No matter what options you have, signWithSignTool always adds hashing/timestampServer params.
|
// Timestamp |
|
if (hash === HASHES.sha256) { |
|
args.push('/tr', timestampServer); |
|
args.push('/td', hash); |
|
} else { |
|
args.push('/t', timestampServer); |
|
} |
Then if you signWithParams with the same params (e.g. /td sha256), signing results in error because duplicating params in signtool is not allowed.
I think this would be good if developers can provide any params in signWithSignTool. Especially because README makes a feeling it is possible:
|
To sign with `@electron/windows-sign` using those instructions, you would take the parameters and add them to `signWithParams`: |
|
|
|
```js |
|
await sign({ |
|
signWithParams: "/csp \"DigiCert Signing Manager KSP\" /kc <keypair_alias> /f <certificate_file> /tr http://timestamp.digicert.com /td SHA256 /fd SHA256" |
|
}) |
|
``` |
Probably related: Squirrel/Squirrel.Windows#1742
Proposal
After parsing signWithParams, replace duplicating params.
If this is fine, I'm ready to make a PR.
No matter what options you have,
signWithSignToolalways adds hashing/timestampServer params.windows-sign/src/sign-with-signtool.ts
Lines 25 to 31 in 2605684
Then if you
signWithParamswith the same params (e.g./td sha256), signing results in error because duplicating params insigntoolis not allowed.I think this would be good if developers can provide any params in
signWithSignTool. Especially because README makes a feeling it is possible:windows-sign/README.md
Lines 231 to 237 in 2605684
Probably related: Squirrel/Squirrel.Windows#1742
Proposal
After parsing
signWithParams, replace duplicating params.If this is fine, I'm ready to make a PR.