From 60b403e9047cb36743ceb9360b1802d1edb6f6e8 Mon Sep 17 00:00:00 2001 From: Will Chen Date: Tue, 29 Apr 2025 22:00:48 -0700 Subject: [PATCH] windows code-sign (follow electron-fiddle) --- .github/workflows/release.yml | 9 +++++++-- forge.config.ts | 4 +++- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5d38d9f..f0cbd1f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -57,10 +57,15 @@ jobs: - name: Code signing with Software Trust Manager if: contains(matrix.os.name, 'windows') uses: digicert/ssm-code-signing@v1.0.0 - # Publish (all platforms) + - name: Sync certificate (Windows) + if: contains(matrix.os.name, 'windows') + run: | + smctl windows certsync --keypair-alias=${{ secrets.DIGICERT_KEYPAIR_ALIAS }} + shell: bash + # Publish (all platforms) - name: Publish app env: - DIGICERT_KEYPAIR_ALIAS: ${{ secrets.DIGICERT_KEYPAIR_ALIAS }} + SM_CODE_SIGNING_CERT_SHA1_HASH: ${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} APPLE_ID: ${{ secrets.APPLE_ID }} diff --git a/forge.config.ts b/forge.config.ts index 55da8d2..1bf7cef 100644 --- a/forge.config.ts +++ b/forge.config.ts @@ -68,7 +68,9 @@ const config: ForgeConfig = { }, makers: [ new MakerSquirrel({ - signWithParams: `/csp "DigiCert Signing Manager KSP" /kc ${process.env.DIGICERT_KEYPAIR_ALIAS} /f ${process.env.SM_CLIENT_CERT_FILE} /tr http://timestamp.digicert.com /td SHA256 /fd SHA256`, + signWithParams: `/sha1 ${process.env.SM_CODE_SIGNING_CERT_SHA1_HASH} /tr http://timestamp.digicert.com /td SHA256 /fd SHA256`, + + // signWithParams: `/csp "DigiCert Signing Manager KSP" /kc ${process.env.DIGICERT_KEYPAIR_ALIAS} /f ${process.env.SM_CLIENT_CERT_FILE} /tr http://timestamp.digicert.com /td SHA256 /fd SHA256`, // windowsSign: { // certificateFile: process.env.SM_CLIENT_CERT_FILE,