electron-incremental-update 0.5.1 → 0.6.0

package/dist/vite.mjs

@@ -1,15 +1,15 @@
 import {
-  generateRSA,
   signature
-} from "./chunk-OBERMV66.mjs";
+} from "./chunk-VADH6AZA.mjs";
 
 // src/vite.ts
 import { createLogger } from "vite";
 
-// src/build-plugins/asar.ts
+// src/build-plugins/build.ts
 import { createReadStream, createWriteStream } from "node:fs";
 import { readFile, rename, writeFile } from "node:fs/promises";
 import zlib from "node:zlib";
+import { build } from "esbuild";
 function gzipFile(filePath) {
   return new Promise((resolve, reject) => {
     const gzip = zlib.createGzip();
@@ -46,23 +46,20 @@ async function buildAsar({
   await pack(electronDistPath, asarOutputPath);
   await gzipFile(asarOutputPath);
 }
-async function generateVersion({
+async function buildVersion({
   asarOutputPath,
   versionPath,
   privateKey,
-  publicKey,
+  cert,
   version
 }) {
   const buffer = await readFile(`${asarOutputPath}.gz`);
   await writeFile(versionPath, JSON.stringify({
-    signature: signature(buffer, privateKey, publicKey),
+    signature: signature(buffer, privateKey, cert, version),
     version,
     size: buffer.length
   }, null, 2));
 }
-
-// src/build-plugins/entry.ts
-import { build } from "esbuild";
 async function buildEntry({
   entryPath,
   entryOutputPath: outfile,
@@ -82,16 +79,35 @@ async function buildEntry({
 import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
 import { dirname } from "node:path";
 import { EOL } from "node:os";
-function generateKeyFile(privateKeyPath, publicKeyPath, length) {
-  const ret = generateRSA(length);
-  writeFileSync(privateKeyPath, ret.privateKey);
-  writeFileSync(publicKeyPath, ret.publicKey);
-  return ret;
+import { generateKeyPairSync } from "node:crypto";
+import { CertificateSigningRequest } from "@cyyynthia/jscert";
+function generateCert(privateKey) {
+  const dn = {
+    country: "zh-CN",
+    state: "zj",
+    locality: "hz",
+    organization: "test",
+    organizationalUnit: "test unit",
+    commonName: "test.test",
+    emailAddress: "test@example.com"
+  };
+  const csr = new CertificateSigningRequest(dn, privateKey, { digest: "sha256" });
+  const expiry = new Date(Date.now() + 365 * 864e5);
+  return csr.createSelfSignedCertificate(expiry).toPem();
 }
-function writePublicKeyToMain(entryPath, publicKey) {
+function generateKeys(length = 2048) {
+  const { privateKey: _key } = generateKeyPairSync("rsa", { modulusLength: length });
+  const cert = generateCert(_key);
+  const privateKey = _key.export({ type: "pkcs1", format: "pem" });
+  return {
+    privateKey,
+    cert
+  };
+}
+function writeCertToMain(entryPath, cert) {
   const file = readFileSync(entryPath, "utf-8");
-  const regex = /const SIGNATURE_PUB = ['`][\s\S]*?['`]/;
-  const replacement = `const SIGNATURE_PUB = \`${publicKey}\``;
+  const regex = /const SIGNATURE_CERT = ['`][\s\S]*?['`]/;
+  const replacement = `const SIGNATURE_CERT = \`${cert}\``;
   let replaced = file;
   const signaturePubExists = regex.test(file);
   if (signaturePubExists) {
@@ -116,24 +132,26 @@ function writePublicKeyToMain(entryPath, publicKey) {
 function getKeys({
   keyLength,
   privateKeyPath,
-  publicKeyPath,
+  certPath,
   entryPath
 }) {
   const keysDir = dirname(privateKeyPath);
   !existsSync(keysDir) && mkdirSync(keysDir);
-  let privateKey, publicKey;
-  if (!existsSync(privateKeyPath)) {
-    const keys = generateKeyFile(privateKeyPath, publicKeyPath, keyLength);
+  let privateKey, cert;
+  if (!existsSync(privateKeyPath) || !existsSync(certPath)) {
+    const keys = generateKeys(keyLength);
     privateKey = keys.privateKey;
-    publicKey = keys.publicKey;
+    cert = keys.cert;
+    writeFileSync(privateKeyPath, privateKey);
+    writeFileSync(certPath, cert);
   } else {
     privateKey = readFileSync(privateKeyPath, "utf-8");
-    publicKey = readFileSync(publicKeyPath, "utf-8");
+    cert = readFileSync(certPath, "utf-8");
   }
-  writePublicKeyToMain(entryPath, publicKey);
+  writeCertToMain(entryPath, cert);
   return {
     privateKey,
-    publicKey
+    cert
   };
 }
 
@@ -151,9 +169,17 @@ function parseOptions(options) {
   } = paths;
   const {
     privateKeyPath = "keys/private.pem",
-    publicKeyPath = "keys/public.pem",
-    keyLength = 2048
+    certPath = "keys/cert.pem",
+    keyLength = 2048,
+    certInfo
   } = keys;
+  let {
+    subject = {
+      commonName: productName,
+      organization: `org.${productName}`
+    },
+    expires = Date.now() + 365 * 864e5
+  } = certInfo || {};
   const buildAsarOption = {
     version,
     asarOutputPath,
@@ -167,17 +193,22 @@ function parseOptions(options) {
   };
   let buildVersionOption;
   if (!isCI) {
-    const { privateKey, publicKey } = getKeys({
+    if (typeof expires === "number") {
+      expires = new Date(Date.now() + expires);
+    }
+    const { privateKey, cert } = getKeys({
       keyLength,
       privateKeyPath,
-      publicKeyPath,
-      entryPath
+      certPath,
+      entryPath,
+      subject,
+      expires
     });
     buildVersionOption = {
       version,
       asarOutputPath,
       privateKey,
-      publicKey,
+      cert,
       versionPath
     };
   }
@@ -203,7 +234,7 @@ function vite_default(options) {
       }
       log.info("build asar start");
       await buildAsar(buildAsarOption);
-      buildVersionOption && await generateVersion(buildVersionOption);
+      buildVersionOption && await buildVersion(buildVersionOption);
       log.info(`build asar end, output to ${asarOutputPath}`);
     }
   };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "electron-incremental-update",
-  "version": "0.5.1",
+  "version": "0.6.0",
   "description": "electron incremental update tools, powered by vite",
   "scripts": {
     "build": "tsup",
@@ -61,6 +61,7 @@
     "vitest": "^0.32.2"
   },
   "dependencies": {
+    "@cyyynthia/jscert": "^0.1.2",
     "ci-info": "^3.8.0"
   }
-}
+}