electron/script/codesign/gen-trust.js

const cp = require('child_process');
const fs = require('fs');
const path = require('path');

const certificatePath = process.argv[2];
const outPath = process.argv[3];
const templatePath = path.resolve(__dirname, 'trust.xml');

const template = fs.readFileSync(templatePath, 'utf8');

const fingerprintResult = cp.spawnSync('openssl', ['x509', '-noout', '-fingerprint', '-sha1', '-in', certificatePath]);
if (fingerprintResult.status !== 0) {
  console.error(fingerprintResult.stderr.toString());
  process.exit(1);
}

const fingerprint = fingerprintResult.stdout.toString().replace(/^SHA1 Fingerprint=/, '').replace(/:/g, '').trim();

const serialResult = cp.spawnSync('openssl', ['x509', '-serial', '-noout', '-in', certificatePath]);
if (serialResult.status !== 0) {
  console.error(serialResult.stderr.toString());
  process.exit(1);
}

let serialHex = serialResult.stdout.toString().replace(/^serial=/, '').trim();
// Pad the serial number out to 18 hex chars
while (serialHex.length < 18) {
  serialHex = `0${serialHex}`;
}
const serialB64 = Buffer.from(serialHex, 'hex').toString('base64');

const trust = template
  .replace(/{{FINGERPRINT}}/g, fingerprint)
  .replace(/{{SERIAL_BASE64}}/g, serialB64);

fs.writeFileSync(outPath, trust);

console.log('Generated Trust Settings');
build: enable JS semicolons (#22783) 2020-03-20 20:28:31 +00:00			`const cp = require('child_process');`
			`const fs = require('fs');`
			`const path = require('path');`
build: auto-generate the codesigning cert used for macOS CI testing runs (#17668) * build: auto-generate the codesigning cert used for macOS CI testing runs * build: give the cert ALL the trust values * chore: also import public key * idek 2020-03-19 01:00:42 +00:00
build: enable JS semicolons (#22783) 2020-03-20 20:28:31 +00:00			`const certificatePath = process.argv[2];`
			`const outPath = process.argv[3];`
			`const templatePath = path.resolve(__dirname, 'trust.xml');`
build: auto-generate the codesigning cert used for macOS CI testing runs (#17668) * build: auto-generate the codesigning cert used for macOS CI testing runs * build: give the cert ALL the trust values * chore: also import public key * idek 2020-03-19 01:00:42 +00:00
build: enable JS semicolons (#22783) 2020-03-20 20:28:31 +00:00			`const template = fs.readFileSync(templatePath, 'utf8');`
build: auto-generate the codesigning cert used for macOS CI testing runs (#17668) * build: auto-generate the codesigning cert used for macOS CI testing runs * build: give the cert ALL the trust values * chore: also import public key * idek 2020-03-19 01:00:42 +00:00
build: enable JS semicolons (#22783) 2020-03-20 20:28:31 +00:00			`const fingerprintResult = cp.spawnSync('openssl', ['x509', '-noout', '-fingerprint', '-sha1', '-in', certificatePath]);`
build: auto-generate the codesigning cert used for macOS CI testing runs (#17668) * build: auto-generate the codesigning cert used for macOS CI testing runs * build: give the cert ALL the trust values * chore: also import public key * idek 2020-03-19 01:00:42 +00:00			`if (fingerprintResult.status !== 0) {`
build: enable JS semicolons (#22783) 2020-03-20 20:28:31 +00:00			`console.error(fingerprintResult.stderr.toString());`
			`process.exit(1);`
build: auto-generate the codesigning cert used for macOS CI testing runs (#17668) * build: auto-generate the codesigning cert used for macOS CI testing runs * build: give the cert ALL the trust values * chore: also import public key * idek 2020-03-19 01:00:42 +00:00			`}`

build: enable JS semicolons (#22783) 2020-03-20 20:28:31 +00:00			`const fingerprint = fingerprintResult.stdout.toString().replace(/^SHA1 Fingerprint=/, '').replace(/:/g, '').trim();`
build: auto-generate the codesigning cert used for macOS CI testing runs (#17668) * build: auto-generate the codesigning cert used for macOS CI testing runs * build: give the cert ALL the trust values * chore: also import public key * idek 2020-03-19 01:00:42 +00:00
build: enable JS semicolons (#22783) 2020-03-20 20:28:31 +00:00			`const serialResult = cp.spawnSync('openssl', ['x509', '-serial', '-noout', '-in', certificatePath]);`
build: auto-generate the codesigning cert used for macOS CI testing runs (#17668) * build: auto-generate the codesigning cert used for macOS CI testing runs * build: give the cert ALL the trust values * chore: also import public key * idek 2020-03-19 01:00:42 +00:00			`if (serialResult.status !== 0) {`
build: enable JS semicolons (#22783) 2020-03-20 20:28:31 +00:00			`console.error(serialResult.stderr.toString());`
			`process.exit(1);`
build: auto-generate the codesigning cert used for macOS CI testing runs (#17668) * build: auto-generate the codesigning cert used for macOS CI testing runs * build: give the cert ALL the trust values * chore: also import public key * idek 2020-03-19 01:00:42 +00:00			`}`

build: enable JS semicolons (#22783) 2020-03-20 20:28:31 +00:00			`let serialHex = serialResult.stdout.toString().replace(/^serial=/, '').trim();`
build: auto-generate the codesigning cert used for macOS CI testing runs (#17668) * build: auto-generate the codesigning cert used for macOS CI testing runs * build: give the cert ALL the trust values * chore: also import public key * idek 2020-03-19 01:00:42 +00:00			`// Pad the serial number out to 18 hex chars`
			`while (serialHex.length < 18) {`
build: enable JS semicolons (#22783) 2020-03-20 20:28:31 +00:00			serialHex = `0${serialHex}`;
build: auto-generate the codesigning cert used for macOS CI testing runs (#17668) * build: auto-generate the codesigning cert used for macOS CI testing runs * build: give the cert ALL the trust values * chore: also import public key * idek 2020-03-19 01:00:42 +00:00			`}`
build: enable JS semicolons (#22783) 2020-03-20 20:28:31 +00:00			`const serialB64 = Buffer.from(serialHex, 'hex').toString('base64');`
build: auto-generate the codesigning cert used for macOS CI testing runs (#17668) * build: auto-generate the codesigning cert used for macOS CI testing runs * build: give the cert ALL the trust values * chore: also import public key * idek 2020-03-19 01:00:42 +00:00
			`const trust = template`
			`.replace(/{{FINGERPRINT}}/g, fingerprint)`
build: enable JS semicolons (#22783) 2020-03-20 20:28:31 +00:00			`.replace(/{{SERIAL_BASE64}}/g, serialB64);`
build: auto-generate the codesigning cert used for macOS CI testing runs (#17668) * build: auto-generate the codesigning cert used for macOS CI testing runs * build: give the cert ALL the trust values * chore: also import public key * idek 2020-03-19 01:00:42 +00:00
build: enable JS semicolons (#22783) 2020-03-20 20:28:31 +00:00			`fs.writeFileSync(outPath, trust);`
build: auto-generate the codesigning cert used for macOS CI testing runs (#17668) * build: auto-generate the codesigning cert used for macOS CI testing runs * build: give the cert ALL the trust values * chore: also import public key * idek 2020-03-19 01:00:42 +00:00
build: enable JS semicolons (#22783) 2020-03-20 20:28:31 +00:00			`console.log('Generated Trust Settings');`