Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Using electron-builder for signing and publishing Windows app (with auto-update) by using EV dongle
See original GitHub issueVersion: 22.3.2 Electron Version: 8.0.3 Target: Windows
I want to ask about electron app signing process for Windows build on Ubuntu with electron-builder. I’m using EV certificate from digicert token. I’m following the steps described here: https://www.electron.build/tutorials/code-signing-windows-apps-on-unix and I’m able to sign the app by running this command:
osslsigncode sign -verbose -pkcs11engine /usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so -pkcs11module /lib/libeToken.so -h sha256 -n app-name -t https://timestamp.verisign.com/scripts/timestamp.dll -certs /link/to/cert.pem -key 'key-id-here' -pass 'password' -in /link/to/app.exe -out /link/to/app.signed.exe
But I want to integrate this with electron-builder by using custom signing script.
...
"win": {
"target": "nsis",
"sign": "./sign.js"
},
...
I know that electron-builder also generates .blockmap and .yml files which are required by electron-updater to handle the update process. I’ve noticed that sign.js script is called 8 times during building process, my question here is can I use osslisgncode tool in this custom sign.js script triggered by electron-bulider? If yes, there should be a possibility to pass the file name to sign.js scirpt to dynamically fill signing command ? My other question here is that possible to use custom signing script in electron-builder together with – p always option to also generate .blockmap and .yml files to handle auto-update for signed application.
Issue Analytics
- State:
- Created 3 years ago
- Comments:8
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
First of all, what you want demands some tinkering, and is not novice developer activity.
Below are my steps you need to also undertake.
Flow:
node -> npm run -> package.json -> electron-builder build -> script windows-sign.js -> java jsign -> output signed exeSetup:
javalocally, and includedjsign-3.1.jarin my project root.jsignto be setup to identify your dongle, so create a hardwareToken.cfg file as--keystore. More info here.winadd"sign": "scripts/windows-sign.js"(above file), see here.Run
npm run packageit runselectron-builder build --publish always --winunderscripts.windows-sign.jsis called automaticly when the exe is finished building (see setup step 3) and signs the exe using your EV dongle.@PatricNox Signing the installer doen’t sign the binaries inside it, you have to sign each executable separately.