * The path to an additional certificate file you want to add to the signature block. - * @deprecated Please use {@link signtoolOptions}: {@link WindowsSigntoolConfiguration.additionalCertificateFile} - */ - readonly additionalCertificateFile?: string | null - /** - * The URL of the RFC 3161 time stamp server. - * @default http://timestamp.digicert.com - * @deprecated Please use {@link signtoolOptions}: {@link WindowsSigntoolConfiguration.rfc3161TimeStampServer} - */ - readonly rfc3161TimeStampServer?: string | null - /** - * The URL of the time stamp server. - * @default http://timestamp.digicert.com - * @deprecated Please use {@link signtoolOptions}: {@link WindowsSigntoolConfiguration.timeStampServer} - */ - readonly timeStampServer?: string | null - - /** - * [The publisher name](https://github.com/electron-userland/electron-builder/issues/1187#issuecomment-278972073), exactly as in your code signed certificate. Several names can be provided. - * Defaults to common name from your code signing certificate. - * @deprecated Please use {@link signtoolOptions}: {@link WindowsSigntoolConfiguration.publisherName} - */ - readonly publisherName?: string | Array | null - /** * Options for usage with signtool.exe */ @@ -111,14 +54,6 @@ export interface WindowsConfiguration extends PlatformSpecificBuildOptions { */ readonly signAndEditExecutable?: boolean - /** - * Whether to sign DLL files. Advanced option. - * @see https://github.com/electron-userland/electron-builder/issues/3101#issuecomment-404212384 - * @default false - * @deprecated Use {@link signExts} instead for more explicit control - */ - readonly signDlls?: boolean - /** * Explicit file extensions to also sign. Advanced option. * @see https://github.com/electron-userland/electron-builder/issues/7329 diff --git a/packages/app-builder-lib/src/winPackager.ts b/packages/app-builder-lib/src/winPackager.ts index 1ba4be7e093..e29bde660ef 100644 --- a/packages/app-builder-lib/src/winPackager.ts +++ b/packages/app-builder-lib/src/winPackager.ts @@ -115,13 +115,7 @@ export class WinPackager extends PlatformPackager { } doGetCscPassword(): string | undefined | null { - return chooseNotNull( - chooseNotNull( - chooseNotNull(this.platformSpecificBuildOptions.signtoolOptions?.certificatePassword, this.platformSpecificBuildOptions.certificatePassword), - process.env.WIN_CSC_KEY_PASSWORD - ), - super.doGetCscPassword() - ) + return chooseNotNull(chooseNotNull(this.platformSpecificBuildOptions.signtoolOptions?.certificatePassword, process.env.WIN_CSC_KEY_PASSWORD), super.doGetCscPassword()) } async sign(file: string): Promise { @@ -192,10 +186,8 @@ export class WinPackager extends PlatformPackager { hash.update(config.electronVersion || "no electronVersion") hash.update(JSON.stringify(this.platformSpecificBuildOptions)) hash.update(JSON.stringify(args)) - hash.update(chooseNotNull(this.platformSpecificBuildOptions.signtoolOptions?.certificateSha1, this.platformSpecificBuildOptions.certificateSha1) || "no certificateSha1") - hash.update( - chooseNotNull(this.platformSpecificBuildOptions.signtoolOptions?.certificateSubjectName, this.platformSpecificBuildOptions.certificateSubjectName) || "no subjectName" - ) + hash.update(this.platformSpecificBuildOptions.signtoolOptions?.certificateSha1 || "no certificateSha1") + hash.update(this.platformSpecificBuildOptions.signtoolOptions?.certificateSubjectName || "no subjectName") buildCacheManager = new BuildCacheManager(outDir, file, arch) if (await buildCacheManager.copyIfValid(await digest(hash, files))) { @@ -223,9 +215,8 @@ export class WinPackager extends PlatformPackager { } private shouldSignFile(file: string): boolean { - const shouldSignDll = this.platformSpecificBuildOptions.signDlls === true && file.endsWith(".dll") const shouldSignExplicit = !!this.platformSpecificBuildOptions.signExts?.some(ext => file.endsWith(ext)) - return shouldSignDll || shouldSignExplicit || file.endsWith(".exe") + return shouldSignExplicit || file.endsWith(".exe") } protected createTransformerForExtraFiles(packContext: AfterPackContext): FileTransformer | null { diff --git a/pages/mac.md b/pages/mac.md index e1753a1f506..0a64fdac8c0 100644 --- a/pages/mac.md +++ b/pages/mac.md @@ -3,7 +3,3 @@ The top-level [mac](configuration.md#mac) key contains set of options instructin ## Configuration {!./app-builder-lib.Interface.MacConfiguration.md!} - -## Notarize Configuration - - {!./app-builder-lib.Interface.NotarizeNotaryOptions.md!} diff --git a/pages/win.md b/pages/win.md index 79057412111..1a373c2fe8b 100644 --- a/pages/win.md +++ b/pages/win.md @@ -9,7 +9,9 @@ Use [sign](app-builder-lib.Interface.WindowsSigntoolConfiguration.md#sign) optio ```json "win": { - "sign": "./customSign.js" + "signtoolOptions": { + "sign": "./customSign.js" + } } ``` diff --git a/test/src/windows/appxTest.ts b/test/src/windows/appxTest.ts index 591224af0d2..d9852e1b3de 100644 --- a/test/src/windows/appxTest.ts +++ b/test/src/windows/appxTest.ts @@ -79,7 +79,9 @@ it2.ifNotCi( targets: Platform.WINDOWS.createTarget(["appx"], Arch.x64), config: { win: { - certificateSubjectName: "Foo", + signtoolOptions: { + certificateSubjectName: "Foo", + }, }, }, }) diff --git a/test/src/windows/oneClickInstallerTest.ts b/test/src/windows/oneClickInstallerTest.ts index b53c5eb4b19..80d46607f6f 100644 --- a/test/src/windows/oneClickInstallerTest.ts +++ b/test/src/windows/oneClickInstallerTest.ts @@ -32,7 +32,9 @@ test( targets: Platform.WINDOWS.createTarget(["nsis"], Arch.x64), config: { win: { - publisherName: "Foo, Inc", + signtoolOptions: { + publisherName: "Foo, Inc", + }, }, publish: { provider: "generic", diff --git a/test/src/windows/winCodeSignTest.ts b/test/src/windows/winCodeSignTest.ts index b2a0de01ad5..0b4dcefeeb2 100644 --- a/test/src/windows/winCodeSignTest.ts +++ b/test/src/windows/winCodeSignTest.ts @@ -40,9 +40,6 @@ function testCustomSign(sign: any) { platformPackagerFactory: (packager, platform) => new CheckingWinPackager(packager), config: { win: { - certificateFile: "deprecated", - certificatePassword: "deprecated", - sign: "deprecated", signtoolOptions: { certificatePassword: "pass", certificateFile: "secretFile", @@ -79,8 +76,10 @@ test.ifAll.ifNotCiMac("custom sign if no code sign info", () => { win: { // to be sure that sign code will be executed forceCodeSigning: true, - sign: async () => { - called = true + signtoolOptions: { + sign: async () => { + called = true + }, }, }, },