@certchip/signer 0.1.15 → 0.1.27

package/bin/signer.js

@@ -1,19 +1,72 @@
 #!/usr/bin/env node
+/**
+ * signer.js - Windows-only wrapper for signer.exe (KSP integration)
+ *
+ * @certchip/signer
+ * Copyright (c) 2025 Certchip. All rights reserved.
+ */
+
 const { spawn } = require('child_process');
 const path = require('path');
 const os = require('os');
+const fs = require('fs');
+
+// Check if running on Windows
+if (os.platform() !== 'win32') {
+    console.error('Error: signer command is only available on Windows');
+    console.error('');
+    console.error('The signer command provides Windows KSP (Key Storage Provider)');
+    console.error('integration for use with signtool.exe and Windows certificate store.');
+    console.error('');
+    console.error('For cross-platform code signing, use signercli instead:');
+    console.error('  npx signercli -help');
+    process.exit(1);
+}
+
+/**
+ * Get the path to the signer.exe binary
+ * @returns {string} Full path to signer.exe
+ */
+function getBinaryPath() {
+    return path.join(__dirname, 'win32-x64', 'signer.exe');
+}
 
-function getBinaryPath(name) {
-    const platform = os.platform();
-    if (platform !== 'win32') {
-        console.error('signer command is only available on Windows (Windows KSP integration)');
-        console.error('Use signercli for cross-platform code signing');
-        process.exit(1);
+/**
+ * Check if the binary exists
+ * @param {string} binaryPath - Path to check
+ * @returns {boolean} True if binary exists
+ */
+function checkBinary(binaryPath) {
+    try {
+        fs.accessSync(binaryPath, fs.constants.F_OK);
+        return true;
+    } catch (e) {
+        return false;
     }
-    return path.join(__dirname, 'win32-x64', name + '.exe');
 }
 
-const binary = getBinaryPath('signer');
-const child = spawn(binary, process.argv.slice(2), { stdio: 'inherit', windowsHide: true });
-child.on('close', code => process.exit(code || 0));
-child.on('error', err => { console.error(err.message); process.exit(1); });
+// Main execution
+const binary = getBinaryPath();
+
+if (!checkBinary(binary)) {
+    console.error('Error: signer.exe not found');
+    console.error(`Expected path: ${binary}`);
+    console.error('');
+    console.error('Please reinstall the @certchip/signer package.');
+    process.exit(1);
+}
+
+// Spawn the binary with all command line arguments
+const child = spawn(binary, process.argv.slice(2), {
+    stdio: 'inherit',
+    windowsHide: true
+});
+
+child.on('close', (code) => {
+    process.exit(code || 0);
+});
+
+child.on('error', (err) => {
+    console.error(`Error executing signer: ${err.message}`);
+    process.exit(1);
+});

package/bin/signercli.js

@@ -1,18 +1,139 @@
 #!/usr/bin/env node
+/**
+ * signercli.js - Cross-platform wrapper for signercli binary
+ *
+ * @certchip/signer
+ * Copyright (c) 2025 Certchip. All rights reserved.
+ */
+
 const { spawn } = require('child_process');
 const path = require('path');
 const os = require('os');
+const fs = require('fs');
 
+/**
+ * Get the path to the native binary for the current platform
+ * @param {string} name - Binary name (without extension)
+ * @returns {string} Full path to the binary
+ */
 function getBinaryPath(name) {
     const platform = os.platform();
     const arch = os.arch();
-    let platformId = platform === 'win32' ? 'win32' : platform === 'darwin' ? 'darwin' : 'linux';
-    let archId = arch === 'x64' || arch === 'x86_64' ? 'x64' : 'arm64';
+
+    // Map platform names
+    let platformId;
+    switch (platform) {
+        case 'win32':
+            platformId = 'win32';
+            break;
+        case 'darwin':
+            platformId = 'darwin';
+            break;
+        default:
+            platformId = 'linux';
+    }
+
+    // Map architecture names
+    let archId;
+    switch (arch) {
+        case 'x64':
+        case 'x86_64':
+            archId = 'x64';
+            break;
+        case 'arm64':
+        case 'aarch64':
+            archId = 'arm64';
+            break;
+        default:
+            archId = arch;
+    }
+
     const ext = platform === 'win32' ? '.exe' : '';
-    return path.join(__dirname, platformId + '-' + archId, name + ext);
+    const binaryPath = path.join(__dirname, `${platformId}-${archId}`, `${name}${ext}`);
+
+    return binaryPath;
+}
+
+/**
+ * Check if the binary exists
+ * @param {string} binaryPath - Path to check
+ * @returns {boolean} True if binary exists
+ */
+function binaryExists(binaryPath) {
+    try {
+        fs.accessSync(binaryPath, fs.constants.F_OK);
+        return true;
+    } catch (e) {
+        return false;
+    }
+}
+
+/**
+ * Check if the binary is executable
+ * @param {string} binaryPath - Path to check
+ * @returns {boolean} True if binary is executable
+ */
+function isExecutable(binaryPath) {
+    try {
+        fs.accessSync(binaryPath, fs.constants.X_OK);
+        return true;
+    } catch (e) {
+        return false;
+    }
 }
 
+/**
+ * Grant execute permission to the binary (Unix only)
+ * @param {string} binaryPath - Path to the binary
+ * @returns {boolean} True if permission was granted
+ */
+function grantExecutePermission(binaryPath) {
+    try {
+        // Get current mode and add execute permission
+        const stats = fs.statSync(binaryPath);
+        const newMode = stats.mode | 0o111; // Add execute for user, group, others
+        fs.chmodSync(binaryPath, newMode);
+        return true;
+    } catch (e) {
+        return false;
+    }
+}
+
+// Main execution
 const binary = getBinaryPath('signercli');
-const child = spawn(binary, process.argv.slice(2), { stdio: 'inherit', windowsHide: true });
-child.on('close', code => process.exit(code || 0));
-child.on('error', err => { console.error(err.message); process.exit(1); });
+const platform = os.platform();
+const arch = os.arch();
+
+// Check if binary exists
+if (!binaryExists(binary)) {
+    console.error(`Error: signercli binary not found for ${platform}-${arch}`);
+    console.error(`Expected path: ${binary}`);
+    console.error('');
+    console.error('This platform may not be supported yet.');
+    console.error('Supported platforms: win32-x64, linux-x64');
+    process.exit(1);
+}
+
+// On Unix systems, ensure the binary has execute permission
+if (platform !== 'win32' && !isExecutable(binary)) {
+    if (!grantExecutePermission(binary)) {
+        console.error(`Error: Cannot grant execute permission to ${binary}`);
+        console.error('Try running: chmod +x ' + binary);
+        process.exit(1);
+    }
+}
+
+// Spawn the binary with all command line arguments
+const child = spawn(binary, process.argv.slice(2), {
+    stdio: 'inherit',
+    windowsHide: true
+});
+
+child.on('close', (code) => {
+    process.exit(code || 0);
+});
+
+child.on('error', (err) => {
+    console.error(`Error executing signercli: ${err.message}`);
+    process.exit(1);
+});

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certchip/signer",
-  "version": "0.1.15",
+  "version": "0.1.27",
   "description": "Cross-platform code and document signing CLI tool",
   "main": "lib/index.js",
   "types": "lib/index.d.ts",
@@ -11,12 +11,15 @@
   "scripts": {
     "test": "echo \"Error: no test specified\" && exit 1",
     "version:generate": "node scripts/generate-version.js",
+    "build:linux-static": "bash build_fullstatic_linux_x64.sh",
     "prebuild": "npm run version:generate",
-    "prepack": "npm run version:generate"
+    "prepack": "npm run version:generate",
+    "postinstall": "node scripts/postinstall.js"
   },
   "files": [
     "bin/",
     "lib/",
+    "scripts/",
     "README.md"
   ],
   "keywords": [

package/scripts/generate-version.js

@@ -0,0 +1,273 @@
+#!/usr/bin/env node
+//
+// generate-version.js
+// Generates C header files and resource files with version from package.json
+//
+// Copyright (c) 2025 Certchip. All rights reserved.
+//
+// Generates:
+//   - signercli version.h (include/version.h)
+//   - signercli.rc (src/signercli.rc)
+//   - signer.exe version.h (KSP/Inc/version.h)
+//   - otpkey.dll version.h (buildscript/version.h)
+//   - Certchip.dll version.h (KSP/Provider/version.h)
+//
+
+const fs = require('fs');
+const path = require('path');
+
+// Read package.json
+const packagePath = path.join(__dirname, '..', 'package.json');
+const pkg = JSON.parse(fs.readFileSync(packagePath, 'utf8'));
+const version = pkg.version;
+
+// DLL versions (optional, defaults to main version with .0 suffix)
+const dllVersions = pkg.dllVersions || {};
+const otpkeyVersion = dllVersions.otpkey || `${version}.0`;
+const certchipVersion = dllVersions.certchip || `${version}.0`;
+
+// Helper: Convert version string "0.1.16" or "1.1.7.0" to comma-separated "0,1,16,0"
+function versionToComma(ver) {
+    const parts = ver.split('.').map(n => parseInt(n, 10) || 0);
+    while (parts.length < 4) parts.push(0);
+    return parts.slice(0, 4).join(',');
+}
+
+// Helper: Convert version string to Windows resource format "0.1.16.0"
+function versionToRC(ver) {
+    const parts = ver.split('.').map(n => parseInt(n, 10) || 0);
+    while (parts.length < 4) parts.push(0);
+    return parts.slice(0, 4).join('.');
+}
+
+console.log(`Generating version headers for v${version}...`);
+console.log(`  DLL versions: otpkey=${otpkeyVersion}, certchip=${certchipVersion}`);
+
+// Generate signercli version.h
+const signerCliHeader = `//
+// version.h
+// Auto-generated from package.json - DO NOT EDIT MANUALLY
+//
+// Copyright (c) 2025 Certchip. All rights reserved.
+//
+
+#ifndef SIGNER_VERSION_H
+#define SIGNER_VERSION_H
+
+#define SIGNER_CLI_VERSION "${version}"
+
+#endif // SIGNER_VERSION_H
+`;
+
+const signerCliPath = path.join(__dirname, '..', 'include', 'version.h');
+fs.writeFileSync(signerCliPath, signerCliHeader);
+console.log(`  Created: ${signerCliPath}`);
+
+// Generate signer.exe version.h (Windows KSP project)
+const signerVersionComma = versionToComma(version);
+const signerVersionStr = versionToRC(version);
+const signerHeader = `//
+// version.h
+// Auto-generated from package.json - DO NOT EDIT MANUALLY
+//
+// Copyright (c) 2025 Certchip. All rights reserved.
+//
+
+#ifndef SIGNER_VERSION_H
+#define SIGNER_VERSION_H
+
+#define SIGNER_VERSION L"${version}"
+
+// Resource version info
+#define SIGNER_VER_FILEVERSION          ${signerVersionComma}
+#define SIGNER_VER_FILEVERSION_STR      "${signerVersionStr}"
+#define SIGNER_VER_PRODUCTVERSION       ${signerVersionComma}
+#define SIGNER_VER_PRODUCTVERSION_STR   "${signerVersionStr}"
+
+#endif // SIGNER_VERSION_H
+`;
+
+// Try KSP path from environment or default
+const kspPath = process.env.KSP_INC_PATH || 'D:\\CPDK\\Certchip\\KSP\\Inc';
+if (fs.existsSync(kspPath)) {
+    const kspVersionPath = path.join(kspPath, 'version.h');
+    fs.writeFileSync(kspVersionPath, signerHeader);
+    console.log(`  Created: ${kspVersionPath}`);
+} else {
+    console.log(`  Skipped: ${kspPath} (directory not found)`);
+}
+
+// Generate signer.exe Resource.rc (Windows KSP Config project)
+const signerRC = `// Resource.rc
+// Windows resource file for signer.exe version information
+// Auto-generated from package.json - DO NOT EDIT MANUALLY
+
+#include "winres.h"
+#include "../Inc/version.h"
+
+VS_VERSION_INFO VERSIONINFO
+FILEVERSION     SIGNER_VER_FILEVERSION
+PRODUCTVERSION  SIGNER_VER_PRODUCTVERSION
+FILEFLAGSMASK   0x3fL
+#ifdef _DEBUG
+FILEFLAGS       0x1L
+#else
+FILEFLAGS       0x0L
+#endif
+FILEOS          0x40004L
+FILETYPE        0x1L
+FILESUBTYPE     0x0L
+BEGIN
+    BLOCK "StringFileInfo"
+    BEGIN
+        BLOCK "000904b0"
+        BEGIN
+            VALUE "CompanyName",      "Certchip"
+            VALUE "FileDescription",  "Certchip Signer Configuration Command-Line Tool."
+            VALUE "FileVersion",      SIGNER_VER_FILEVERSION_STR
+            VALUE "InternalName",     "signer.exe"
+            VALUE "LegalCopyright",   "Copyright (C) 2025 Certchip. All rights reserved."
+            VALUE "OriginalFilename", "signer.exe"
+            VALUE "ProductName",      "Certchip Signer"
+            VALUE "ProductVersion",   SIGNER_VER_PRODUCTVERSION_STR
+        END
+    END
+    BLOCK "VarFileInfo"
+    BEGIN
+        VALUE "Translation", 0x9, 1200
+    END
+END
+`;
+
+const kspConfigPath = process.env.KSP_CONFIG_PATH || 'D:\\CPDK\\Certchip\\KSP\\Config';
+if (fs.existsSync(kspConfigPath)) {
+    const signerRCPath = path.join(kspConfigPath, 'Resource.rc');
+    fs.writeFileSync(signerRCPath, signerRC);
+    console.log(`  Created: ${signerRCPath}`);
+} else {
+    console.log(`  Skipped: ${kspConfigPath} (directory not found)`);
+}
+
+// Generate signercli.rc (Windows resource file)
+const rcVersion = versionToRC(version);
+const rcVersionComma = versionToComma(version);
+const signerCliRC = `// signercli.rc
+// Windows resource file for version information
+// Auto-generated from package.json - DO NOT EDIT MANUALLY
+
+// Version info constants (from winver.h)
+#define VS_VERSION_INFO         1
+#define VS_FFI_FILEFLAGSMASK    0x0000003FL
+#define VOS_NT_WINDOWS32        0x00040004L
+#define VFT_APP                 0x00000001L
+#define VFT2_UNKNOWN            0x00000000L
+
+VS_VERSION_INFO VERSIONINFO
+FILEVERSION     ${rcVersionComma}
+PRODUCTVERSION  ${rcVersionComma}
+FILEFLAGSMASK   VS_FFI_FILEFLAGSMASK
+FILEFLAGS       0
+FILEOS          VOS_NT_WINDOWS32
+FILETYPE        VFT_APP
+FILESUBTYPE     VFT2_UNKNOWN
+BEGIN
+    BLOCK "StringFileInfo"
+    BEGIN
+        BLOCK "040904B0"
+        BEGIN
+            VALUE "CompanyName",      "Certchip"
+            VALUE "FileDescription",  "Certchip Signer CLI - Digital Signing Tool"
+            VALUE "FileVersion",      "${rcVersion}"
+            VALUE "InternalName",     "signercli"
+            VALUE "LegalCopyright",   "Copyright (c) 2025 Certchip. All rights reserved."
+            VALUE "OriginalFilename", "signercli.exe"
+            VALUE "ProductName",      "Certchip Signer CLI"
+            VALUE "ProductVersion",   "${rcVersion}"
+        END
+    END
+    BLOCK "VarFileInfo"
+    BEGIN
+        VALUE "Translation", 0x0409, 0x04B0
+    END
+END
+`;
+
+const signerCliRCPath = path.join(__dirname, '..', 'src', 'signercli.rc');
+fs.writeFileSync(signerCliRCPath, signerCliRC);
+console.log(`  Created: ${signerCliRCPath}`);
+
+// Generate otpkey.dll version.h
+const otpkeyVersionComma = versionToComma(otpkeyVersion);
+const otpkeyVersionStr = versionToRC(otpkeyVersion);
+const otpkeyHeader = `#ifndef VERSION_H
+#define VERSION_H
+
+// Auto-generated from package.json - DO NOT EDIT MANUALLY
+
+#define VER_FILEVERSION             ${otpkeyVersionComma}
+#define VER_FILEVERSION_STR         "${otpkeyVersionStr}\\0"
+#define VER_COMPANYNAME_STR         "Certchip"
+#define VER_FILEDESCRIPTION_STR     "Otpkey Core Library"
+#define VER_INTERNALNAME_STR        "OTPKEY CORE LIB"
+#define VER_LEGALCOPYRIGHT_STR      "Copyright (C) 2025 Certchip. All rights reserved."
+#define VER_LEGALTRADEMARKS1_STR    "OTPKEY"
+#define VER_LEGALTRADEMARKS2_STR    "OTPKEY"
+#define VER_ORIGINALFILENAME_STR    "otpkey.dll"
+#define VER_PRODUCTNAME_STR         "OTPKEY"
+#define VER_COMPANYDOMAIN_STR       "otpkey.com"
+#endif // VERSION_H
+`;
+
+const otpkeyPath = path.join(__dirname, '..', '..', 'buildscript', 'version.h');
+if (fs.existsSync(path.dirname(otpkeyPath))) {
+    fs.writeFileSync(otpkeyPath, otpkeyHeader);
+    console.log(`  Created: ${otpkeyPath}`);
+} else {
+    console.log(`  Skipped: ${otpkeyPath} (directory not found)`);
+}
+
+// Generate Certchip.dll (provider) version.h
+const certchipVersionComma = versionToComma(certchipVersion);
+const certchipVersionStr = versionToRC(certchipVersion);
+const certchipHeader = `#ifndef PROVIDER_VERSION_H
+#define PROVIDER_VERSION_H
+
+// Auto-generated from package.json - DO NOT EDIT MANUALLY
+
+#define PROVIDER_VER_FILEVERSION             ${certchipVersionComma}
+#define PROVIDER_VER_FILEVERSION_STR         "${certchipVersionStr}"
+#define PROVIDER_VER_COMPANYNAME_STR         "Certchip"
+#define PROVIDER_VER_FILEDESCRIPTION_STR     "Certchip Key Storage Provider"
+#define PROVIDER_VER_INTERNALNAME_STR        "Certchip.dll"
+#define PROVIDER_VER_LEGALCOPYRIGHT_STR      "Copyright (C) 2025 Certchip. All rights reserved."
+#define PROVIDER_VER_ORIGINALFILENAME_STR    "Certchip.dll"
+#define PROVIDER_VER_PRODUCTNAME_STR         "Certchip Signer Provider"
+#endif // PROVIDER_VERSION_H
+`;
+
+const certchipPath = process.env.KSP_PROVIDER_PATH || 'D:\\CPDK\\Certchip\\KSP\\Provider';
+if (fs.existsSync(certchipPath)) {
+    const certchipVersionPath = path.join(certchipPath, 'version.h');
+    fs.writeFileSync(certchipVersionPath, certchipHeader);
+    console.log(`  Created: ${certchipVersionPath}`);
+} else {
+    console.log(`  Skipped: ${certchipPath} (directory not found)`);
+}
+
+// Update otp.h VERSION macro (for Linux builds and otpkeyGetLibVersion())
+const otpHPath = path.join(__dirname, '..', '..', 'otp', 'otp.h');
+if (fs.existsSync(otpHPath)) {
+    let otpHContent = fs.readFileSync(otpHPath, 'utf8');
+    const versionRegex = /#define VERSION "[\d.]+"/;
+    if (versionRegex.test(otpHContent)) {
+        otpHContent = otpHContent.replace(versionRegex, `#define VERSION "${version}"`);
+        fs.writeFileSync(otpHPath, otpHContent);
+        console.log(`  Updated: ${otpHPath}`);
+    } else {
+        console.log(`  Skipped: ${otpHPath} (VERSION macro not found)`);
+    }
+} else {
+    console.log(`  Skipped: ${otpHPath} (file not found)`);
+}
+
+console.log('Version generation complete.');

package/scripts/postinstall.js

@@ -0,0 +1,43 @@
+#!/usr/bin/env node
+/**
+ * postinstall.js - Set execute permissions on binary files (Unix only)
+ *
+ * @certchip/signer
+ * Copyright (c) 2025 Certchip. All rights reserved.
+ */
+
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+
+// Skip on Windows
+if (os.platform() === 'win32') {
+    process.exit(0);
+}
+
+const binDir = path.join(__dirname, '..', 'bin');
+
+// List of platform directories and binaries to make executable
+const platforms = ['linux-x64', 'linux-arm64', 'darwin-x64', 'darwin-arm64'];
+const binaries = ['signercli'];
+
+let errors = 0;
+
+for (const platform of platforms) {
+    for (const binary of binaries) {
+        const binaryPath = path.join(binDir, platform, binary);
+
+        try {
+            if (fs.existsSync(binaryPath)) {
+                const stats = fs.statSync(binaryPath);
+                const newMode = stats.mode | 0o111; // Add execute permission
+                fs.chmodSync(binaryPath, newMode);
+                console.log(`Set execute permission: ${platform}/${binary}`);
+            }
+        } catch (e) {
+            // Silently ignore errors (e.g., platform not included)
+        }
+    }
+}
+
+process.exit(0);