mirror of https://github.com/keeweb/keeweb.git
sign files inside desktop updates
This commit is contained in:
antelle
parent
6deab5f022
commit
413b643d4b
32
Gruntfile.js
32
Gruntfile.js
|
|
@ -180,6 +180,18 @@ module.exports = function(grunt) {
|
|||
expand: true,
|
||||
nonull: true
|
||||
},
|
||||
'desktop-update': {
|
||||
cwd: 'tmp/desktop/app/',
|
||||
src: '**',
|
||||
dest: 'tmp/desktop/update/',
|
||||
expand: true,
|
||||
nonull: true
|
||||
},
|
||||
'desktop-update-helper': {
|
||||
src: ['helper/darwin/KeeWebHelper', 'helper/win32/KeeWebHelper.exe'],
|
||||
dest: 'tmp/desktop/update/',
|
||||
nonull: true
|
||||
},
|
||||
'desktop-windows-helper-ia32': {
|
||||
src: 'helper/win32/KeeWebHelper.exe',
|
||||
dest: 'tmp/desktop/KeeWeb-win32-ia32/resources/app/',
|
||||
|
|
@ -387,12 +399,7 @@ module.exports = function(grunt) {
|
|||
'desktop-update': {
|
||||
options: { archive: 'dist/desktop/UpdateDesktop.zip', comment: zipCommentPlaceholder },
|
||||
files: [
|
||||
{ cwd: 'tmp/desktop/app', src: '**', expand: true, nonull: true },
|
||||
{ src: 'helper', nonull: true },
|
||||
{ src: 'helper/darwin', nonull: true },
|
||||
{ src: 'helper/darwin/KeeWebHelper', nonull: true },
|
||||
{ src: 'helper/win32', nonull: true },
|
||||
{ src: 'helper/win32/KeeWebHelper.exe', nonull: true }
|
||||
{ cwd: 'tmp/desktop/update', src: '**', expand: true, nonull: true }
|
||||
]
|
||||
},
|
||||
'win32-x64': {
|
||||
|
|
@ -526,6 +533,14 @@ module.exports = function(grunt) {
|
|||
}
|
||||
}
|
||||
},
|
||||
'sign-desktop-files': {
|
||||
'desktop-update': {
|
||||
options: {
|
||||
path: 'tmp/desktop/update',
|
||||
privateKey: 'keys/private-key.pem'
|
||||
}
|
||||
}
|
||||
},
|
||||
'validate-desktop-update': {
|
||||
desktop: {
|
||||
options: {
|
||||
|
|
@ -536,7 +551,7 @@ module.exports = function(grunt) {
|
|||
'helper/darwin/KeeWebHelper',
|
||||
'helper/win32/KeeWebHelper.exe'
|
||||
],
|
||||
expectedCount: 15,
|
||||
expectedCount: 16,
|
||||
publicKey: 'app/resources/public-key.pem'
|
||||
}
|
||||
}
|
||||
|
|
@ -659,6 +674,9 @@ module.exports = function(grunt) {
|
|||
]);
|
||||
|
||||
grunt.registerTask('build-desktop-update', [
|
||||
'copy:desktop-update',
|
||||
'copy:desktop-update-helper',
|
||||
'sign-desktop-files:desktop-update',
|
||||
'compress:desktop-update',
|
||||
'sign-archive:desktop-update',
|
||||
'validate-desktop-update'
|
||||
|
|
|
|||
|
|
@ -0,0 +1,42 @@
|
|||
module.exports = function (grunt) {
|
||||
grunt.registerMultiTask('sign-desktop-files', 'Signs desktop files', function () {
|
||||
const fs = require('fs');
|
||||
const path = require('path');
|
||||
const crypto = require('crypto');
|
||||
const appPath = this.options().path;
|
||||
const privateKey = grunt.file.read(this.options().privateKey, { encoding: null });
|
||||
|
||||
const signatures = {};
|
||||
const signedFiles = [];
|
||||
walk(appPath);
|
||||
|
||||
const data = JSON.stringify(signatures);
|
||||
signatures.self = getSignature(Buffer.from(data));
|
||||
grunt.file.write(path.join(appPath, 'signatures.json'), JSON.stringify(signatures));
|
||||
|
||||
grunt.log.writeln(`Signed ${signedFiles.length} files: ${signedFiles.join(', ')}`);
|
||||
|
||||
function walk(dir) {
|
||||
const list = fs.readdirSync(dir);
|
||||
list.forEach(file => {
|
||||
file = dir + '/' + file;
|
||||
const stat = fs.statSync(file);
|
||||
if (stat && stat.isDirectory()) {
|
||||
walk(file);
|
||||
} else {
|
||||
const relFile = file.substr(appPath.length + 1);
|
||||
const fileData = grunt.file.read(file, { encoding: null });
|
||||
signatures[relFile] = getSignature(fileData);
|
||||
signedFiles.push(relFile);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
function getSignature(data) {
|
||||
const sign = crypto.createSign('RSA-SHA256');
|
||||
sign.write(data);
|
||||
sign.end();
|
||||
return sign.sign(privateKey).toString('base64');
|
||||
}
|
||||
});
|
||||
};
|
||||
Loading…
Reference in New Issue