Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[bug] Bundler Windows code-signing timestamp doesn't support RFC 316 (TSP) #3563

Closed
gardc opened this issue Feb 27, 2022 · 1 comment
Closed

[bug] Bundler Windows code-signing timestamp doesn't support RFC 316 (TSP) #3563

gardc opened this issue Feb 27, 2022 · 1 comment
Labels
type: bug

Comments

@gardc
Copy link
Contributor

gardc commented Feb 27, 2022

Describe the bug

As seen in this code, Tauri bundler only supports the /t option for SignTool, while my code certificate issuer's timestamp server only accepts RFC 3161 Time-Stamp Protocol (TSP). This results in the following error output when trying to build a signed bundle:

info: trying to sign app
info: signing <binary>
info: running signtool "E:\\Windows Kits\\10\\bin\\10.0.19041.0\\x64\\signtool.exe"
Error running CLI: failed to bundle project: failed to sign app: SignTool Error: The specified timestamp server either could not be reached or
returned an invalid response.
SignTool Error: An error occurred while attempting to sign: <binary>

This functionality is possible in SignTool by using /tr <timestamp URL> and /td <timestamp digest algorithm> instead of /t <timestamp URL>. See an example of a SignTool command with /tr and /td here. Tip: see SignTool's command options here.

I suggest adding another configuration field called tsp or something along those lines under Tauri > Bundle > Windows, with the default value being false and with the option of true. The true value of the tsp-field would then result in the SignTool command including /tr and /td instead of /t to be compatible with a TSP (RFC 3161) timestamp server.

Also, as I read this it sounds a bit like a feature request rather than a bug so feel free to change it. However, I file this as a bug since the code-signing functionality doesn't work as expected from the documentation.

Reproduction

  1. Have a code signing certificate (or not...?)
  2. Set timestamp server to http://ts.ssl.com or any other TSP server
  3. Try to build with yarn tauri build (or whatever build system you use)

Expected behavior

A successful, signed build of my app.

Platform and versions

Operating System - Windows, version 10.0.19044 X64
Webview2 - 98.0.1108.62
Visual Studio Build Tools:
   - Visual Studio Community 2022
   - Visual Studio Build Tools 2019

Node.js environment
  Node.js - 16.14.0
  @tauri-apps/cli - 1.0.0-rc.4
  @tauri-apps/api - 1.0.0-rc.1

Global packages
  npm - 8.3.1
  pnpm - Not installed
  yarn - 1.22.17

Rust environment
  rustup - 1.24.3
  rustc - 1.58.1
  cargo - 1.58.0
  toolchain - stable-x86_64-pc-windows-msvc 

App directory structure
/.git
/.github
/.idea
/build
/node_modules
/public
/src
/src-tauri

App
  tauri - 1.0.0-rc.2
  tauri-build - 1.0.0-rc.2
  tao - 0.6.1
  wry - 0.13.1
  build-type - bundle
  CSP - default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe
-eval' 'unsafe-inline' 'self' img-src: 'self'
  distDir - ../build
  devPath - http://localhost:6969/
  framework - React

Stack trace

No response

Additional context

No response
gardc added a commit to gardc/tauri that referenced this issue Feb 27, 2022
@gardc
feat(bundler): add TSP to WindowsSettings for tauri-apps#3563
848010a
gardc added a commit to gardc/tauri that referenced this issue Feb 28, 2022
@gardc
feat: added Time-Stamping Protocol setting for tauri-apps#3563
f4c767e
@gardc
Copy link
Contributor Author

gardc commented Mar 5, 2022

Created a pull request that fixes this issue: #3570

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gardc