dragonflight/services/premiere-plugin/build/cert/README.md

# Self-signed cert for ZXP signing

The `.zxp` package format requires a signature. We use a self-signed cert so
there is no Certificate Authority cost; the trade-off is editors must enable
`PlayerDebugMode` for the panel to load (the Windows `.exe` installer does
this automatically).

## Files

| File | What it is | Commit to git? |
|------|------------|----------------|
| `dragonflight-selfsigned.p12` | PKCS#12 keystore containing the signing cert + private key | **yes** |
| `cert-passphrase.txt` | Passphrase for the `.p12` | **yes** |

Both are auto-generated on the first `node build-zxp.mjs` run. They MUST be
committed and reused across builds: Adobe's ZXP signature continuity rule
means a re-signed package with a different cert fingerprint will not install
over an existing version — editors would have to uninstall the panel first.

## Why is committing a private key OK here?

- The panel is proprietary internal tooling, not a public distribution.
- The cert chains to nothing — a leak lets an attacker sign a fake
  `net.wilddragon.dragonflight.panel` bundle, which would still require
  `PlayerDebugMode=1` to load and physical access to the editor's machine to
  install. Threat model: low.
- The alternative (rotating the cert on every build or keeping it in a
  secrets manager) would break upgrade-in-place for every editor on every
  build.

If you want a real codesigning cert later, drop a CA-issued `.p12` over the
self-signed one with the same filename and update `cert-passphrase.txt`. The
build script will reuse them.

## Regenerating

Delete both files. Next `node build-zxp.mjs` run will create a fresh
self-signed cert (valid for 25 years). Commit the new pair. **Heads up:**
every editor with the old `.zxp` installed must uninstall first before the
new one will install.

The build script handles regeneration automatically — just delete both
files and re-run `node build-zxp.mjs`. If you need to invoke Adobe's
`ZXPSignCmd` directly (e.g. to inspect the generated cert), it ships inside
`node_modules/zxp-provider/bin/<version>/` after `npm install`.
feat(premiere-plugin): ZXP + Windows installer build pipeline Replaces the manual robocopy / install-windows.ps1 flow with two real distributable artifacts: - dragonflight-premiere-panel-<version>.zxp (Mac + Win) - dragonflight-premiere-panel-<version>-windows-setup.exe (Win) The Windows installer copies the bundle to %APPDATA%\Adobe\CEP\extensions, sets PlayerDebugMode=1 for CSXS 8..13, registers an uninstaller, and offers to remove any legacy com.wilddragon.mam.panel folder so editors don't end up with duplicate panels. The .zxp is signed with a self-signed cert generated on first build and committed to build/cert/ so signature continuity is preserved across builds (Adobe rejects ZXP upgrades with a different cert fingerprint). Also migrates the CEP bundle ID from com.wilddragon.mam.panel to net.wilddragon.dragonflight.panel to match the wild-dragon -> dragonflight repo rename. Manifest, .debug, CSInterface.js, install docs, and the growing-files quickstart all updated. build/ is normally swept by the root .gitignore; added an explicit negation so the packaging pipeline stays tracked. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> 2026-05-23 16:13:20 -04:00			`# Self-signed cert for ZXP signing`

			The `.zxp` package format requires a signature. We use a self-signed cert so
			`there is no Certificate Authority cost; the trade-off is editors must enable`
			`PlayerDebugMode` for the panel to load (the Windows `.exe` installer does
			`this automatically).`

			`## Files`

			`\| File \| What it is \| Commit to git? \|`
			`\|------\|------------\|----------------\|`
			\| `dragonflight-selfsigned.p12` \| PKCS#12 keystore containing the signing cert + private key \| yes \|
			\| `cert-passphrase.txt` \| Passphrase for the `.p12` \| yes \|

			Both are auto-generated on the first `node build-zxp.mjs` run. They MUST be
			`committed and reused across builds: Adobe's ZXP signature continuity rule`
			`means a re-signed package with a different cert fingerprint will not install`
			`over an existing version — editors would have to uninstall the panel first.`

			`## Why is committing a private key OK here?`

			`- The panel is proprietary internal tooling, not a public distribution.`
			`- The cert chains to nothing — a leak lets an attacker sign a fake`
			`net.wilddragon.dragonflight.panel` bundle, which would still require
			`PlayerDebugMode=1` to load and physical access to the editor's machine to
			`install. Threat model: low.`
			`- The alternative (rotating the cert on every build or keeping it in a`
			`secrets manager) would break upgrade-in-place for every editor on every`
			`build.`

			If you want a real codesigning cert later, drop a CA-issued `.p12` over the
			self-signed one with the same filename and update `cert-passphrase.txt`. The
			`build script will reuse them.`

			`## Regenerating`

			Delete both files. Next `node build-zxp.mjs` run will create a fresh
			`self-signed cert (valid for 25 years). Commit the new pair. Heads up:`
			every editor with the old `.zxp` installed must uninstall first before the
			`new one will install.`

fix(premiere-plugin): correct zxp-sign-cmd version + promise API; commit generated signing cert The initial pass referenced zxp-sign-cmd@0.2.2 which never shipped (latest is 2.0.0) and used the v1.x callback API. v2 is promise-based — rewrote build-zxp.mjs accordingly. Also commits the freshly-generated self-signed cert + passphrase from the first local build run. From now on every build reuses these so Adobe's ZXP signature-continuity rule is satisfied across versions. Verified end-to-end: `npm install && node build-zxp.mjs` produces dist/dragonflight-premiere-panel-1.0.0.zxp (34.7 KB), signature verifies, cert valid until 2051. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> 2026-05-23 16:17:31 -04:00			`The build script handles regeneration automatically — just delete both`
			files and re-run `node build-zxp.mjs`. If you need to invoke Adobe's
			`ZXPSignCmd` directly (e.g. to inspect the generated cert), it ships inside
			`node_modules/zxp-provider/bin/<version>/` after `npm install`.