Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Code signing on Windows 10 builds a non-signed Windows 7 installer/executable
See original GitHub issue- Version: 6.7.7
- WinCodeSign: 1.4.2
- Target: Windows 7/10 ia32/x64
- Type: Squirrel installer
Hi,
I’ve been successful in building a code signed Windows 10 application using electron-builder. However, if I run the same installer under Windows 7, I see the following dialog window:
If I look at the properties of the executable, the Digital Signatures tab is missing, indicating that the executable is not signed.
However, if I do the same process under Windows 7, I have a different set of issues. I’m unsure if it is my computer of the codesign executable that is part of the WinCodeSign 1.4.2 package, but it will often crash with Unhandled rejection Error: Exit code: 3221225477 (see http://stackoverflow.com/a/10306977/108301, basically a segfault). If I run it multiple times (until it works), then I get a signed executable/installer. The security warning dialog box now displays the proper publisher name and the Digital Signatures is present in the properties of the executable.
Does this imply that it is not possible to to have an app signed for both Windows 7 and Windows 10?
Reference logs (When building on Windows 7):
E:\Tom\Documents\GIT\REMOVED>gulp installer-win32
(node:5388) fs: re-evaluating native module sources is not supported. If you are using the graceful-fs module, please update it to a more recent version.
[23:23:21] Using gulpfile E:\Tom\Documents\GIT\REMOVED\gulpfile.js
[23:23:21] Starting 'installer-win32'...
[23:23:21] Finished 'installer-win32' after 32 ms
Skip app dependencies rebuild because dev and app dependencies are not separated
Packaging for platform win32 ia32 using electron 1.1.3 to dist\win-ia32-unpacked
electron-builder Found existing nsis C:\Users\Tom\.cache\nsis\nsis-3.0.1 +0ms
electron-builder Found existing winCodeSign C:\Users\Tom\.cache\winCodeSign\winCodeSign-1.4.2 +3s
electron-builder Executing C:\Users\Tom\.cache\winCodeSign\winCodeSign-1.4.2\rcedit.exe E:\Tom\Documents\GIT\REMOVED\dist\win-ia32-unpacked\REMOVED.exe --set-version-string CompanyName REMOVED --set-version-string FileDescription REMOVED --set-version-string ProductName REMOVED --set-version-string InternalName REMOVED --set-version-string LegalCopyright Copyright © 2016 REMOVED --set-version-string OriginalFilename --set-file-version 1.1.0 --set-product-version 1.1.0 --set-icon E:\Tom\Documents\GIT\REMOVED\assets\package\win\icon.ico +2ms
Signing REMOVED.exe (certificate file "build\certs\REMOVED.p12")
electron-builder Executing C:\Users\Tom\.cache\winCodeSign\winCodeSign-1.4.2\windows-6\signtool.exe sign /t http://timestamp.verisign.com/scripts/timstamp.dll /f build\certs\REMOVED.p12 /d REMOVED /du https://REMOVED/ /p REMOVED E:\Tom\Documents\GIT\REMOVED\dist\win-ia32-unpacked\REMOVED.exe +170ms
electron-builder Executing C:\Users\Tom\.cache\winCodeSign\winCodeSign-1.4.2\windows-6\signtool.exe sign /tr http://timestamp.comodoca.com/rfc3161 /f build\certs\REMOVED.p12 /fd sha256 /td sha256 /d REMOVED /du https://REMOVED/ /as /p REMOVED E:\Tom\Documents\GIT\REMOVED\dist\win-ia32-unpacked\REMOVED.exe +538ms
Warning: For windows consider only distributing 64-bit, see https://github.com/electron-userland/electron-builder/issues/359#issuecomment-214851130
Building Squirrel.Windows installer
electron-builder Found existing Squirrel.Windows C:\Users\Tom\.cache\Squirrel.Windows\Squirrel.Windows-1.4.4 +1s
Signing t-150c-0-Update.exe (certificate file "build\certs\REMOVED.p12")
electron-builder Executing C:\Users\Tom\.cache\winCodeSign\winCodeSign-1.4.2\windows-6\signtool.exe sign /t http://timestamp.verisign.com/scripts/timstamp.dll /f build\certs\REMOVED.p12 /d REMOVED /du https://REMOVED/ /p REMOVED C:\Users\Tom\AppData\Local\Temp\electron-builder-CGxeG7\t-150c-0-Update.exe +31ms
electron-builder Executing C:\Users\Tom\.cache\winCodeSign\winCodeSign-1.4.2\windows-6\signtool.exe sign /tr http://timestamp.comodoca.com/rfc3161 /f build\certs\REMOVED.p12 /fd sha256 /td sha256 /d REMOVED /du https://REMOVED/ /as /p REMOVED C:\Users\Tom\AppData\Local\Temp\electron-builder-CGxeG7\t-150c-0-Update.exe +223ms
Unhandled rejection Error: Exit code: 3221225477. Command failed: C:\Users\Tom\.cache\winCodeSign\winCodeSign-1.4.2\windows-6\signtool.exe sign /tr http://timestamp.comodoca.com/rfc3161 /f build\certs\REMOVED.p12 /fd sha256 /td sha256 /d REMOVED /du https://REMOVED/ /as /p REMOVED C:\Users\Tom\AppData\Local\Temp\electron-builder-CGxeG7\t-150c-0-Update.exe
at E:\Tom\Documents\GIT\REMOVED\node_modules\electron-builder\src\util\util.ts:96:16
at ChildProcess.exithandler (child_process.js:213:5)
at emitTwo (events.js:106:13)
at ChildProcess.emit (events.js:191:7)
at maybeClose (internal/child_process.js:877:16)
at Process.ChildProcess._handle.onexit (internal/child_process.js:226:5)
From previous event:
at Object.exec (E:\Tom\Documents\GIT\REMOVED\node_modules\electron-builder\src\util\util.ts:77:9)
at E:\Tom\Documents\GIT\REMOVED\node_modules\electron-builder\src\windowsCodeSign.ts:114:20
From previous event:
at tsAwaiter (E:\Tom\Documents\GIT\REMOVED\node_modules\electron-builder\src\util\awaiter.ts:10:47)
at WinPackager.sign (E:\Tom\Documents\GIT\REMOVED\node_modules\electron-builder\src\winPackager.ts:123:26)
at bluebird_1.Promise.all.fs_extra_p_1.copy.then (E:\Tom\Documents\GIT\REMOVED\node_modules\electron-builder\src\targets\squirrelP
ack.ts:58:28)
at runCallback (timers.js:574:20)
at tryOnImmediate (timers.js:554:5)
at processImmediate [as _immediateCallback] (timers.js:533:5)
Issue Analytics
- State:
- Created 7 years ago
- Comments:15 (8 by maintainers)
Top Results From Across the Web
How to Sign an Unsigned Device Driver in Windows?
Today we'll show how to sign any unsigned driver for Windows x64 (the guide is applicable for Windows 11, 10, 8.1, and 7)....
Read more >Windows 10: How to install drivers which are not digitally signed
Windows device installation uses digital signatures to verify the ... Settings screen press 7 or F7 to disable driver signature enforcement.
Read more >Troubleshooting Driver Signing Installation - Windows drivers
Use Device Manager to check whether the driver is loaded and signed, as described in Verify that the Test-Signed Driver Is Operating Correctly ......
Read more >Driver code signing requirements - Windows
An attestation signed driver works on Windows 10. It doesn't work on earlier versions of Windows, such as Windows 8.1 and Windows 7,...
Read more >Manage code signing certificates - Windows drivers
Retire a code signing certificate · Go to Partner Center and sign in using with administrator credentials. · Select the gear icon in...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Should be no difference (e.g. sample app is still using Squirrel.Windows).
Yes, but as Squirrel.Windows is not so robust/maintainable as NSIS, it will be deprecated and not a default windows target anymore.
NSIS was only added in the last few months (still beta I guess until auto-update lands #529 ) with the intent to replace Squirrel.Windows.
@tomzx Squirrel.Windows maybe not ‘deprecated’ but no longer being default, where Windows.NSIS will be default soon (I remember reading it in some issue comments, I’ll try find the link). @develar to confirm ?
Squirrel for Mac is still good though. It’s just Squirrel.Windows that is troublesome/changing.