From a9313f4756f50ae1b84bd8f307ecc281da634d60 Mon Sep 17 00:00:00 2001
From: Anders Kaseorg <anders@zulip.com>
Date: Thu, 13 Mar 2025 13:23:09 -0700
Subject: [PATCH] Update Azure Trusted Signing configuration.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
---
 package.json        | 15 ++++++++++-----
 scripts/win-sign.js | 20 --------------------
 2 files changed, 10 insertions(+), 25 deletions(-)
 delete mode 100644 scripts/win-sign.js

diff --git a/package.json b/package.json
index 3fbeba05..cf382d26 100644
--- a/package.json
+++ b/package.json
@@ -121,11 +121,16 @@
         }
       ],
       "icon": "build/icon.ico",
-      "publisherName": "Kandra Labs, Inc.",
-      "sign": "./scripts/win-sign.js",
-      "signingHashAlgorithms": [
-        "sha256"
-      ]
+      "signtoolOptions": {
+        "publisherName": "Kandra Labs, Inc."
+      },
+      "azureSignOptions": {
+        "endpoint": "https://eus.codesigning.azure.net/",
+        "codeSigningAccountName": "kandralabs",
+        "certificateProfileName": "kandralabs",
+        "timestampRfc3161": "http://timestamp.acs.microsoft.com",
+        "timestampDigest": "SHA256"
+      }
     },
     "msi": {
       "artifactName": "${productName}-${version}-${arch}.${ext}"
diff --git a/scripts/win-sign.js b/scripts/win-sign.js
deleted file mode 100644
index a6272a57..00000000
--- a/scripts/win-sign.js
+++ /dev/null
@@ -1,20 +0,0 @@
-"use strict";
-
-const childProcess = require("node:child_process");
-const {promisify} = require("node:util");
-
-const exec = promisify(childProcess.exec);
-
-exports.default = async ({path, hash}) => {
-  await exec(
-    `powershell.exe Invoke-TrustedSigning \
--Endpoint https://eus.codesigning.azure.net/ \
--CodeSigningAccountName kandralabs \
--CertificateProfileName kandralabs \
--Files '${path}' \
--FileDigest '${hash}' \
--TimestampRfc3161 http://timestamp.acs.microsoft.com \
--TimestampDigest '${hash}'`,
-    {stdio: "inherit"},
-  );
-};