building desktop apps on ci

2020-04-04 19:26:27 +02:00 · 2020-04-04 19:26:27 +02:00 · cfaa765858
parent 8477df7e5c
commit cfaa765858
3 changed files with 37 additions and 10 deletions
--- a/Gruntfile.js
+++ b/Gruntfile.js
@ -119,7 +119,7 @@ module.exports = function(grunt) {
                nonull: true
            },
            'desktop-update': {
-                cwd: 'tmp/desktop/KeeWeb-darwin-x64/KeeWeb.app/Contents/Resources/',
+                cwd: 'tmp/desktop/keeweb-linux-x64/resources/',
                src: 'app.asar',
                dest: 'tmp/desktop/update/',
                expand: true,
--- a/build/util/sign.js
+++ b/build/util/sign.js
@ -1,6 +1,6 @@
 const fs = require('fs');
 const signer = require('pkcs11-smartcard-sign');
-const keytar = require('keytar');
+const crypto = require('crypto');

 const verifyKey = fs.readFileSync('app/resources/public-key.pem');
 const signerOptions = JSON.parse(fs.readFileSync('keys/keeweb-sign.json', 'utf8'));
@ -9,17 +9,43 @@ function getPin() {
    if (getPin.pin) {
        return Promise.resolve(getPin.pin);
    }
-    return keytar.getPassword('keeweb.pin', 'keeweb').then(pass => {
-        if (pass) {
-            getPin.pin = pass;
-            return pass;
-        } else {
-            throw 'Cannot find PIN';
-        }
-    });
+    return require('keytar')
+        .getPassword('keeweb.pin', 'keeweb')
+        .then(pass => {
+            if (pass) {
+                getPin.pin = pass;
+                return pass;
+            } else {
+                throw 'Cannot find PIN';
+            }
+        });
+}
+
+function getPrivateKey(path) {
+    if (!getPrivateKey[path]) {
+        getPrivateKey[path] = fs.readFileSync(path);
+    }
+    return getPrivateKey[path];
 }

 module.exports = function sign(grunt, data) {
+    if (signerOptions.privateKey) {
+        const algo = signerOptions.algo || 'sha256';
+
+        const sign = crypto.createSign(algo);
+        sign.update(data);
+        const signature = sign.sign(getPrivateKey(signerOptions.privateKey));
+
+        const verify = crypto.createVerify(algo);
+        verify.write(data);
+        verify.end();
+
+        if (verify.verify(verifyKey, signature)) {
+            return signature;
+        } else {
+            throw 'Validation error';
+        }
+    }
    return getPin()
        .then(pin => signer.sign({ data, verifyKey, pin, ...signerOptions }))
        .catch(err => {
--- a/grunt.entrypoints.js
+++ b/grunt.entrypoints.js
@ -28,6 +28,7 @@ module.exports = function(grunt) {
        'clean:desktop',
        'build-desktop-app-content',
        'build-desktop-executables-linux',
+        'build-desktop-update',
        'build-desktop-archives-linux',
        'build-desktop-dist-linux'
    ]);