From cfaa765858542e487e88a1962b956b35803bd54c Mon Sep 17 00:00:00 2001
From: antelle <dmitryvit@gmail.com>
Date: Sat, 4 Apr 2020 19:26:27 +0200
Subject: [PATCH] building desktop apps on ci

---
 Gruntfile.js         |  2 +-
 build/util/sign.js   | 44 +++++++++++++++++++++++++++++++++++---------
 grunt.entrypoints.js |  1 +
 3 files changed, 37 insertions(+), 10 deletions(-)

diff --git a/Gruntfile.js b/Gruntfile.js
index ca6f2928..17b91ca6 100644
--- a/Gruntfile.js
+++ b/Gruntfile.js
@@ -119,7 +119,7 @@ module.exports = function(grunt) {
                 nonull: true
             },
             'desktop-update': {
-                cwd: 'tmp/desktop/KeeWeb-darwin-x64/KeeWeb.app/Contents/Resources/',
+                cwd: 'tmp/desktop/keeweb-linux-x64/resources/',
                 src: 'app.asar',
                 dest: 'tmp/desktop/update/',
                 expand: true,
diff --git a/build/util/sign.js b/build/util/sign.js
index 73536c9a..ce2063ab 100644
--- a/build/util/sign.js
+++ b/build/util/sign.js
@@ -1,6 +1,6 @@
 const fs = require('fs');
 const signer = require('pkcs11-smartcard-sign');
-const keytar = require('keytar');
+const crypto = require('crypto');
 
 const verifyKey = fs.readFileSync('app/resources/public-key.pem');
 const signerOptions = JSON.parse(fs.readFileSync('keys/keeweb-sign.json', 'utf8'));
@@ -9,17 +9,43 @@ function getPin() {
     if (getPin.pin) {
         return Promise.resolve(getPin.pin);
     }
-    return keytar.getPassword('keeweb.pin', 'keeweb').then(pass => {
-        if (pass) {
-            getPin.pin = pass;
-            return pass;
-        } else {
-            throw 'Cannot find PIN';
-        }
-    });
+    return require('keytar')
+        .getPassword('keeweb.pin', 'keeweb')
+        .then(pass => {
+            if (pass) {
+                getPin.pin = pass;
+                return pass;
+            } else {
+                throw 'Cannot find PIN';
+            }
+        });
+}
+
+function getPrivateKey(path) {
+    if (!getPrivateKey[path]) {
+        getPrivateKey[path] = fs.readFileSync(path);
+    }
+    return getPrivateKey[path];
 }
 
 module.exports = function sign(grunt, data) {
+    if (signerOptions.privateKey) {
+        const algo = signerOptions.algo || 'sha256';
+
+        const sign = crypto.createSign(algo);
+        sign.update(data);
+        const signature = sign.sign(getPrivateKey(signerOptions.privateKey));
+
+        const verify = crypto.createVerify(algo);
+        verify.write(data);
+        verify.end();
+
+        if (verify.verify(verifyKey, signature)) {
+            return signature;
+        } else {
+            throw 'Validation error';
+        }
+    }
     return getPin()
         .then(pin => signer.sign({ data, verifyKey, pin, ...signerOptions }))
         .catch(err => {
diff --git a/grunt.entrypoints.js b/grunt.entrypoints.js
index ab3297c7..8f6a57e8 100644
--- a/grunt.entrypoints.js
+++ b/grunt.entrypoints.js
@@ -28,6 +28,7 @@ module.exports = function(grunt) {
         'clean:desktop',
         'build-desktop-app-content',
         'build-desktop-executables-linux',
+        'build-desktop-update',
         'build-desktop-archives-linux',
         'build-desktop-dist-linux'
     ]);