electron-incremental-update 0.7.1 → 0.7.3

package/dist/{chunk-3YKEHZAU.mjs → chunk-Q2K52LOG.mjs}

@@ -1,5 +1,5 @@
 // src/crypto.ts
-import { constants, createCipheriv, createDecipheriv, createHash, createSign, createVerify } from "node:crypto";
+import { createCipheriv, createDecipheriv, createHash, createPrivateKey, createSign, createVerify } from "node:crypto";
 import { Buffer } from "node:buffer";
 function encrypt(plainText, key2, iv) {
   const cipher = createCipheriv("aes-256-cbc", key2, iv);
@@ -18,11 +18,7 @@ function key(data, length) {
   return Buffer.from(hash).subarray(0, length);
 }
 var signature = (buffer, privateKey, cert, version) => {
-  const sig = createSign("RSA-SHA256").update(buffer).sign({
-    key: privateKey,
-    padding: constants.RSA_PKCS1_PADDING,
-    saltLength: constants.RSA_PSS_SALTLEN_DIGEST
-  }, "base64");
+  const sig = createSign("RSA-SHA256").update(buffer).sign(createPrivateKey(privateKey), "base64");
   return encrypt(`${sig}%${version}`, key(cert, 32), key(buffer, 16));
 };
 var verify = (buffer, signature2, cert) => {

package/dist/index.js

@@ -210,24 +210,24 @@ function createUpdater({
   } = {}
 }) {
   const updater = new import_node_events.EventEmitter();
-  let signature = "";
+  let signature, version;
   const asarPath = getProductAsarPath(productName);
   const gzipPath = `${asarPath}.gz`;
   const tmpFilePath = gzipPath.replace(".asar.gz", ".tmp.asar");
   function log(msg) {
     debug && updater.emit("debug", msg);
   }
-  function needUpdate(version) {
+  function needUpdate(version2) {
     if (!import_electron3.app.isPackaged) {
       log("in dev mode, no need to update");
       return false;
     }
     const currentVersion = getEntryVersion();
-    log(`check update: current version is ${currentVersion}, new version is ${version}`);
+    log(`check update: current version is ${currentVersion}, new version is ${version2}`);
     const _compare = compareVersion ?? compareVersionDefault;
-    return _compare(currentVersion, version);
+    return _compare(currentVersion, version2);
   }
-  async function parseData(format, data) {
+  async function parseData(format, data, version2) {
     if ((0, import_node_fs2.existsSync)(tmpFilePath)) {
       log(`remove tmp file: ${tmpFilePath}`);
       await (0, import_promises.rm)(tmpFilePath);
@@ -258,7 +258,7 @@ function createUpdater({
       } : {
         name: "releaseAsarURL",
         url: _release,
-        repoFallback: `${repository}/releases/download/latest/${productName}.asar.gz`,
+        repoFallback: `${repository}/releases/download/v${version2}/${productName}-${version2}.asar.gz`,
         fn: downloadBuffer ?? downloadBufferDefault
       };
       data ??= info.url;
@@ -267,6 +267,9 @@ function createUpdater({
         if (!repository) {
           throw new Error(`${info.name} or repository are not set`);
         }
+        if (format === "buffer" && !version2) {
+          throw new Error("version are not set");
+        }
         data = info.repoFallback;
       }
       log(`download ${format} from ${data}`);
@@ -280,15 +283,16 @@ function createUpdater({
   updater.setDebug = (isDebug) => debug = isDebug;
   updater.checkUpdate = async (data) => {
     try {
-      const { signature: _sig, size, version } = await parseData("json", data);
-      log(`checked version: ${version}, size: ${size}, signature: ${_sig}`);
-      if (!needUpdate(version)) {
-        log(`update unavailable: ${version}`);
+      const { signature: _sig, size, version: _ver } = await parseData("json", data);
+      log(`checked version: ${_ver}, size: ${size}, signature: ${_sig}`);
+      if (!needUpdate(_ver)) {
+        log(`update unavailable: ${_ver}`);
         return void 0;
       } else {
-        log(`update available: ${version}`);
+        log(`update available: ${_ver}`);
         signature = _sig;
-        return { size, version };
+        version = _ver;
+        return { size, version: _ver };
       }
     } catch (error) {
       log(error);
@@ -301,29 +305,29 @@ function createUpdater({
       if (!_sig) {
         throw new Error("signature are not set, please checkUpdate first or set the second parameter");
       }
-      const buffer = await parseData("buffer", data);
+      const buffer = await parseData("buffer", data, version);
       log("verify start");
       const _verify = verifySignaure ?? verify;
-      const version = _verify(buffer, _sig, SIGNATURE_CERT);
-      if (!version) {
+      const _ver = _verify(buffer, _sig, SIGNATURE_CERT);
+      if (!_ver) {
         throw new Error("verify failed, invalid signature");
       }
       log("verify success");
-      if (!needUpdate(version)) {
-        throw new Error(`update unavailable: ${version}`);
+      if (!needUpdate(_ver)) {
+        throw new Error(`update unavailable: ${_ver}`);
       }
       log(`write file: ${gzipPath}`);
       await (0, import_promises.writeFile)(gzipPath, buffer);
       log(`extract file: ${gzipPath}`);
       await unzipFile(gzipPath, tmpFilePath);
       const asarVersion = await (0, import_promises.readFile)((0, import_node_path2.resolve)(tmpFilePath, "version"), "utf8");
-      if (asarVersion !== version) {
+      if (asarVersion !== _ver) {
         (0, import_node_fs2.rmSync)(tmpFilePath);
-        throw new Error(`update failed: asar version is ${asarVersion}, but it should be ${version}`);
+        throw new Error(`update failed: asar version is ${asarVersion}, but it should be ${_ver}`);
       } else {
         await (0, import_promises.rename)(tmpFilePath, asarPath);
       }
-      log(`update success, version: ${version}`);
+      log(`update success, version: ${_ver}`);
       signature = "";
       return true;
     } catch (error) {

package/dist/index.mjs

@@ -1,6 +1,6 @@
 import {
   verify
-} from "./chunk-3YKEHZAU.mjs";
+} from "./chunk-Q2K52LOG.mjs";
 import {
   __require,
   getEntryVersion,
@@ -132,24 +132,24 @@ function createUpdater({
   } = {}
 }) {
   const updater = new EventEmitter();
-  let signature = "";
+  let signature, version;
   const asarPath = getProductAsarPath(productName);
   const gzipPath = `${asarPath}.gz`;
   const tmpFilePath = gzipPath.replace(".asar.gz", ".tmp.asar");
   function log(msg) {
     debug && updater.emit("debug", msg);
   }
-  function needUpdate(version) {
+  function needUpdate(version2) {
     if (!app.isPackaged) {
       log("in dev mode, no need to update");
       return false;
     }
     const currentVersion = getEntryVersion();
-    log(`check update: current version is ${currentVersion}, new version is ${version}`);
+    log(`check update: current version is ${currentVersion}, new version is ${version2}`);
     const _compare = compareVersion ?? compareVersionDefault;
-    return _compare(currentVersion, version);
+    return _compare(currentVersion, version2);
   }
-  async function parseData(format, data) {
+  async function parseData(format, data, version2) {
     if (existsSync(tmpFilePath)) {
       log(`remove tmp file: ${tmpFilePath}`);
       await rm(tmpFilePath);
@@ -180,7 +180,7 @@ function createUpdater({
       } : {
         name: "releaseAsarURL",
         url: _release,
-        repoFallback: `${repository}/releases/download/latest/${productName}.asar.gz`,
+        repoFallback: `${repository}/releases/download/v${version2}/${productName}-${version2}.asar.gz`,
         fn: downloadBuffer ?? downloadBufferDefault
       };
       data ??= info.url;
@@ -189,6 +189,9 @@ function createUpdater({
         if (!repository) {
           throw new Error(`${info.name} or repository are not set`);
         }
+        if (format === "buffer" && !version2) {
+          throw new Error("version are not set");
+        }
         data = info.repoFallback;
       }
       log(`download ${format} from ${data}`);
@@ -202,15 +205,16 @@ function createUpdater({
   updater.setDebug = (isDebug) => debug = isDebug;
   updater.checkUpdate = async (data) => {
     try {
-      const { signature: _sig, size, version } = await parseData("json", data);
-      log(`checked version: ${version}, size: ${size}, signature: ${_sig}`);
-      if (!needUpdate(version)) {
-        log(`update unavailable: ${version}`);
+      const { signature: _sig, size, version: _ver } = await parseData("json", data);
+      log(`checked version: ${_ver}, size: ${size}, signature: ${_sig}`);
+      if (!needUpdate(_ver)) {
+        log(`update unavailable: ${_ver}`);
         return void 0;
       } else {
-        log(`update available: ${version}`);
+        log(`update available: ${_ver}`);
         signature = _sig;
-        return { size, version };
+        version = _ver;
+        return { size, version: _ver };
       }
     } catch (error) {
       log(error);
@@ -223,29 +227,29 @@ function createUpdater({
       if (!_sig) {
         throw new Error("signature are not set, please checkUpdate first or set the second parameter");
       }
-      const buffer = await parseData("buffer", data);
+      const buffer = await parseData("buffer", data, version);
       log("verify start");
       const _verify = verifySignaure ?? verify;
-      const version = _verify(buffer, _sig, SIGNATURE_CERT);
-      if (!version) {
+      const _ver = _verify(buffer, _sig, SIGNATURE_CERT);
+      if (!_ver) {
         throw new Error("verify failed, invalid signature");
       }
       log("verify success");
-      if (!needUpdate(version)) {
-        throw new Error(`update unavailable: ${version}`);
+      if (!needUpdate(_ver)) {
+        throw new Error(`update unavailable: ${_ver}`);
       }
       log(`write file: ${gzipPath}`);
       await writeFile(gzipPath, buffer);
       log(`extract file: ${gzipPath}`);
       await unzipFile(gzipPath, tmpFilePath);
       const asarVersion = await readFile(resolve(tmpFilePath, "version"), "utf8");
-      if (asarVersion !== version) {
+      if (asarVersion !== _ver) {
         rmSync(tmpFilePath);
-        throw new Error(`update failed: asar version is ${asarVersion}, but it should be ${version}`);
+        throw new Error(`update failed: asar version is ${asarVersion}, but it should be ${_ver}`);
       } else {
         await rename(tmpFilePath, asarPath);
       }
-      log(`update success, version: ${version}`);
+      log(`update success, version: ${_ver}`);
       signature = "";
       return true;
     } catch (error) {

package/dist/vite.d.mts

@@ -1,10 +1,18 @@
 import { Plugin } from 'vite';
 import { Buffer } from 'node:buffer';
-import { DistinguishedName } from '@cyyynthia/jscert';
 
-type FunctionGenerateKeyPair = (keyLength: number, subject: DistinguishedName, expires: Date) => {
-    privateKey: string;
-    cert: string;
+type DistinguishedName = {
+    countryName?: string;
+    stateOrProvinceName?: string;
+    localityName?: string;
+    organizationName?: string;
+    organizationalUnitName?: string;
+    commonName?: string;
+    serialNumber?: string;
+    title?: string;
+    description?: string;
+    businessCategory?: string;
+    emailAddress?: string;
 };
 type FunctionGenerateSignature = (buffer: Buffer, privateKey: string, cert: string, version: string) => string;
 type Options = {
@@ -47,6 +55,11 @@ type Options = {
          * @default `release/${productName}.asar`
          */
         asarOutputPath?: string;
+        /**
+         * Path to gzipped asar file
+         * @default `release/${productName}-${version}.asar.gz`
+         */
+        gzipPath?: string;
         /**
          * Path to electron build output
          * @default `dist-electron`
@@ -93,26 +106,17 @@ type Options = {
             /**
              * the subject of the certificate
              *
-             * @default { commonName: productName, organization: `org.${productName}` }
+             * @default { commonName: productName, organizationName: `org.${productName}` }
              */
             subject?: DistinguishedName;
             /**
-             * expires of the certificate
-             * - `Date`: expire date
-             * - `number`: expire duration in seconds
+             * expire days of the certificate
              *
-             * @default Date.now() + 365 * 864e5 (1 year)
+             * @default 365
              */
-            expires?: Date | number;
+            days?: number;
         };
         overrideFunctions?: {
-            /**
-             * custom key pair generate function {@link FunctionGenerateKeyPair}
-             * @param keyLength key length
-             * @param subject subject info
-             * @param expires expire date
-             */
-            generateKeyPair?: FunctionGenerateKeyPair;
             /**
              * custom signature generate function {@link FunctionGenerateSignature}
              * @param buffer file buffer

package/dist/vite.d.ts

@@ -1,10 +1,18 @@
 import { Plugin } from 'vite';
 import { Buffer } from 'node:buffer';
-import { DistinguishedName } from '@cyyynthia/jscert';
 
-type FunctionGenerateKeyPair = (keyLength: number, subject: DistinguishedName, expires: Date) => {
-    privateKey: string;
-    cert: string;
+type DistinguishedName = {
+    countryName?: string;
+    stateOrProvinceName?: string;
+    localityName?: string;
+    organizationName?: string;
+    organizationalUnitName?: string;
+    commonName?: string;
+    serialNumber?: string;
+    title?: string;
+    description?: string;
+    businessCategory?: string;
+    emailAddress?: string;
 };
 type FunctionGenerateSignature = (buffer: Buffer, privateKey: string, cert: string, version: string) => string;
 type Options = {
@@ -47,6 +55,11 @@ type Options = {
          * @default `release/${productName}.asar`
          */
         asarOutputPath?: string;
+        /**
+         * Path to gzipped asar file
+         * @default `release/${productName}-${version}.asar.gz`
+         */
+        gzipPath?: string;
         /**
          * Path to electron build output
          * @default `dist-electron`
@@ -93,26 +106,17 @@ type Options = {
             /**
              * the subject of the certificate
              *
-             * @default { commonName: productName, organization: `org.${productName}` }
+             * @default { commonName: productName, organizationName: `org.${productName}` }
              */
             subject?: DistinguishedName;
             /**
-             * expires of the certificate
-             * - `Date`: expire date
-             * - `number`: expire duration in seconds
+             * expire days of the certificate
              *
-             * @default Date.now() + 365 * 864e5 (1 year)
+             * @default 365
              */
-            expires?: Date | number;
+            days?: number;
         };
         overrideFunctions?: {
-            /**
-             * custom key pair generate function {@link FunctionGenerateKeyPair}
-             * @param keyLength key length
-             * @param subject subject info
-             * @param expires expire date
-             */
-            generateKeyPair?: FunctionGenerateKeyPair;
             /**
              * custom signature generate function {@link FunctionGenerateSignature}
              * @param buffer file buffer

package/dist/vite.js

@@ -53,11 +53,7 @@ function key(data, length) {
   return import_node_buffer.Buffer.from(hash).subarray(0, length);
 }
 var signature = (buffer, privateKey, cert, version) => {
-  const sig = (0, import_node_crypto.createSign)("RSA-SHA256").update(buffer).sign({
-    key: privateKey,
-    padding: import_node_crypto.constants.RSA_PKCS1_PADDING,
-    saltLength: import_node_crypto.constants.RSA_PSS_SALTLEN_DIGEST
-  }, "base64");
+  const sig = (0, import_node_crypto.createSign)("RSA-SHA256").update(buffer).sign((0, import_node_crypto.createPrivateKey)(privateKey), "base64");
   return encrypt(`${sig}%${version}`, key(cert, 32), key(buffer, 16));
 };
 
@@ -99,23 +95,24 @@ async function pack(dir, target) {
 async function buildAsar({
   version,
   asarOutputPath,
+  gzipPath,
   electronDistPath,
   rendererDistPath
 }) {
   await (0, import_promises.rename)(rendererDistPath, `${electronDistPath}/renderer`);
   await (0, import_promises.writeFile)(`${electronDistPath}/version`, version);
   await pack(electronDistPath, asarOutputPath);
-  await zipFile(asarOutputPath);
+  await zipFile(asarOutputPath, gzipPath);
 }
 async function buildVersion({
-  asarOutputPath,
+  gzipPath,
   versionPath,
   privateKey,
   cert,
   version,
   generateSignature
 }) {
-  const buffer = await (0, import_promises.readFile)(`${asarOutputPath}.gz`);
+  const buffer = await (0, import_promises.readFile)(gzipPath);
   const _func = generateSignature ?? signature;
   await (0, import_promises.writeFile)(versionPath, JSON.stringify({
     signature: _func(buffer, privateKey, cert, version),
@@ -138,24 +135,51 @@ async function buildEntry({
   });
 }
 
+// src/build-plugins/option.ts
+var import_ci_info = require("ci-info");
+
 // src/build-plugins/key.ts
 var import_node_fs2 = require("fs");
 var import_node_path2 = require("path");
 var import_node_os = require("os");
-var import_node_crypto2 = require("crypto");
-var import_jscert = require("@cyyynthia/jscert");
-function generateCert(privateKey, dn, expires) {
-  const csr = new import_jscert.CertificateSigningRequest(dn, privateKey, { digest: "sha256" });
-  return csr.createSelfSignedCertificate(expires).toPem();
+var import_node_child_process = require("child_process");
+function generateKeyPair(keyLength, subject, days, privateKeyPath, certPath) {
+  const starter = `try {
+  require('selfsigned')
+} catch (e) {
+  console.error('to generate private key, please run "npm install --dev selfsigned"')
 }
-function generateKeyPairDefault(length, subjects, expires) {
-  const { privateKey: _key } = (0, import_node_crypto2.generateKeyPairSync)("rsa", { modulusLength: length });
-  const cert = generateCert(_key, subjects, expires);
-  const privateKey = _key.export({ type: "pkcs1", format: "pem" });
-  return {
-    privateKey,
-    cert
-  };
+try {
+  const { existsSync, mkdirSync, writeFileSync } = require('node:fs')
+  const { dirname } = require('node:path')
+  const { generate } = require('selfsigned')
+  const privateKeyPath = '${privateKeyPath.replace(/\\/g, "/")}'
+  const certPath = '${certPath.replace(/\\/g, "/")}'
+  const privateKeyDir = dirname(privateKeyPath)
+  existsSync(privateKeyDir) || mkdirSync(privateKeyDir, { recursive: true })
+  const certDir = dirname(certPath)
+  existsSync(certDir) || mkdirSync(certDir, { recursive: true })
+
+  const { cert, private: privateKey } = generate(${JSON.stringify(subject)}, {
+    keySize: ${keyLength}, algorithm: 'sha256', days: ${days},
+  })
+
+  writeFileSync(privateKeyPath, privateKey.replace(/\\r/g, ''))
+  writeFileSync(certPath, cert.replace(/\\r/g, ''))
+} catch (e) {
+  console.error(e)
+  process.exit(-1)
+} finally {
+  process.exit(0)
+}
+`;
+  const fileName = "key-gen.js";
+  (0, import_node_fs2.writeFileSync)(`./${fileName}`, starter);
+  try {
+    (0, import_node_child_process.execSync)(`npx electron ${fileName}`, { stdio: "inherit" });
+  } finally {
+    (0, import_node_fs2.rmSync)(`./${fileName}`);
+  }
 }
 function writeCertToMain(entryPath, cert) {
   const file = (0, import_node_fs2.readFileSync)(entryPath, "utf-8");
@@ -182,38 +206,37 @@ function writeCertToMain(entryPath, cert) {
   }
   (0, import_node_fs2.writeFileSync)(entryPath, replaced);
 }
-function getKeys({
+function parseKeys({
   keyLength,
   privateKeyPath,
   certPath,
   entryPath,
   subject,
-  expires,
-  generateKeyPair
+  days
 }) {
   const keysDir = (0, import_node_path2.dirname)(privateKeyPath);
   !(0, import_node_fs2.existsSync)(keysDir) && (0, import_node_fs2.mkdirSync)(keysDir);
-  let privateKey, cert;
   if (!(0, import_node_fs2.existsSync)(privateKeyPath) || !(0, import_node_fs2.existsSync)(certPath)) {
-    const _func = generateKeyPair ?? generateKeyPairDefault;
-    const keys = _func(keyLength, subject, expires);
-    privateKey = keys.privateKey;
-    cert = keys.cert;
-    (0, import_node_fs2.writeFileSync)(privateKeyPath, privateKey);
-    (0, import_node_fs2.writeFileSync)(certPath, cert);
-  } else {
-    privateKey = (0, import_node_fs2.readFileSync)(privateKeyPath, "utf-8");
-    cert = (0, import_node_fs2.readFileSync)(certPath, "utf-8");
+    generateKeyPair(keyLength, parseSubjects(subject), days, privateKeyPath, certPath);
   }
+  const privateKey = (0, import_node_fs2.readFileSync)(privateKeyPath, "utf-8");
+  const cert = (0, import_node_fs2.readFileSync)(certPath, "utf-8");
   writeCertToMain(entryPath, cert);
   return {
     privateKey,
     cert
   };
 }
+function parseSubjects(subject) {
+  const ret = [];
+  Object.keys(subject).forEach((name) => {
+    const value = subject[name];
+    value && ret.push({ name, value });
+  });
+  return ret;
+}
 
 // src/build-plugins/option.ts
-var import_ci_info = require("ci-info");
 function parseOptions(options) {
   const {
     isBuild,
@@ -223,7 +246,8 @@ function parseOptions(options) {
     paths: {
       entryPath = "electron/app.ts",
       entryOutputPath = "app.js",
-      asarOutputPath = `release/${productName}-${version}.asar`,
+      asarOutputPath = `release/${productName}.asar`,
+      gzipPath = `release/${productName}-${version}.asar.gz`,
       electronDistPath = "dist-electron",
       rendererDistPath = "dist",
       versionPath = "version.json"
@@ -236,20 +260,18 @@ function parseOptions(options) {
       overrideFunctions = {}
     } = {}
   } = options;
-  const {
-    generateKeyPair,
-    generateSignature
-  } = overrideFunctions;
+  const { generateSignature } = overrideFunctions;
   let {
     subject = {
       commonName: productName,
-      organization: `org.${productName}`
+      organizationName: `org.${productName}`
     },
-    expires = Date.now() + 365 * 864e5
+    days = 365
   } = certInfo;
   const buildAsarOption = {
     version,
     asarOutputPath,
+    gzipPath,
     electronDistPath,
     rendererDistPath
   };
@@ -260,21 +282,17 @@ function parseOptions(options) {
   };
   let buildVersionOption;
   if (!import_ci_info.isCI) {
-    if (typeof expires === "number") {
-      expires = new Date(Date.now() + expires);
-    }
-    const { privateKey, cert } = getKeys({
+    const { privateKey, cert } = parseKeys({
       keyLength,
       privateKeyPath,
       certPath,
       entryPath,
       subject,
-      expires,
-      generateKeyPair
+      days
     });
     buildVersionOption = {
       version,
-      asarOutputPath,
+      gzipPath,
       privateKey,
       cert,
       versionPath,

package/dist/vite.mjs

@@ -1,6 +1,6 @@
 import {
   signature
-} from "./chunk-3YKEHZAU.mjs";
+} from "./chunk-Q2K52LOG.mjs";
 import {
   zipFile
 } from "./chunk-CRBEZBU5.mjs";
@@ -31,23 +31,24 @@ async function pack(dir, target) {
 async function buildAsar({
   version,
   asarOutputPath,
+  gzipPath,
   electronDistPath,
   rendererDistPath
 }) {
   await rename(rendererDistPath, `${electronDistPath}/renderer`);
   await writeFile(`${electronDistPath}/version`, version);
   await pack(electronDistPath, asarOutputPath);
-  await zipFile(asarOutputPath);
+  await zipFile(asarOutputPath, gzipPath);
 }
 async function buildVersion({
-  asarOutputPath,
+  gzipPath,
   versionPath,
   privateKey,
   cert,
   version,
   generateSignature
 }) {
-  const buffer = await readFile(`${asarOutputPath}.gz`);
+  const buffer = await readFile(gzipPath);
   const _func = generateSignature ?? signature;
   await writeFile(versionPath, JSON.stringify({
     signature: _func(buffer, privateKey, cert, version),
@@ -70,24 +71,51 @@ async function buildEntry({
   });
 }
 
+// src/build-plugins/option.ts
+import { isCI } from "ci-info";
+
 // src/build-plugins/key.ts
-import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { existsSync, mkdirSync, readFileSync, rmSync, writeFileSync } from "node:fs";
 import { dirname } from "node:path";
 import { EOL } from "node:os";
-import { generateKeyPairSync } from "node:crypto";
-import { CertificateSigningRequest } from "@cyyynthia/jscert";
-function generateCert(privateKey, dn, expires) {
-  const csr = new CertificateSigningRequest(dn, privateKey, { digest: "sha256" });
-  return csr.createSelfSignedCertificate(expires).toPem();
+import { execSync } from "node:child_process";
+function generateKeyPair(keyLength, subject, days, privateKeyPath, certPath) {
+  const starter = `try {
+  require('selfsigned')
+} catch (e) {
+  console.error('to generate private key, please run "npm install --dev selfsigned"')
 }
-function generateKeyPairDefault(length, subjects, expires) {
-  const { privateKey: _key } = generateKeyPairSync("rsa", { modulusLength: length });
-  const cert = generateCert(_key, subjects, expires);
-  const privateKey = _key.export({ type: "pkcs1", format: "pem" });
-  return {
-    privateKey,
-    cert
-  };
+try {
+  const { existsSync, mkdirSync, writeFileSync } = require('node:fs')
+  const { dirname } = require('node:path')
+  const { generate } = require('selfsigned')
+  const privateKeyPath = '${privateKeyPath.replace(/\\/g, "/")}'
+  const certPath = '${certPath.replace(/\\/g, "/")}'
+  const privateKeyDir = dirname(privateKeyPath)
+  existsSync(privateKeyDir) || mkdirSync(privateKeyDir, { recursive: true })
+  const certDir = dirname(certPath)
+  existsSync(certDir) || mkdirSync(certDir, { recursive: true })
+
+  const { cert, private: privateKey } = generate(${JSON.stringify(subject)}, {
+    keySize: ${keyLength}, algorithm: 'sha256', days: ${days},
+  })
+
+  writeFileSync(privateKeyPath, privateKey.replace(/\\r/g, ''))
+  writeFileSync(certPath, cert.replace(/\\r/g, ''))
+} catch (e) {
+  console.error(e)
+  process.exit(-1)
+} finally {
+  process.exit(0)
+}
+`;
+  const fileName = "key-gen.js";
+  writeFileSync(`./${fileName}`, starter);
+  try {
+    execSync(`npx electron ${fileName}`, { stdio: "inherit" });
+  } finally {
+    rmSync(`./${fileName}`);
+  }
 }
 function writeCertToMain(entryPath, cert) {
   const file = readFileSync(entryPath, "utf-8");
@@ -114,38 +142,37 @@ function writeCertToMain(entryPath, cert) {
   }
   writeFileSync(entryPath, replaced);
 }
-function getKeys({
+function parseKeys({
   keyLength,
   privateKeyPath,
   certPath,
   entryPath,
   subject,
-  expires,
-  generateKeyPair
+  days
 }) {
   const keysDir = dirname(privateKeyPath);
   !existsSync(keysDir) && mkdirSync(keysDir);
-  let privateKey, cert;
   if (!existsSync(privateKeyPath) || !existsSync(certPath)) {
-    const _func = generateKeyPair ?? generateKeyPairDefault;
-    const keys = _func(keyLength, subject, expires);
-    privateKey = keys.privateKey;
-    cert = keys.cert;
-    writeFileSync(privateKeyPath, privateKey);
-    writeFileSync(certPath, cert);
-  } else {
-    privateKey = readFileSync(privateKeyPath, "utf-8");
-    cert = readFileSync(certPath, "utf-8");
+    generateKeyPair(keyLength, parseSubjects(subject), days, privateKeyPath, certPath);
   }
+  const privateKey = readFileSync(privateKeyPath, "utf-8");
+  const cert = readFileSync(certPath, "utf-8");
   writeCertToMain(entryPath, cert);
   return {
     privateKey,
     cert
   };
 }
+function parseSubjects(subject) {
+  const ret = [];
+  Object.keys(subject).forEach((name) => {
+    const value = subject[name];
+    value && ret.push({ name, value });
+  });
+  return ret;
+}
 
 // src/build-plugins/option.ts
-import { isCI } from "ci-info";
 function parseOptions(options) {
   const {
     isBuild,
@@ -155,7 +182,8 @@ function parseOptions(options) {
     paths: {
       entryPath = "electron/app.ts",
       entryOutputPath = "app.js",
-      asarOutputPath = `release/${productName}-${version}.asar`,
+      asarOutputPath = `release/${productName}.asar`,
+      gzipPath = `release/${productName}-${version}.asar.gz`,
       electronDistPath = "dist-electron",
       rendererDistPath = "dist",
       versionPath = "version.json"
@@ -168,20 +196,18 @@ function parseOptions(options) {
       overrideFunctions = {}
     } = {}
   } = options;
-  const {
-    generateKeyPair,
-    generateSignature
-  } = overrideFunctions;
+  const { generateSignature } = overrideFunctions;
   let {
     subject = {
       commonName: productName,
-      organization: `org.${productName}`
+      organizationName: `org.${productName}`
     },
-    expires = Date.now() + 365 * 864e5
+    days = 365
   } = certInfo;
   const buildAsarOption = {
     version,
     asarOutputPath,
+    gzipPath,
     electronDistPath,
     rendererDistPath
   };
@@ -192,21 +218,17 @@ function parseOptions(options) {
   };
   let buildVersionOption;
   if (!isCI) {
-    if (typeof expires === "number") {
-      expires = new Date(Date.now() + expires);
-    }
-    const { privateKey, cert } = getKeys({
+    const { privateKey, cert } = parseKeys({
       keyLength,
       privateKeyPath,
       certPath,
       entryPath,
       subject,
-      expires,
-      generateKeyPair
+      days
     });
     buildVersionOption = {
       version,
-      asarOutputPath,
+      gzipPath,
       privateKey,
       cert,
       versionPath,

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "electron-incremental-update",
   "author": "subframe7536",
-  "version": "0.7.1",
+  "version": "0.7.3",
   "description": "electron incremental update tools, powered by vite",
   "scripts": {
     "build": "tsup && node fix-module.js",
@@ -50,14 +50,15 @@
     "bumpp": "^9.1.1",
     "electron": "^25.2.0",
     "eslint": "^8.43.0",
-    "fs-jetpack": "^5.1.0",
     "tsup": "^7.1.0",
     "typescript": "^5.1.5",
     "vite": "^4.3.9",
     "vitest": "^0.32.2"
   },
   "dependencies": {
-    "@cyyynthia/jscert": "^0.1.2",
     "ci-info": "^3.8.0"
+  },
+  "peerDependencies": {
+    "selfsigned": "^2.1.1"
   }
 }