doc: add steps about signing the binary in single-executable docs#46764
Uh oh!
There was an error while loading. Please reload this page.
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
We didn't catch this in nodejs#45038 because the binary wasn't signed by default unlike the official Node.js binary, which is signed by the Node.js Foundation identity by default. Refs: nodejs/postject#76 (macOS arm64 part only) Fixes: nodejs/postject#75 Signed-off-by: Darshan Sen <[email protected]>
This was referenced Feb 22, 2023
MemberAuthor
RaisinTen commented Feb 22, 2023
@nodejs/platform-windows can someone please review the Windows part? |
Member
tony-go commented Feb 22, 2023
Let me start my windows machine ^^ |
cjihrig approved these changes Feb 22, 2023
RaisinTen added the author ready 
tony-go approved these changes Feb 22, 2023
Member
tony-go left a comment
tony-go left a comment There was a problem hiding this comment.
LGTM for mac
Not able to test on my windows machine due to some reasons :/
aymen94 approved these changes Feb 22, 2023
RaisinTen added the commit-queue 
Contributor
ShenHongFei commented Feb 23, 2023
@RaisinTen I executed the following command in powershell: $ echo'console.log(`Hello, ${process.argv[2]}!`);'> hello.js $ cp e:/sdk/nodejs/node.exe hello.exe $ &"C:/Program Files (x86)/Windows Kits/10/bin/10.0.22621.0/x64/signtool.exe" remove /s hello.exe $ npx postject hello.exe NODE_JS_CODE hello.js --sentinel-fuse NODE_JS_FUSE_fce680ab2cc467b6e072b8b5df1996b2 $ &"C:/Program Files (x86)/Windows Kits/10/bin/10.0.22621.0/x64/signtool.exe" sign /fd SHA256 hello.exeThe last step went wrong: It may be that I don't have a local certificate that can be used for digital signatures, but the generated unsigned hello.exe can also run normally Using signtools (https://learn.microsoft.com/en-us/windows/win32/seccrypto/signtool) in Windows system to remove node.exe signature, and to sign the final generated hello.exe, is not Required steps, and users need to manually install windows sdk (https://developer.microsoft.com/en-us/windows/downloads/windows-sdk/) I think it would be more convenient to inform users that they can ignore the warnings output by postject, or make the method of deleting and re-signing as an optional step, explaining how to obtain and use signtools to sign. |
jasnell approved these changes Feb 24, 2023
RaisinTen removed the commit-queue Refs: nodejs#46764 (comment) Signed-off-by: Darshan Sen <[email protected]>
RaisinTen added the commit-queue-squash MemberAuthor
RaisinTen commented Feb 24, 2023
@ShenHongFei updated the docs to clarify that. PTAL reviewers. |
ovflowd approved these changes Feb 24, 2023
Member
ovflowd left a comment
ovflowd left a comment There was a problem hiding this comment.
Docs seem legit for me for both Windows and macOS :)
Contributor
ShenHongFei commented Feb 26, 2023
LGTM 😄 |
RaisinTen added a commit that referenced this pull request Feb 26, 2023
We didn't catch this in #45038 because the binary wasn't signed by default unlike the official Node.js binary, which is signed by the Node.js Foundation identity by default. Refs: nodejs/postject#76 (macOS arm64 part only) Fixes: nodejs/postject#75 Signed-off-by: Darshan Sen <[email protected]> PR-URL: #46764 Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: James M Snell <[email protected]>
MemberAuthor
RaisinTen commented Feb 26, 2023
Landed in 4cde39e |
RaisinTen deleted the doc-add-steps-about-signing-the-binary-in-single-executable-docs branch targos pushed a commit that referenced this pull request Mar 13, 2023
We didn't catch this in #45038 because the binary wasn't signed by default unlike the official Node.js binary, which is signed by the Node.js Foundation identity by default. Refs: nodejs/postject#76 (macOS arm64 part only) Fixes: nodejs/postject#75 Signed-off-by: Darshan Sen <[email protected]> PR-URL: #46764 Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: James M Snell <[email protected]>
targos pushed a commit that referenced this pull request Mar 14, 2023
We didn't catch this in #45038 because the binary wasn't signed by default unlike the official Node.js binary, which is signed by the Node.js Foundation identity by default. Refs: nodejs/postject#76 (macOS arm64 part only) Fixes: nodejs/postject#75 Signed-off-by: Darshan Sen <[email protected]> PR-URL: #46764 Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: James M Snell <[email protected]>
Contributor
danielleadams commented Apr 3, 2023
Blocked by #45038 |
RaisinTen added the single-executable targos pushed a commit that referenced this pull request Nov 10, 2023
We didn't catch this in #45038 because the binary wasn't signed by default unlike the official Node.js binary, which is signed by the Node.js Foundation identity by default. Refs: nodejs/postject#76 (macOS arm64 part only) Fixes: nodejs/postject#75 Signed-off-by: Darshan Sen <[email protected]> PR-URL: #46764 Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: James M Snell <[email protected]>
sercher added a commit to sercher/graaljs that referenced this pull request Apr 25, 2024
We didn't catch this in nodejs/node#45038 because the binary wasn't signed by default unlike the official Node.js binary, which is signed by the Node.js Foundation identity by default. Refs: nodejs/postject#76 (macOS arm64 part only) Fixes: nodejs/postject#75 Signed-off-by: Darshan Sen <[email protected]> PR-URL: nodejs/node#46764 Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: James M Snell <[email protected]>
sercher added a commit to sercher/graaljs that referenced this pull request Apr 25, 2024
We didn't catch this in nodejs/node#45038 because the binary wasn't signed by default unlike the official Node.js binary, which is signed by the Node.js Foundation identity by default. Refs: nodejs/postject#76 (macOS arm64 part only) Fixes: nodejs/postject#75 Signed-off-by: Darshan Sen <[email protected]> PR-URL: nodejs/node#46764 Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: James M Snell <[email protected]>
Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment
11 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
We didn't catch this in #45038 because the binary wasn't signed by default unlike the official Node.js binary, which is signed by the Node.js Foundation identity by default.
Refs: nodejs/postject#76 (macOS arm64 part only)
Fixes: nodejs/postject#75
cc @nodejs/single-executable @targos@ShenHongFei