WildDragonLLC/dragonflight
1
0
Fork 0
Code Issues 18 Pull requests 3 Projects Releases Packages Wiki Activity Actions
dragonflight/services/premiere-plugin/build/cert/README.md
Zac Gaetano f874009329 feat(premiere-plugin): ZXP + Windows installer build pipeline 
Replaces the manual robocopy / install-windows.ps1 flow with two real
distributable artifacts:

  - dragonflight-premiere-panel-<version>.zxp          (Mac + Win)
  - dragonflight-premiere-panel-<version>-windows-setup.exe (Win)

The Windows installer copies the bundle to %APPDATA%\Adobe\CEP\extensions,
sets PlayerDebugMode=1 for CSXS 8..13, registers an uninstaller, and
offers to remove any legacy com.wilddragon.mam.panel folder so editors
don't end up with duplicate panels.

The .zxp is signed with a self-signed cert generated on first build and
committed to build/cert/ so signature continuity is preserved across
builds (Adobe rejects ZXP upgrades with a different cert fingerprint).

Also migrates the CEP bundle ID from com.wilddragon.mam.panel to
net.wilddragon.dragonflight.panel to match the wild-dragon -> dragonflight
repo rename. Manifest, .debug, CSInterface.js, install docs, and the
growing-files quickstart all updated.

build/ is normally swept by the root .gitignore; added an explicit
negation so the packaging pipeline stays tracked.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-23 16:13:20 -04:00

2.1 KiB
Raw Blame History

Self-signed cert for ZXP signing

The .zxp package format requires a signature. We use a self-signed cert so there is no Certificate Authority cost; the trade-off is editors must enable PlayerDebugMode for the panel to load (the Windows .exe installer does this automatically).

Files

File What it is Commit to git?
dragonflight-selfsigned.p12 PKCS#12 keystore containing the signing cert + private key yes
cert-passphrase.txt Passphrase for the .p12 yes

Both are auto-generated on the first node build-zxp.mjs run. They MUST be committed and reused across builds: Adobe's ZXP signature continuity rule means a re-signed package with a different cert fingerprint will not install over an existing version — editors would have to uninstall the panel first.

Why is committing a private key OK here?

  • The panel is proprietary internal tooling, not a public distribution.
  • The cert chains to nothing — a leak lets an attacker sign a fake net.wilddragon.dragonflight.panel bundle, which would still require PlayerDebugMode=1 to load and physical access to the editor's machine to install. Threat model: low.
  • The alternative (rotating the cert on every build or keeping it in a secrets manager) would break upgrade-in-place for every editor on every build.

If you want a real codesigning cert later, drop a CA-issued .p12 over the self-signed one with the same filename and update cert-passphrase.txt. The build script will reuse them.

Regenerating

Delete both files. Next node build-zxp.mjs run will create a fresh self-signed cert (valid for 25 years). Commit the new pair. Heads up: every editor with the old .zxp installed must uninstall first before the new one will install.

Manual regeneration with the Adobe-published ZXPSignCmd (the zxp-sign-cmd npm package wraps this):

npx zxp-sign-cmd selfSignedCert \
  --country US \
  --province WA \
  --org "Wild Dragon LLC" \
  --name "Wild Dragon LLC" \
  --password "$(cat cert-passphrase.txt)" \
  --output dragonflight-selfsigned.p12