.debug file is missing in ZXP file

[noamraby-ssky]

Hi,
I'm trying to sign ZXP that includes a .debug file. The Signing process is successful, but when I try to validate the ZXP the validation fails.
Further inspections shows the .debug does not exist in the ZXP (extracted the content) but it does show up in signature.xml

I'm using ZXPSignCmd.exe 4.1.103/win64.

Not sure if it's a feature or a bug...

Thanks in advance :)

[ErinFinnegan]

I don't think you're supposed to leave the .debug file in there, thus ZXPSign stripping it out. I don't think invisible files are allowed at all, so leaving, say, a .gitignore, can mess up the signing process. (Someone with more experience please tell me if I'm wrong here.)

Why do you want to keep the .debug file in your ZXP?

[Inventsable]

I've left .debug files in my ZXPs before without issue, sometimes it's easier to have a client open the CEFClient and report an issue happening only on their machine that I can't replicate.

Just testing signing an extension containing .debug using 4.1.103 for win64 though, and it does not remove the file on my end from the ZXP. @noamraby-ssky You're not using any kind of templating system, framework, library, or etc to do staging and signing?

[noamraby-ssky]

@ErinFinnegan I use it to deliver a bundle that's easier to QA. I used to go to our studio space and add the .debug file manually but now that everyone's remote "on machine" debugging is a little more challenging. This is not best practice but that's the best way to debug. Is there something that blocks .debug file from being added to the ZXP?

@Inventsable The build process is basically webpack and a script to update the manifest version. The strange thing we do in the ZXP creation process is to use ZXPSign.exe in a linux container using wine. It works great for ZXPs without the .debug file. Since I see the .debug file in the folder before the signing process and in the signature.xml I'm not sure what's the issue.

[noamraby-ssky]

TL;DR: Our build process caused ZXPSignCmd not to bundle hidden files, including .debug. This caused validation to fail.

Finally had some time to investigate and solve this issue. Here's the solution if someone comes across this thread.

The problem started when we moved all our CI to linux machines, so we couldn't use ZXPSignCmd binaries for Windows or MacOS. What our IT team suggested was wrap ZXPSignCmd with Wine on Ubuntu. The following works great unless you try to bundle hidden files -

#!/bin/bash
sudo apt-get update -q && apt-get install wine64 -y -q
dpkg --add-architecture i386 && apt-get update -q && apt-get install wine32 -y -q
wine ./ZXPSignCmd-win64-4.1.103.exe

You can now sign and verify ZXP bundles on Linux

#!/bin/bash
wine ./ZXPSignCmd-win64-4.1.103.exe -sign ...rest of the parameters
wine ./ZXPSignCmd-win64-4.1.103.exe -verify ...rest of the parameters

Notes:

• ZXPSignCmd.exe was renamed to indicate version
• Both x86 and x64 versions of wine are installed, and although ZXPSignCmd is x64, the command uses wine x86

Then we copied the .debug file to the extension folder and re-ran ZXPSignCmd. Signing always worked but verification failed every time. It looks like under wine, hidden files like .debug are not copied into the bundle, but they do appear in META-INF/signatures.xml. I verified this with other hidden files.
The solution was to unzip the ZXP bundle, add the .debug file and zip again

mkdir ./tmp
unzip -q ./temp-debug-build.zxp -d ./tmp
mv ./.debug ./tmp/.debug
cd ./tmp && zip -q -r ../extension-${BUILD_NUMBER}-debug.zxp . && cd .. 

Now the ZXP with debug file is valid and can be installed by uses without PlayerDebugMode flag. 🥳