Closed jacobq closed 7 years ago
@felixrieseberg What are your thoughts regarding this?
Code looks good to me - real quick though regarding the API: I couldn't really see the breaking change. It looks like current users currently passing in the name without a CN=
are still fine, right?
The change that I was concerned about was the function signature:
function makeCert (publisherName, certFilePath, program)
vs.
function makeCert (parameters)
So, yes, as long as users aren't calling makeCert
directly everything should be fine, but if they are then they have to reformat the arguments they're passing. Since makeCert
is exported I assume it is considered part of the API, so I wanted to be cautious about changing it. If you're OK with this then I'll add another commit that adjusts any internal calls (e.g. in setup.js
) and any existing documentation I can find to use the updated format then remove the [WIP]
tag here when I think it can be safely merged.
We can just not break the api - let's do a quick check on the signature of the call and quickly turn it into parameters
. That way we can change the API, but we don't break existing use cases.
I can add that real quick - or you can just add it to the PR.
Sure, if that is your preference we can do that too. Take a look at a4e61da
and see if it's close to what you had in mind.
I just also noticed that there is at least one npm module for DN parsing / validating / escaping, so I'm going to look around a little bit and see if I can modify some of the code added in this PR to use a module like that instead. This could also help with #70
@felixrieseberg makecert.exe
doesn't seem to exactly follow any published standard I could find, so I built-up a regular expression in isValidPublisherName
that matches the actual behavior as best I can tell. This should be ready to merge now, but if you've got time to look it over once more (I assume you're at EmberConf :hamster: right now) I'd appreciate it.
Perfect, that's exactly what I had in mind. Thank you so much!
No problem. I'm working on some changes to how appmanifest.xml
gets written to address #70, so be on the lookout for another PR soon. After that, if you're comfortable cutting a release then I can finally close out the downstream electron-forge
PR by having it use your makeCert
function instead of its own.
The goal of this PR is to make it easier to reuse the certificate creation functions in downstream projects by:
isValidPublisher
function that checks whether or not a string matches the syntax required for the publisher argument passed tomakecert.exe
(an X.500 distinguished name)makeCert
(won't prependCN=
topublisherName
if it's already a valid distinguished name)An example use case can be seen here https://github.com/electron-userland/electron-forge/pull/161