doc: add steps about signing the binary in single-executable docs#46764
Closed
RaisinTen wants to merge 2 commits intonodejs:mainfrom
Closed
doc: add steps about signing the binary in single-executable docs#46764RaisinTen wants to merge 2 commits intonodejs:mainfrom
RaisinTen wants to merge 2 commits intonodejs:mainfrom
Conversation
We didn't catch this in nodejs#45038 because the binary wasn't signed by default unlike the official Node.js binary, which is signed by the Node.js Foundation identity by default. Refs: nodejs/postject#76 (macOS arm64 part only) Fixes: nodejs/postject#75 Signed-off-by: Darshan Sen <[email protected]>
This was referenced Feb 22, 2023
Member
Author
|
@nodejs/platform-windows can someone please review the Windows part? |
Member
|
Let me start my windows machine ^^ |
cjihrig
approved these changes
Feb 22, 2023
RaisinTen
added
the
author ready
tony-go
approved these changes
Feb 22, 2023
Member
tony-go
left a comment
tony-go
left a comment
There was a problem hiding this comment.
LGTM for mac
Not able to test on my windows machine due to some reasons :/
aymen94
approved these changes
Feb 22, 2023
RaisinTen
added
the
commit-queue
Contributor
|
@RaisinTen I executed the following command in powershell: $ echo 'console.log(`Hello, ${process.argv[2]}!`);' > hello.js
$ cp e:/sdk/nodejs/node.exe hello.exe
$ &"C:/Program Files (x86)/Windows Kits/10/bin/10.0.22621.0/x64/signtool.exe" remove /s hello.exe
$ npx postject hello.exe NODE_JS_CODE hello.js --sentinel-fuse NODE_JS_FUSE_fce680ab2cc467b6e072b8b5df1996b2
$ &"C:/Program Files (x86)/Windows Kits/10/bin/10.0.22621.0/x64/signtool.exe" sign /fd SHA256 hello.exeThe last step went wrong: It may be that I don't have a local certificate that can be used for digital signatures, but the generated unsigned hello.exe can also run normally Using signtools (https://learn.microsoft.com/en-us/windows/win32/seccrypto/signtool) in Windows system to remove node.exe signature, and to sign the final generated hello.exe, is not Required steps, and users need to manually install windows sdk (https://developer.microsoft.com/en-us/windows/downloads/windows-sdk/) I think it would be more convenient to inform users that they can ignore the warnings output by postject, or make the method of deleting and re-signing as an optional step, explaining how to obtain and use signtools to sign. |
jasnell
approved these changes
Feb 24, 2023
RaisinTen
removed
the
commit-queue
Refs: nodejs#46764 (comment) Signed-off-by: Darshan Sen <[email protected]>
RaisinTen
added
the
commit-queue-squash
Member
Author
|
@ShenHongFei updated the docs to clarify that. PTAL reviewers. |
ovflowd
approved these changes
Feb 24, 2023
Member
ovflowd
left a comment
ovflowd
left a comment
There was a problem hiding this comment.
Docs seem legit for me for both Windows and macOS :)
Contributor
LGTM 😄 |
RaisinTen
added a commit
that referenced
this pull request
Feb 26, 2023
We didn't catch this in #45038 because the binary wasn't signed by default unlike the official Node.js binary, which is signed by the Node.js Foundation identity by default. Refs: nodejs/postject#76 (macOS arm64 part only) Fixes: nodejs/postject#75 Signed-off-by: Darshan Sen <[email protected]> PR-URL: #46764 Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: James M Snell <[email protected]>
Member
Author
|
Landed in 4cde39e |
RaisinTen
deleted the
doc-add-steps-about-signing-the-binary-in-single-executable-docs
branch
targos
pushed a commit
that referenced
this pull request
Mar 13, 2023
We didn't catch this in #45038 because the binary wasn't signed by default unlike the official Node.js binary, which is signed by the Node.js Foundation identity by default. Refs: nodejs/postject#76 (macOS arm64 part only) Fixes: nodejs/postject#75 Signed-off-by: Darshan Sen <[email protected]> PR-URL: #46764 Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: James M Snell <[email protected]>
targos
pushed a commit
that referenced
this pull request
Mar 14, 2023
We didn't catch this in #45038 because the binary wasn't signed by default unlike the official Node.js binary, which is signed by the Node.js Foundation identity by default. Refs: nodejs/postject#76 (macOS arm64 part only) Fixes: nodejs/postject#75 Signed-off-by: Darshan Sen <[email protected]> PR-URL: #46764 Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: James M Snell <[email protected]>
Contributor
|
Blocked by #45038 |
RaisinTen
added
the
single-executable
targos
pushed a commit
that referenced
this pull request
Nov 10, 2023
We didn't catch this in #45038 because the binary wasn't signed by default unlike the official Node.js binary, which is signed by the Node.js Foundation identity by default. Refs: nodejs/postject#76 (macOS arm64 part only) Fixes: nodejs/postject#75 Signed-off-by: Darshan Sen <[email protected]> PR-URL: #46764 Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: James M Snell <[email protected]>
sercher
added a commit
to sercher/graaljs
that referenced
this pull request
Apr 25, 2024
We didn't catch this in nodejs/node#45038 because the binary wasn't signed by default unlike the official Node.js binary, which is signed by the Node.js Foundation identity by default. Refs: nodejs/postject#76 (macOS arm64 part only) Fixes: nodejs/postject#75 Signed-off-by: Darshan Sen <[email protected]> PR-URL: nodejs/node#46764 Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: James M Snell <[email protected]>
sercher
added a commit
to sercher/graaljs
that referenced
this pull request
Apr 25, 2024
We didn't catch this in nodejs/node#45038 because the binary wasn't signed by default unlike the official Node.js binary, which is signed by the Node.js Foundation identity by default. Refs: nodejs/postject#76 (macOS arm64 part only) Fixes: nodejs/postject#75 Signed-off-by: Darshan Sen <[email protected]> PR-URL: nodejs/node#46764 Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: James M Snell <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
11 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
We didn't catch this in #45038 because the binary wasn't signed by default unlike the official Node.js binary, which is signed by the Node.js Foundation identity by default.
Refs: nodejs/postject#76 (macOS arm64 part only)
Fixes: nodejs/postject#75
cc @nodejs/single-executable @targos @ShenHongFei