const { execSync } = require('child_process'); const { SIGN_TOOL_PATH = 'C:\\Program Files (x86)\\Windows Kits\\10\\bin\\x64\\signtool.exe', TIMESTAMP_SERVER = 'http://timestamp.digicert.com' } = process.env; const SITE = 'https://actualbudget.com/'; const importPfx = (certPath, password) => { const command = [ ['certutil'], ['-f'], ['-p', `"${password}"`], ['-importPfx', 'My', `"${certPath}"`, 'NoRoot'] ] .map(sub => sub.join(' ')) .join(' '); try { execSync(command, { stdio: 'inherit' }); } catch { console.error('Unable to import certificate'); } }; const signBinary = (path, name) => { const command = [ [`"${SIGN_TOOL_PATH}"`], ['sign'], ['/a'], ['/s', 'My'], ['/sm'], ['/t', `"${TIMESTAMP_SERVER}"`], ['/d', `"${name}"`], ['/du', `"${SITE}"`], [`"${path}"`] ] .map(sub => sub.join(' ')) .join(' '); try { execSync(command, { stdio: 'inherit' }); } catch { console.error(`Signing ${path} failed`); } }; exports.default = ({ path, name, cscInfo: { file, password } = {} }) => { if (!file) return; importPfx(file, password); signBinary(path, name, file); };