electron/script/codesign/gen-trust.ts

import * as cp from 'node:child_process';
import * as fs from 'node:fs';
import * as path from 'node:path';

const certificatePath = process.argv[2];
const outPath = process.argv[3];
const templatePath = path.resolve(__dirname, 'trust.xml');

const template = fs.readFileSync(templatePath, 'utf8');

const fingerprintResult = cp.spawnSync('openssl', ['x509', '-noout', '-fingerprint', '-sha1', '-in', certificatePath]);
if (fingerprintResult.status !== 0) {
  console.error(fingerprintResult.stderr.toString());
  process.exit(1);
}

const fingerprint = fingerprintResult.stdout.toString().replace(/^SHA1 Fingerprint=/, '').replace(/:/g, '').trim();

const serialResult = cp.spawnSync('openssl', ['x509', '-serial', '-noout', '-in', certificatePath]);
if (serialResult.status !== 0) {
  console.error(serialResult.stderr.toString());
  process.exit(1);
}

let serialHex = serialResult.stdout.toString().replace(/^serial=/, '').trim();
// Pad the serial number out to 18 hex chars
while (serialHex.length < 18) {
  serialHex = `0${serialHex}`;
}
const serialB64 = Buffer.from(serialHex, 'hex').toString('base64');

const trust = template
  .replace(/{{FINGERPRINT}}/g, fingerprint)
  .replace(/{{SERIAL_BASE64}}/g, serialB64);

fs.writeFileSync(outPath, trust);

console.log('Generated Trust Settings');
refactor: use node scheme imports in scripts (#38846) * refactor: use node scheme imports in script * refactor: use node scheme imports in build 2023-06-22 16:21:42 +02:00			`import * as cp from 'node:child_process';`
			`import * as fs from 'node:fs';`
			`import * as path from 'node:path';`
build: auto-generate the codesigning cert used for macOS CI testing runs (#17668) * build: auto-generate the codesigning cert used for macOS CI testing runs * build: give the cert ALL the trust values * chore: also import public key * idek 2020-03-18 18:00:42 -07:00
build: enable JS semicolons (#22783) 2020-03-20 13:28:31 -07:00			`const certificatePath = process.argv[2];`
			`const outPath = process.argv[3];`
			`const templatePath = path.resolve(__dirname, 'trust.xml');`
build: auto-generate the codesigning cert used for macOS CI testing runs (#17668) * build: auto-generate the codesigning cert used for macOS CI testing runs * build: give the cert ALL the trust values * chore: also import public key * idek 2020-03-18 18:00:42 -07:00
build: enable JS semicolons (#22783) 2020-03-20 13:28:31 -07:00			`const template = fs.readFileSync(templatePath, 'utf8');`
build: auto-generate the codesigning cert used for macOS CI testing runs (#17668) * build: auto-generate the codesigning cert used for macOS CI testing runs * build: give the cert ALL the trust values * chore: also import public key * idek 2020-03-18 18:00:42 -07:00
build: enable JS semicolons (#22783) 2020-03-20 13:28:31 -07:00			`const fingerprintResult = cp.spawnSync('openssl', ['x509', '-noout', '-fingerprint', '-sha1', '-in', certificatePath]);`
build: auto-generate the codesigning cert used for macOS CI testing runs (#17668) * build: auto-generate the codesigning cert used for macOS CI testing runs * build: give the cert ALL the trust values * chore: also import public key * idek 2020-03-18 18:00:42 -07:00			`if (fingerprintResult.status !== 0) {`
build: enable JS semicolons (#22783) 2020-03-20 13:28:31 -07:00			`console.error(fingerprintResult.stderr.toString());`
			`process.exit(1);`
build: auto-generate the codesigning cert used for macOS CI testing runs (#17668) * build: auto-generate the codesigning cert used for macOS CI testing runs * build: give the cert ALL the trust values * chore: also import public key * idek 2020-03-18 18:00:42 -07:00			`}`

build: enable JS semicolons (#22783) 2020-03-20 13:28:31 -07:00			`const fingerprint = fingerprintResult.stdout.toString().replace(/^SHA1 Fingerprint=/, '').replace(/:/g, '').trim();`
build: auto-generate the codesigning cert used for macOS CI testing runs (#17668) * build: auto-generate the codesigning cert used for macOS CI testing runs * build: give the cert ALL the trust values * chore: also import public key * idek 2020-03-18 18:00:42 -07:00
build: enable JS semicolons (#22783) 2020-03-20 13:28:31 -07:00			`const serialResult = cp.spawnSync('openssl', ['x509', '-serial', '-noout', '-in', certificatePath]);`
build: auto-generate the codesigning cert used for macOS CI testing runs (#17668) * build: auto-generate the codesigning cert used for macOS CI testing runs * build: give the cert ALL the trust values * chore: also import public key * idek 2020-03-18 18:00:42 -07:00			`if (serialResult.status !== 0) {`
build: enable JS semicolons (#22783) 2020-03-20 13:28:31 -07:00			`console.error(serialResult.stderr.toString());`
			`process.exit(1);`
build: auto-generate the codesigning cert used for macOS CI testing runs (#17668) * build: auto-generate the codesigning cert used for macOS CI testing runs * build: give the cert ALL the trust values * chore: also import public key * idek 2020-03-18 18:00:42 -07:00			`}`

build: enable JS semicolons (#22783) 2020-03-20 13:28:31 -07:00			`let serialHex = serialResult.stdout.toString().replace(/^serial=/, '').trim();`
build: auto-generate the codesigning cert used for macOS CI testing runs (#17668) * build: auto-generate the codesigning cert used for macOS CI testing runs * build: give the cert ALL the trust values * chore: also import public key * idek 2020-03-18 18:00:42 -07:00			`// Pad the serial number out to 18 hex chars`
			`while (serialHex.length < 18) {`
build: enable JS semicolons (#22783) 2020-03-20 13:28:31 -07:00			serialHex = `0${serialHex}`;
build: auto-generate the codesigning cert used for macOS CI testing runs (#17668) * build: auto-generate the codesigning cert used for macOS CI testing runs * build: give the cert ALL the trust values * chore: also import public key * idek 2020-03-18 18:00:42 -07:00			`}`
build: enable JS semicolons (#22783) 2020-03-20 13:28:31 -07:00			`const serialB64 = Buffer.from(serialHex, 'hex').toString('base64');`
build: auto-generate the codesigning cert used for macOS CI testing runs (#17668) * build: auto-generate the codesigning cert used for macOS CI testing runs * build: give the cert ALL the trust values * chore: also import public key * idek 2020-03-18 18:00:42 -07:00
			`const trust = template`
			`.replace(/{{FINGERPRINT}}/g, fingerprint)`
build: enable JS semicolons (#22783) 2020-03-20 13:28:31 -07:00			`.replace(/{{SERIAL_BASE64}}/g, serialB64);`
build: auto-generate the codesigning cert used for macOS CI testing runs (#17668) * build: auto-generate the codesigning cert used for macOS CI testing runs * build: give the cert ALL the trust values * chore: also import public key * idek 2020-03-18 18:00:42 -07:00
build: enable JS semicolons (#22783) 2020-03-20 13:28:31 -07:00			`fs.writeFileSync(outPath, trust);`
build: auto-generate the codesigning cert used for macOS CI testing runs (#17668) * build: auto-generate the codesigning cert used for macOS CI testing runs * build: give the cert ALL the trust values * chore: also import public key * idek 2020-03-18 18:00:42 -07:00
build: enable JS semicolons (#22783) 2020-03-20 13:28:31 -07:00			`console.log('Generated Trust Settings');`