Code signing on Windows 10 builds a non-signed Windows 7 installer/executable
See original GitHub issue- Version: 6.7.7
- WinCodeSign: 1.4.2
- Target: Windows 7/10 ia32/x64
- Type: Squirrel installer
Hi,
I’ve been successful in building a code signed Windows 10 application using electron-builder. However, if I run the same installer under Windows 7, I see the following dialog window:
If I look at the properties of the executable, the Digital Signatures tab is missing, indicating that the executable is not signed.
However, if I do the same process under Windows 7, I have a different set of issues. I’m unsure if it is my computer of the codesign executable that is part of the WinCodeSign 1.4.2 package, but it will often crash with Unhandled rejection Error: Exit code: 3221225477
(see http://stackoverflow.com/a/10306977/108301, basically a segfault). If I run it multiple times (until it works), then I get a signed executable/installer. The security warning dialog box now displays the proper publisher name and the Digital Signatures is present in the properties of the executable.
Does this imply that it is not possible to to have an app signed for both Windows 7 and Windows 10?
Reference logs (When building on Windows 7):
E:\Tom\Documents\GIT\REMOVED>gulp installer-win32
(node:5388) fs: re-evaluating native module sources is not supported. If you are using the graceful-fs module, please update it to a more recent version.
[23:23:21] Using gulpfile E:\Tom\Documents\GIT\REMOVED\gulpfile.js
[23:23:21] Starting 'installer-win32'...
[23:23:21] Finished 'installer-win32' after 32 ms
Skip app dependencies rebuild because dev and app dependencies are not separated
Packaging for platform win32 ia32 using electron 1.1.3 to dist\win-ia32-unpacked
electron-builder Found existing nsis C:\Users\Tom\.cache\nsis\nsis-3.0.1 +0ms
electron-builder Found existing winCodeSign C:\Users\Tom\.cache\winCodeSign\winCodeSign-1.4.2 +3s
electron-builder Executing C:\Users\Tom\.cache\winCodeSign\winCodeSign-1.4.2\rcedit.exe E:\Tom\Documents\GIT\REMOVED\dist\win-ia32-unpacked\REMOVED.exe --set-version-string CompanyName REMOVED --set-version-string FileDescription REMOVED --set-version-string ProductName REMOVED --set-version-string InternalName REMOVED --set-version-string LegalCopyright Copyright © 2016 REMOVED --set-version-string OriginalFilename --set-file-version 1.1.0 --set-product-version 1.1.0 --set-icon E:\Tom\Documents\GIT\REMOVED\assets\package\win\icon.ico +2ms
Signing REMOVED.exe (certificate file "build\certs\REMOVED.p12")
electron-builder Executing C:\Users\Tom\.cache\winCodeSign\winCodeSign-1.4.2\windows-6\signtool.exe sign /t http://timestamp.verisign.com/scripts/timstamp.dll /f build\certs\REMOVED.p12 /d REMOVED /du https://REMOVED/ /p REMOVED E:\Tom\Documents\GIT\REMOVED\dist\win-ia32-unpacked\REMOVED.exe +170ms
electron-builder Executing C:\Users\Tom\.cache\winCodeSign\winCodeSign-1.4.2\windows-6\signtool.exe sign /tr http://timestamp.comodoca.com/rfc3161 /f build\certs\REMOVED.p12 /fd sha256 /td sha256 /d REMOVED /du https://REMOVED/ /as /p REMOVED E:\Tom\Documents\GIT\REMOVED\dist\win-ia32-unpacked\REMOVED.exe +538ms
Warning: For windows consider only distributing 64-bit, see https://github.com/electron-userland/electron-builder/issues/359#issuecomment-214851130
Building Squirrel.Windows installer
electron-builder Found existing Squirrel.Windows C:\Users\Tom\.cache\Squirrel.Windows\Squirrel.Windows-1.4.4 +1s
Signing t-150c-0-Update.exe (certificate file "build\certs\REMOVED.p12")
electron-builder Executing C:\Users\Tom\.cache\winCodeSign\winCodeSign-1.4.2\windows-6\signtool.exe sign /t http://timestamp.verisign.com/scripts/timstamp.dll /f build\certs\REMOVED.p12 /d REMOVED /du https://REMOVED/ /p REMOVED C:\Users\Tom\AppData\Local\Temp\electron-builder-CGxeG7\t-150c-0-Update.exe +31ms
electron-builder Executing C:\Users\Tom\.cache\winCodeSign\winCodeSign-1.4.2\windows-6\signtool.exe sign /tr http://timestamp.comodoca.com/rfc3161 /f build\certs\REMOVED.p12 /fd sha256 /td sha256 /d REMOVED /du https://REMOVED/ /as /p REMOVED C:\Users\Tom\AppData\Local\Temp\electron-builder-CGxeG7\t-150c-0-Update.exe +223ms
Unhandled rejection Error: Exit code: 3221225477. Command failed: C:\Users\Tom\.cache\winCodeSign\winCodeSign-1.4.2\windows-6\signtool.exe sign /tr http://timestamp.comodoca.com/rfc3161 /f build\certs\REMOVED.p12 /fd sha256 /td sha256 /d REMOVED /du https://REMOVED/ /as /p REMOVED C:\Users\Tom\AppData\Local\Temp\electron-builder-CGxeG7\t-150c-0-Update.exe
at E:\Tom\Documents\GIT\REMOVED\node_modules\electron-builder\src\util\util.ts:96:16
at ChildProcess.exithandler (child_process.js:213:5)
at emitTwo (events.js:106:13)
at ChildProcess.emit (events.js:191:7)
at maybeClose (internal/child_process.js:877:16)
at Process.ChildProcess._handle.onexit (internal/child_process.js:226:5)
From previous event:
at Object.exec (E:\Tom\Documents\GIT\REMOVED\node_modules\electron-builder\src\util\util.ts:77:9)
at E:\Tom\Documents\GIT\REMOVED\node_modules\electron-builder\src\windowsCodeSign.ts:114:20
From previous event:
at tsAwaiter (E:\Tom\Documents\GIT\REMOVED\node_modules\electron-builder\src\util\awaiter.ts:10:47)
at WinPackager.sign (E:\Tom\Documents\GIT\REMOVED\node_modules\electron-builder\src\winPackager.ts:123:26)
at bluebird_1.Promise.all.fs_extra_p_1.copy.then (E:\Tom\Documents\GIT\REMOVED\node_modules\electron-builder\src\targets\squirrelP
ack.ts:58:28)
at runCallback (timers.js:574:20)
at tryOnImmediate (timers.js:554:5)
at processImmediate [as _immediateCallback] (timers.js:533:5)
Issue Analytics
- State:
- Created 7 years ago
- Comments:15 (8 by maintainers)
Top GitHub Comments
Should be no difference (e.g. sample app is still using Squirrel.Windows).
Yes, but as Squirrel.Windows is not so robust/maintainable as NSIS, it will be deprecated and not a default windows target anymore.
NSIS was only added in the last few months (still beta I guess until auto-update lands #529 ) with the intent to replace Squirrel.Windows.
@tomzx Squirrel.Windows maybe not ‘deprecated’ but no longer being default, where Windows.NSIS will be default soon (I remember reading it in some issue comments, I’ll try find the link). @develar to confirm ?
Squirrel for Mac is still good though. It’s just Squirrel.Windows that is troublesome/changing.