diff --git a/doc/api/single-executable-applications.md b/doc/api/single-executable-applications.md index 5933ae98b1cd73..584541588162c9 100644 --- a/doc/api/single-executable-applications.md +++ b/doc/api/single-executable-applications.md @@ -39,7 +39,24 @@ tool, [postject][]: $ cp $(command -v node) hello ``` -3. Inject the JavaScript file into the copied binary by running `postject` with +3. Remove the signature of the binary: + + * On macOS: + + ```console + $ codesign --remove-signature hello + ``` + + * On Windows (optional): + + [signtool][] can be used from the installed [Windows SDK][]. If this step is + skipped, ignore any signature-related warning from postject. + + ```console + $ signtool remove /s hello + ``` + +4. Inject the JavaScript file into the copied binary by running `postject` with the following options: * `hello` - The name of the copy of the `node` executable created in step 2. @@ -67,7 +84,24 @@ tool, [postject][]: --macho-segment-name NODE_JS ``` -4. Run the binary: +5. Sign the binary: + + * On macOS: + + ```console + $ codesign --sign - hello + ``` + + * On Windows (optional): + + A certificate needs to be present for this to work. However, the unsigned + binary would still be runnable. + + ```console + $ signtool sign /fd SHA256 hello + ``` + +6. Run the binary: ```console $ ./hello world Hello, world! @@ -138,9 +172,11 @@ to help us document them. [ELF]: https://en.wikipedia.org/wiki/Executable_and_Linkable_Format [Mach-O]: https://en.wikipedia.org/wiki/Mach-O [PE]: https://en.wikipedia.org/wiki/Portable_Executable +[Windows SDK]: https://developer.microsoft.com/en-us/windows/downloads/windows-sdk/ [`process.execPath`]: process.md#processexecpath [`require()`]: modules.md#requireid [`require.main`]: modules.md#accessing-the-main-module [fuse]: https://www.electronjs.org/docs/latest/tutorial/fuses [postject]: https://github.com/nodejs/postject +[signtool]: https://learn.microsoft.com/en-us/windows/win32/seccrypto/signtool [single executable applications]: https://github.com/nodejs/single-executable