Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 48cf984

Browse filesBrowse files
RaisinTentargos
RaisinTen
authored and
targos
committed
doc: add steps about signing the binary in single-executable docs
We didn't catch this in #45038 because the binary wasn't signed by default unlike the official Node.js binary, which is signed by the Node.js Foundation identity by default. Refs: nodejs/postject#76 (macOS arm64 part only) Fixes: nodejs/postject#75 Signed-off-by: Darshan Sen <raisinten@gmail.com> PR-URL: #46764 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com> Reviewed-By: James M Snell <jasnell@gmail.com>
1 parent 760a351 commit 48cf984
Copy full SHA for 48cf984

File tree

Expand file treeCollapse file tree

1 file changed

+38
-2
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

1 file changed

+38
-2
lines changed
Open diff view settings
Collapse file

‎doc/api/single-executable-applications.md‎

Copy file name to clipboardExpand all lines: doc/api/single-executable-applications.md
+38-2Lines changed: 38 additions & 2 deletions
  • Display the source diff
  • Display the rich diff
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,24 @@ tool, [postject][]:
3333
$ cp $(command -v node) hello
3434
```
3535

36-
3. Inject the JavaScript file into the copied binary by running `postject` with
36+
3. Remove the signature of the binary:
37+
38+
* On macOS:
39+
40+
```console
41+
$ codesign --remove-signature hello
42+
```
43+
44+
* On Windows (optional):
45+
46+
[signtool][] can be used from the installed [Windows SDK][]. If this step is
47+
skipped, ignore any signature-related warning from postject.
48+
49+
```console
50+
$ signtool remove /s hello
51+
```
52+
53+
4. Inject the JavaScript file into the copied binary by running `postject` with
3754
the following options:
3855

3956
* `hello` - The name of the copy of the `node` executable created in step 2.
@@ -61,7 +78,24 @@ tool, [postject][]:
6178
--macho-segment-name NODE_JS
6279
```
6380

64-
4. Run the binary:
81+
5. Sign the binary:
82+
83+
* On macOS:
84+
85+
```console
86+
$ codesign --sign - hello
87+
```
88+
89+
* On Windows (optional):
90+
91+
A certificate needs to be present for this to work. However, the unsigned
92+
binary would still be runnable.
93+
94+
```console
95+
$ signtool sign /fd SHA256 hello
96+
```
97+
98+
6. Run the binary:
6599
```console
66100
$ ./hello world
67101
Hello, world!
@@ -132,9 +166,11 @@ to help us document them.
132166
[ELF]: https://en.wikipedia.org/wiki/Executable_and_Linkable_Format
133167
[Mach-O]: https://en.wikipedia.org/wiki/Mach-O
134168
[PE]: https://en.wikipedia.org/wiki/Portable_Executable
169+
[Windows SDK]: https://developer.microsoft.com/en-us/windows/downloads/windows-sdk/
135170
[`process.execPath`]: process.md#processexecpath
136171
[`require()`]: modules.md#requireid
137172
[`require.main`]: modules.md#accessing-the-main-module
138173
[fuse]: https://www.electronjs.org/docs/latest/tutorial/fuses
139174
[postject]: https://github.com/nodejs/postject
175+
[signtool]: https://learn.microsoft.com/en-us/windows/win32/seccrypto/signtool
140176
[single executable applications]: https://github.com/nodejs/single-executable

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.