feat: base64-encoded P12 file instead of https link

electron-userland · May 9, 2016 · 3ab0e57 · 3ab0e57
1 parent 7d5b747
commit 3ab0e57
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 10 deletions.
diff --git a/docs/Code Signing.md b/docs/Code Signing.md
@@ -4,9 +4,9 @@ On a development machine set environment variable `CSC_NAME` (and `CSC_INSTALLER
 
 | Env name       |  Description
 | -------------- | -----------
-| `CSC_LINK`                   | The HTTPS link to certificate (`*.p12` file).
+| `CSC_LINK`                   | The HTTPS link (or base64-encoded data) to certificate (`*.p12` file).
 | `CSC_KEY_PASSWORD`           | The password to decrypt the certificate given in `CSC_LINK`.
-| `CSC_INSTALLER_LINK`         | *osx-only* The HTTPS link to certificate to sign Mac App Store build (`*.p12` file).
+| `CSC_INSTALLER_LINK`         | *osx-only* The HTTPS link (or base64-encoded data) to certificate to sign Mac App Store build (`*.p12` file).
 | `CSC_INSTALLER_KEY_PASSWORD` | *osx-only* The password to decrypt the certificate given in `CSC_INSTALLER_LINK`.
 | `CSC_NAME`                   | *osx-only* Name of certificate (to retrieve from login.keychain). Useful on a development machine (not on CI).
 | `CSC_INSTALLER_NAME`         | *osx-only* Name of installer certificate (to retrieve from login.keychain). Useful on a development machine (not on CI).
@@ -25,4 +25,9 @@ To sign app on build server you need to set `CSC_LINK`, `CSC_KEY_PASSWORD` (and
 ```
 travis encrypt "CSC_LINK='https://drive.google.com/uc?export=download&id=***'" --add
 travis encrypt 'CSC_KEY_PASSWORD=beAwareAboutBashEscaping!!!' --add
-```
+```
+
+# Where to buy certificate
+
+[StartSSL](https://startssl.com/Support?v=34) is recommended.
+It can be used to sign OS X app also, so, you don't need to buy Apple Certificate in addition (please note, it works, but we are waiting official confirmation).
diff --git a/docs/Publishing Artifacts.md b/docs/Publishing Artifacts.md
@@ -17,7 +17,7 @@ But please consider using automatic rules instead of explicitly specifying `publ
 
 * If CI server detected, — `onTagOrDraft`.
 
- > **NOTICE**: _This is the recommended workflow._
+  **NOTICE**: _This is the recommended workflow._
 
  1. [Draft a new release](https://help.github.com/articles/creating-releases/). Set the "Tag version" to the value of `version` in your application `package.json`, and prefix it with `v`. "Release title" can be anything you want.
    - For example, if your application `package.json` version is `1.0`, your draft's "Tag version" would be `v1.0`.

diff --git a/src/codeSign.ts b/src/codeSign.ts
@@ -1,5 +1,5 @@
 import { exec } from "./util"
-import { deleteFile } from "fs-extra-p"
+import { deleteFile, outputFile } from "fs-extra-p"
 import { download } from "./httpRequest"
 import { tmpdir } from "os"
 import * as path from "path"
@@ -25,6 +25,15 @@ export function generateKeychainName(): string {
   return "csc-" + randomString() + ".keychain"
 }
 
+function downloadUrlOrBase64(urlOrBase64: string, destination: string): BluebirdPromise<any> {
+  if (urlOrBase64.startsWith("https://")) {
+    return download(urlOrBase64, destination)
+  }
+  else {
+    return outputFile(destination, Buffer.from(urlOrBase64, "base64"))
+  }
+}
+
 export function createKeychain(keychainName: string, cscLink: string, cscKeyPassword: string, cscILink?: string | null, cscIKeyPassword?: string | null, csaLink?: string | null): Promise<CodeSigningInfo> {
   const certLinks = csaLink == null ? [] : [csaLink]
   certLinks.push(cscLink)
@@ -35,7 +44,7 @@ export function createKeychain(keychainName: string, cscLink: string, cscKeyPass
   const certPaths = certLinks.map(it => path.join(tmpdir(), randomString() + (it.endsWith(".cer") ? ".cer" : ".p12")))
   const keychainPassword = randomString()
   return executeFinally(BluebirdPromise.all([
-      BluebirdPromise.map(certPaths, (p, i) => download(certLinks[i], p)),
+      BluebirdPromise.map(certPaths, (p, i) => downloadUrlOrBase64(certLinks[i], p)),
       BluebirdPromise.mapSeries([
         ["create-keychain", "-p", keychainPassword, keychainName],
         ["unlock-keychain", "-p", keychainPassword, keychainName],
@@ -121,6 +130,6 @@ export function deleteKeychain(keychainName: string, ignoreNotFound: boolean = t
 
 export function downloadCertificate(cscLink: string): Promise<string> {
   const certPath = path.join(tmpdir(), randomString() + ".p12")
-  return download(cscLink, certPath)
+  return downloadUrlOrBase64(cscLink, certPath)
     .thenReturn(certPath)
 }
diff --git a/test/src/ArtifactPublisherTest.ts b/test/src/ArtifactPublisherTest.ts
@@ -14,7 +14,7 @@ function versionNumber() {
   return getRandomInt(0, 99) + "." + Date.now() + "." + getRandomInt(0, 9)
 }
 
-const token = new Buffer("Y2Y5NDdhZDJhYzJlMzg1OGNiNzQzYzcwOWZhNGI0OTk2NWQ4ZDg3Yg==", "base64").toString()
+const token = Buffer.from("Y2Y5NDdhZDJhYzJlMzg1OGNiNzQzYzcwOWZhNGI0OTk2NWQ4ZDg3Yg==", "base64").toString()
 const iconPath = join(__dirname, "..", "fixtures", "test-app", "build", "icon.icns")
 
 //test("GitHub unauthorized", async (t) => {

diff --git a/test/src/helpers/codeSignData.ts b/test/src/helpers/codeSignData.ts
@@ -1,7 +1,7 @@
-export const CSC_LINK = "https://www.dropbox.com/s/86zaffzbao198xe/test.p12?dl=1"
+export const CSC_LINK = "MIIJswIBAzCCCXoGCSqGSIb3DQEHAaCCCWsEgglnMIIJYzCCA/cGCSqGSIb3DQEHBqCCA+gwggPkAgEAMIID3QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQI2SKzGO/uwG8CAggAgIIDsMYNqJuz2AeP3e0bKRMs8ZXLGEUlp32kxtt+qf7w1TyKjDq4DZ8YfycDhwPZ2+i75gB8htkyU7cKF1B4Je8x7vTHkJSAooPJyNqzpJCPEsGSN6XvO4Uq9JLPEG41PabOJQpb6FEEF6azReuEx9gf/SG39UsGb+mDYHOWJtCnR1Rlq0ZHTwEL+37NXjkzUz9C2jxccC+Dd0SEiwX9WBeulsJoWSWCpvmN3Ssp3r4E+ka8KCQHyg0YeYe6Z8QRtnv59RyPXsP9UAnqMTufc8xlZBQCFE+0Vvxatzvi3OI5yeVmne3OtzqJd3dWnPp6hi5+nJeQXbFfIOJdPahEV5XMxCRW0+8LTjOM8E7sIVUnlHhVHhZxN1QOZF4nvoEBOvf2C/SMLqVGT5RwBzdg7rc4BIXmwkqiORQj9dvM8CU9oOcwsfS98qW/9NVmNjy25wWyBwVI52eg0EO6yVsaXKtSQIqKstv2o2EGfyY+bGxpMSGXufrER/0M5Lq+63m+yJ454mjvAku1CFQ6vtriNvHSu6GkugZmLEw9Jpo5nucKAG7EPe1QwdNhKyWjXRA2IwEchXoWcXML8sBQ4z6ENtefVAmaL6VBiYLn89bmKb+iS58vIz+G9rGw5MchzjrA9FcSzUMnZ85yoPDVuv1W+nKdOkyeepk0gQoQ5PYL4GkrS6u/WRVwzeHKFv4BfLR3ze8t0VL5ayEjjX71HKG+xurjXPEFiR5mqyxKoKhz1uHMg/Zfwh47lAaepKzEtXE0v3Hf/Nauz4GurUrfr5WZvz3BwVYI/xc9H1xMo1+5irMWb3JDN/WTKmlIi5TmwkHLnLDQrv0I08NIlAFxW4e+B2mhLf7Z9pDHS0WTaFvaT7E3+mHlLF6VUaeFqgoTP0JvZr2hhTeM1/w/40XKdeQzugB3FGA8hwgtDHKMRx1bwQ+S2mrqrPIx6Jr7Mh4wwGlbVjcsbbnqpUUXmGcSyDG1/e5j94ZfPcMzTPehJmCOTGxcWtglhW4vzeZIyc40rs4HQj5h5eQeDD1QUsDzpYe0k+IFMEm1rXp13jGU4WMlD7bCkm3OmX1FexErI0YCu94FWWRbbFWFiCKdiltfzEWtZCV943Xs+IJvUErYMwbE9YoebVW1KEdVdfp514oYctCAM+7jilFydP6QdcWmfitofiNU5DwhP3VPO6zPQG36nV5Mal6/DajesOfJ6PMsEUIAe+HM+qCA77J6QCZSSYxSk44jme/hww7I/6SokiDhQmOKUnmWMIIFZAYJKoZIhvcNAQcBoIIFVQSCBVEwggVNMIIFSQYLKoZIhvcNAQwKAQKgggTuMIIE6jAcBgoqhkiG9w0BDAEDMA4ECIGfOcJzuE6qAgIIAASCBMhDDSl6d8JQjOOyCWD4yyufPYtRGh63BFMspTuK1/UbL62Qyp/eub2T8V+KkPqKukoW6QxmLZ52H1inZ06hDJWVXCtrm443O9WYTIdL4cxinvPmc13WhSmDHovcfDAcK/p8cZnKn5n4bQpfbrffzJchCVHEuPRnY0N9Jd/cvtceNKCOA5VdLhoXtiLxmFcQaE2sgGptasPfjGbaZ3YJpB4Ok3KUxL2BSQxi4AecTUjEXi9uILIxjQzVhyhR1wRO7rSh0VMvLcfTedMa2UgHzwzqktsUuEEgQk1ZagUYGoneSDYNSgWnw5uT+MdNfiTSCGZ1ag1vix/3VZ8IEhTSw+jV0ycIR/oZliq/yKiZrHYG1z+TARyCwna6sn03Zw1mPsUJrOdgVqJ9vKt16asDZkCXz5kej1d1Q8c9cG8L/C9SifIEjjyMTYX7lwpC8b1xqZx/f9C5MZ+fvTa1b+5JXAYTTA8h0iqxCffTSanN96bBzp6ZV5Xyo7ihuAStZDZi65QSuVKl18M0uowvaSXrFrA77WuxJjgkbuoN8jRMaoRf2a7g0TBsytkdkUR8xG+cilKwnzDpkv7P8bkGprH8LNCk4zl3mJdJjhhd1C8aAoLkB2KXq3Om0+pPyKIXe47uh2rC4S3jguGjVQRdAzLTAhvFNQjbzppqmGRHO0o35qzByHhVcOnjBJZbbK39skxGnOI66koJO2ZooWhJZsAPxhtY7+gHuZp6HLOFXy01c+TC6bY/j/VAQUCwaJy85F2tGIo4Aeh85NrkqzClnJe7jIQiqw4cngcxMSOMXSnM8hpO8LT45gIc969nclVnNgIvdemN7vgkP7MnBTiPHfg7hXEwbozTlaEccLgQXFUErcsJIM6MuaeR43japmGrru/OMJBOVwFfaMOZ53ipJS8lKnVjFrhkRh+pm8Md0eMv2ejla1mYTRNhwqan4f4b3HpK0HKtXmozg6/MQzOxNlbn1KkEz4bz+rwnM1QdHJ9xZ6gN0TZOjD0lYhcGHwZ6/llxRLrh9op440wqrQGTPmiceBC0e/aly+x+lpWo191DjlUML0TOp85WdaHAzfuWqDkHGl/qpHhGei1t+T1QHaZ66OE/IbSz576xKm3XEwstfzv5sCST0ZRuynDoTaM0J/waG4GwenbP4pYjmOmk6EWU8hVhO+kFRhFfu/EISZTV79zDhtW4FFSg9UGTV75XeWcCETwJg71rs93S9bKLuCmKMBY+iW9mYatQdVrCsSnAoVQlLHmqp//pJ1ELZtQX0gPWhRXJFt+EmLYvIYia/dcd9yIBgAKZqm51eI4pOI+Xg/54BQG35uLRoGzCzN4GnzgQZJQ2sfWy8KVxQaiW0xGT7O57sintgleFQHAZcgc5ImgDsWD4NLSjvES4eUYML3CnxyiAzc0jyhs9Xsm5B+25XmSL/vcMxRw1NWvLIvg0h5CSjD4XuNdaK/aG5tv9uhN4DzVJx8LaEGGGEAQ/j5Re+MPgzkuGlmw6//ev9h0tUQqwLvn7Sfl/GqU2Rc9PaFcIjmdBWpA4DTJFBI75AOSDuB6gntw0hp+OKipI84Csv5Te8TrzmgakA/s5WVxemMm/YwxJkrYUiiFgIMdrOsMys1o/9gS5h0WipksxSDAhBgkqhkiG9w0BCRQxFB4SAFQAZQBzAHQAIABUAGUAcwB0MCMGCSqGSIb3DQEJFTEWBBSvQomPBYWDJ+g/PeAuSnApMDa0RjAwMCEwCQYFKw4DAhoFAAQU9YxuiT/5yg/tVaYH8kwDgw3HvFAECE50WYPZs6V2AgEB"
 export const CSC_KEY_PASSWORD = "password"
 
-export const CSC_INSTALLER_LINK = "https://www.dropbox.com/s/2drwf5owgoqxkr3/test-installer.p12?dl=1"
+export const CSC_INSTALLER_LINK = "https://drive.google.com/uc?export=download&id=0Bz3JwZ-jqfRONTkzTGlsMkM2TlE"
 export const CSC_INSTALLER_KEY_PASSWORD = "password"
 
 export const CSC_NAME = "Test Test"