wix installer is also signed (#3266)

2024-11-28 03:47:37 +03:00 · 2022-01-23 21:50:05 +01:00 · 2022-01-23 21:50:05 +01:00 · d801cc89b8
commit d801cc89b8
parent 529912515e
2 changed files with 31 additions and 20 deletions
--- a/.changes/wix-signing.md
+++ b/.changes/wix-signing.md
@ -0,0 +1,5 @@
+---
+"tauri-bundler": patch
+---
+
+Sign WiX installer in addition to the executable file.
--- a/tooling/bundler/src/bundle/windows/msi/wix.rs
+++ b/tooling/bundler/src/bundle/windows/msi/wix.rs
@ -387,27 +387,32 @@ pub fn build_wix_app_installer(
    .find(|bin| bin.main())
    .ok_or_else(|| anyhow::anyhow!("Failed to get main binary"))?;
  let app_exe_source = settings.binary_path(main_binary);
+  let try_sign = |file_path: &PathBuf| -> crate::Result<()> {
+    if let Some(certificate_thumbprint) = &settings.windows().certificate_thumbprint {
+      common::print_info(&format!("signing {}", file_path.display()))?;
+      sign(
+        &file_path,
+        &SignParams {
+          digest_algorithm: settings
+            .windows()
+            .digest_algorithm
+            .as_ref()
+            .map(|algorithm| algorithm.to_string())
+            .unwrap_or_else(|| "sha256".to_string()),
+          certificate_thumbprint: certificate_thumbprint.to_string(),
+          timestamp_url: settings
+            .windows()
+            .timestamp_url
+            .as_ref()
+            .map(|url| url.to_string()),
+        },
+      )?;
+    }
+    Ok(())
+  };

-  if let Some(certificate_thumbprint) = &settings.windows().certificate_thumbprint {
-    common::print_info("signing app")?;
-    sign(
-      &app_exe_source,
-      &SignParams {
-        digest_algorithm: settings
-          .windows()
-          .digest_algorithm
-          .as_ref()
-          .map(|algorithm| algorithm.to_string())
-          .unwrap_or_else(|| "sha256".to_string()),
-        certificate_thumbprint: certificate_thumbprint.to_string(),
-        timestamp_url: settings
-          .windows()
-          .timestamp_url
-          .as_ref()
-          .map(|url| url.to_string()),
-      },
-    )?;
-  }
+  common::print_info("trying to sign app")?;
+  try_sign(&app_exe_source)?;

  // ensure that `target/{release, debug}/wix` folder exists
  std::fs::create_dir_all(settings.project_out_directory().join("wix"))?;
@ -653,6 +658,7 @@ pub fn build_wix_app_installer(
    settings,
  )?;
  rename(&msi_output_path, &msi_path)?;
+  try_sign(&msi_path)?;

  Ok(msi_path)
 }