Open benoist opened 3 months ago
Great callout. I'm looking at the code and there's a lot of isWin
logic
Most notably, I'm not sure what the different arg would be for running it when vmRequired = true
as that executes within a Parallels VM it looks like (link)
https://github.com/electron-userland/electron-builder/blob/140e2f0eb0df79c2a46e35024e96d0563355fc89/packages/app-builder-lib/src/codeSign/windowsCodeSign.ts#L158-L166
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.
Currently the computeSignToolArgs can't work with DigiCert codesign with EV certificates using a USB token
The password requires the format explained here
https://stackoverflow.com/questions/17927895/automate-extended-validation-ev-code-signing-with-safenet-etoken
So the /csp is missing from the current computeSignToolArgs and the file name currently expects a .p12 but with the USB token, you can only use a certificate without private key.
I'm not sure what the best naming would be for the addition to the sign tool args, but it would be great if this can be added as standard options as USB tokens are now required for Code signing certificates by default. .p12 or .pfx files won't be supported anymore due to updated security standards from the CAB.