Use dotenv

2026-05-09 00:24:09 +00:00 · 2025-02-20 07:57:57 -08:00
parent aacfae7ada
commit 5a334abb13
4 changed files with 4326 additions and 5047 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -9,3 +9,6 @@ dist
 !.github/images
 *.code-workspace
 *.pfx
+Microsoft.Trusted.Signing.Client*
+trusted-signing-metadata.json
+.env
--- a/forge.config.js
+++ b/forge.config.js
@@ -2,15 +2,25 @@ const path = require('path');
 const fs = require('fs');
 const package = require('./package.json');

-if (process.env['WINDOWS_CODESIGN_FILE']) {
-  const certPath = path.join(__dirname, 'win-certificate.pfx');
-  const certExists = fs.existsSync(certPath);
+require('dotenv').config()

-  if (certExists) {
-    process.env['WINDOWS_CODESIGN_FILE'] = certPath;
-  }
+process.env.TEMP = process.env.TMP = `C:\\Users\\FelixRieseberg\\AppData\\Local\\Temp`
+
+const FLAGS = {
+  SIGNTOOL_PATH: process.env.SIGNTOOL_PATH,
+  AZURE_CODE_SIGNING_DLIB: process.env.AZURE_CODE_SIGNING_DLIB || path.resolve(__dirname, 'Microsoft.Trusted.Signing.Client.1.0.60', 'bin', 'x64', 'Azure.CodeSigning.Dlib.dll'),
+  AZURE_METADATA_JSON: process.env.AZURE_METADATA_JSON || path.resolve(__dirname, 'trusted-signing-metadata.json'),
+  AZURE_TENANT_ID: process.env.AZURE_TENANT_ID,
+  AZURE_CLIENT_ID: process.env.AZURE_CLIENT_ID,
+  AZURE_CLIENT_SECRET: process.env.AZURE_CLIENT_SECRET,
 }

+fs.writeFileSync(FLAGS.AZURE_METADATA_JSON, JSON.stringify({
+  Endpoint: process.env.AZURE_CODE_SIGNING_ENDPOINT || "https://wcus.codesigning.azure.net",
+  CodeSigningAccountName: process.env.AZURE_CODE_SIGNING_ACCOUNT_NAME,
+  CertificateProfileName: process.env.AZURE_CODE_SIGNING_CERTIFICATE_PROFILE_NAME,
+}, null, 2));
+
 module.exports = {
  hooks: {
    generateAssets: require('./tools/generateAssets'),
@@ -32,6 +42,12 @@ module.exports = {
      appleIdPassword: process.env['APPLE_ID_PASSWORD'],
      teamId: 'LT94ZKYDCJ'
    },
+    windowsSign: {
+      signToolPath: FLAGS.SIGNTOOL_PATH,
+      signWithParams: `/v /dlib ${process.env.AZURE_CODE_SIGNING_DLIB} /dmdf ${FLAGS.AZURE_METADATA_JSON}`,
+      timestampServer: "http://timestamp.acs.microsoft.com",
+      hashes: ["sha256"],
+    },
    ignore: [
      /\/assets(\/?)/,
      /\/docs(\/?)/,
@@ -55,6 +71,8 @@ module.exports = {
      /\.eslintignore/,
      /\.eslintrc/,
      /\.prettierrc/,
+      /\/Microsoft\.Trusted\.Signing\.Client.*/,
+      /\/trusted-signing-metadata/,
    ]
  },
  makers: [
@@ -72,8 +90,12 @@ module.exports = {
          loadingGif: './assets/boot.gif',
          setupExe: `windows95-${package.version}-setup-${arch}.exe`,
          setupIcon: path.resolve(__dirname, 'assets', 'icon.ico'),
-          certificateFile: process.env['WINDOWS_CODESIGN_FILE'],
-          certificatePassword: process.env['WINDOWS_CODESIGN_PASSWORD'],
+          windowsSign: {
+            signToolPath: FLAGS.SIGNTOOL_PATH,
+            signWithParams: `/v /dlib ${process.env.AZURE_CODE_SIGNING_DLIB} /dmdf ${FLAGS.AZURE_METADATA_JSON}`,
+            timestampServer: "http://timestamp.acs.microsoft.com",
+            hashes: ["sha256"],
+          }
        }
      }
    },
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -37,6 +37,7 @@
    "@types/node": "^20",
    "@types/react": "^17.0.0",
    "@types/react-dom": "^17.0.0",
+    "dotenv": "^16.4.7",
    "electron": "34.2.0",
    "less": "^3.13.0",
    "parcel-bundler": "^1.12.5",