mirror of
https://github.com/tauri-apps/tauri.git
synced 2025-01-04 17:18:56 +03:00
Added Windows signing guide, renamed osx guide to macos (#3213)
This commit is contained in:
parent
b9c00d2db5
commit
e651c62c94
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: How to code-sign and notorize a OSX .dmg file with GitHub Actions
|
title: macOS - Code signing guide using Github Actions
|
||||||
sidebar_label: OSX Code-signing with GitHub Actions
|
sidebar_label: macOS - Code signing
|
||||||
---
|
---
|
||||||
|
|
||||||
import Alert from '@theme/Alert'
|
import Alert from '@theme/Alert'
|
81
docs/guides/bundler/sign-windows.md
Normal file
81
docs/guides/bundler/sign-windows.md
Normal file
@ -0,0 +1,81 @@
|
|||||||
|
---
|
||||||
|
title: Windows - Code signing guide locally & with Github Actions
|
||||||
|
sidebar_label: Windows - Code signing
|
||||||
|
---
|
||||||
|
|
||||||
|
import Alert from '@theme/Alert'
|
||||||
|
|
||||||
|
# Intro
|
||||||
|
|
||||||
|
Code-signing will add a level of authenticity to your application, while it is not required it can often improve the user experience for your users.
|
||||||
|
|
||||||
|
# Prerequisites
|
||||||
|
|
||||||
|
- Windows - you can likely use other platforms, but this tutorial is using Powershell native features.
|
||||||
|
- Code signing certificate - you can aqquire one of these on services such as Digicert.com, Comodo.com, & Godaddy.com. In this guide we are using Comodo.com
|
||||||
|
- A working tauri application
|
||||||
|
|
||||||
|
|
||||||
|
# Getting Started
|
||||||
|
|
||||||
|
There are a few things we will have to do to get our windows installation prepared for code signing. This includes converting our certificate to a speific format, installing this certificate, & then decoding required information from certificate that is required by tauri.
|
||||||
|
|
||||||
|
## A. Convert your `.cer` to `.pfx`
|
||||||
|
|
||||||
|
1. You will need the following:
|
||||||
|
- certificate file (mine is `cert.cer`)
|
||||||
|
- private key file (mine is `private-key.key`)
|
||||||
|
|
||||||
|
2. Open up a command prompt and change to your current directory using `cd Documents/Certs`
|
||||||
|
|
||||||
|
3. Convert your `.cer` to a `.pfx` using `openssl pkcs12 -export -in cert.cer -inkey private-key.key -out certificate.pfx`
|
||||||
|
|
||||||
|
4. You will be prompted to enter an export password **DON'T FORGET IT!**
|
||||||
|
|
||||||
|
## B. Import your `.pfx` file into the keystore.
|
||||||
|
|
||||||
|
We will now need to import our `.pfx` file.
|
||||||
|
|
||||||
|
1. Assign your export password to a variable using `$WINDOWS_PFX_PASSWORD = 'MYPASSWORD'`
|
||||||
|
|
||||||
|
2. Now Import the certificate using `Import-PfxCertificate -FilePath Certs/certificate.pfx -CertStoreLocation Cert:\LocalMachine\My -Password (ConvertTo-SecureString -String $env:WINDOWS_PFX_PASSWORD -Force -AsPlainText)`
|
||||||
|
|
||||||
|
## C. Prepare Variables
|
||||||
|
|
||||||
|
1. We will need the SHA-1 thumbprint of the certificate, you can get this using `openssl pkcs12 -info -in certificate.pfx` and look under for following
|
||||||
|
```
|
||||||
|
Bag Attributes
|
||||||
|
localKeyID: A1 B1 A2 B2 A3 B3 A4 B4 A5 B5 A6 B6 A7 B7 A8 B8 A9 B9 A0 B0
|
||||||
|
```
|
||||||
|
|
||||||
|
2. You will capture the `localKeyID` but with no spaces, in this example it would be `A1B1A2B2A3B3A4B4A5B5A6B6A7B7A8B8A9B9A0B0`. This is our `certificateThumbprint`.
|
||||||
|
|
||||||
|
3. We will need the SHA digest algorythm used for your certificate (Hint: this is likely `sha256`
|
||||||
|
|
||||||
|
4. We will also need a timestamp url, this is a time server used to verify the time of the certificate signing. Im using `http://timestamp.comodoca.com` but whoever you got your certificate from likely has one aswell.
|
||||||
|
|
||||||
|
# Prepare `tauri.conf.json` file
|
||||||
|
|
||||||
|
1. Now that we have our `certificateThumbprint`, `digestAlgorithm`, & `timestampUrl` we will open up the `tauri.conf.json`.
|
||||||
|
|
||||||
|
2. In the `tauri.conf.json` you will look for the `tauri` -> `bundle` -> `windows` section. You will see there are three variable for the information we have captured. Fill it out like below.
|
||||||
|
```
|
||||||
|
"windows": {
|
||||||
|
"certificateThumbprint": "A1B1A2B2A3B3A4B4A5B5A6B6A7B7A8B8A9B9A0B0",
|
||||||
|
"digestAlgorithm": "sha256",
|
||||||
|
"timestampUrl": "http://timestamp.comodoca.com"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
3. Save, and run `yarn | yarn build`
|
||||||
|
|
||||||
|
4. In the console output you will see the following output.
|
||||||
|
|
||||||
|
```
|
||||||
|
info: signing app
|
||||||
|
info: running signtool "C:\\Program Files (x86)\\Windows Kits\\10\\bin\\10.0.19041.0\\x64\\signtool.exe"
|
||||||
|
info: "Done Adding Additional Store\r\nSuccessfully signed: APPLICATION FILE PATH HERE
|
||||||
|
```
|
||||||
|
|
||||||
|
which shows you have successfully signed the `.exe`.
|
||||||
|
|
||||||
|
And thats it! You have successfully signed your .exe file.
|
@ -49,7 +49,8 @@
|
|||||||
"guides/bundler/anti-bloat",
|
"guides/bundler/anti-bloat",
|
||||||
"guides/bundler/sidecar",
|
"guides/bundler/sidecar",
|
||||||
"guides/bundler/debian",
|
"guides/bundler/debian",
|
||||||
"guides/bundler/sign-osx"
|
"guides/bundler/sign-macos",
|
||||||
|
"guides/bundler/sign-windows"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"guides/cli",
|
"guides/cli",
|
||||||
|
Loading…
Reference in New Issue
Block a user