Skip to content

Commit 5668dc2

Browse files
MstrodlMstrodl
authored
fix: windowsCodeSign - don't use osslsigncode in a vm! (#7275)
1 parent 6445d53 commit 5668dc2

File tree

2 files changed

+14
-8
lines changed

2 files changed

+14
-8
lines changed

.changeset/spotty-vans-pay.md

+5
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
---
2+
"app-builder-lib": patch
3+
---
4+
5+
Fixes a bug where signtool might not be used in a windows VM

packages/app-builder-lib/src/codeSign/windowsCodeSign.ts

+9-8
Original file line numberDiff line numberDiff line change
@@ -145,19 +145,20 @@ export async function getCertificateFromStoreInfo(options: WindowsConfiguration,
145145
export async function doSign(configuration: CustomWindowsSignTaskConfiguration, packager: WinPackager) {
146146
// https://github.com/electron-userland/electron-builder/pull/1944
147147
const timeout = parseInt(process.env.SIGNTOOL_TIMEOUT as any, 10) || 10 * 60 * 1000
148-
// unify logic of signtool path location
149-
const toolInfo = await getToolPath()
150-
const tool = toolInfo.path
151148
// decide runtime argument by cases
152149
let args: Array<string>
153150
let env = process.env
154151
let vm: VmManager
155-
if (configuration.path.endsWith(".appx") || !("file" in configuration.cscInfo!) /* certificateSubjectName and other such options */) {
152+
const vmRequired = configuration.path.endsWith(".appx") || !("file" in configuration.cscInfo!) /* certificateSubjectName and other such options */
153+
const isWin = process.platform === "win32" || vmRequired
154+
const toolInfo = await getToolPath(isWin)
155+
const tool = toolInfo.path
156+
if (vmRequired) {
156157
vm = await packager.vm.value
157-
args = computeSignToolArgs(configuration, true, vm)
158+
args = computeSignToolArgs(configuration, isWin, vm)
158159
} else {
159160
vm = new VmManager()
160-
args = configuration.computeSignToolArgs(process.platform === "win32")
161+
args = configuration.computeSignToolArgs(isWin)
161162
if (toolInfo.env != null) {
162163
env = toolInfo.env
163164
}
@@ -292,7 +293,7 @@ function getWinSignTool(vendorPath: string): string {
292293
}
293294
}
294295

295-
async function getToolPath(): Promise<ToolInfo> {
296+
async function getToolPath(isWin = process.platform === "win32"): Promise<ToolInfo> {
296297
if (isUseSystemSigncode()) {
297298
return { path: "osslsigncode" }
298299
}
@@ -303,7 +304,7 @@ async function getToolPath(): Promise<ToolInfo> {
303304
}
304305

305306
const vendorPath = await getSignVendorPath()
306-
if (process.platform === "win32") {
307+
if (isWin) {
307308
// use modern signtool on Windows Server 2012 R2 to be able to sign AppX
308309
return { path: getWinSignTool(vendorPath) }
309310
} else if (process.platform === "darwin") {

0 commit comments

Comments
 (0)