Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Why sign.js is called 8 times? #3995

Closed
universeroc opened this issue Jun 25, 2019 · 4 comments

Comments

Projects
None yet
2 participants
@universeroc
Copy link

commented Jun 25, 2019

electron-builder: 20.43.0

electron-updater: 4.0.6

target: Windows 10

The part of package.json

"win": { "target": "nsis", "sign": "./sign.js" }

I'm using the code from https://www.electron.build/tutorials/code-signing-windows-apps-on-unix.html#integrate-signing-with-electron-builder

and the only diff is:

console.log('sign it!')

The full code of sign.js is:

exports.default = async function(configuration) { // do not include passwords or other sensitive data in the file // rather create environment variables with sensitive data const CERTIFICATE_NAME = 'WINDOWS_SIGN_CERTIFICATE_NAME'; const TOKEN_PASSWORD = 'WINDOWS_SIGN_TOKEN_PASSWORD'; console.log('sign it!') require("child_process").execSync(echo ${CERTIFICATE_NAME} ${TOKEN_PASSWORD}, { stdio: "inherit" } ); };

And then I run the command line: yarn dist

Then I get the "sign it" eight times!

I don't know why and how to write the specific sign.js to sign my binary files.

Please help me, thank you in advance! :)

@develar

This comment has been minimized.

Copy link
Member

commented Jun 25, 2019

Because we need sign several binaries ;)

Why do you need custom sign function?

@universeroc

This comment has been minimized.

Copy link
Author

commented Jun 26, 2019

Glad to get your reply so quickly! OK, as our CI flow use a customized sign tool, I can and only can use the customized sign.js to do the sign procedure.

I print the arguments configuration and see there only 4 files with isNest true and false so it runs 8 times

What should I do to get all other binary files to sign?

OR

I do the sign of all the binaries in the sign.js 8 times in one build ? @develar

@develar

This comment has been minimized.

Copy link
Member

commented Jun 26, 2019

Each file is signed twice — sha1 (to support Windows 7) and sha256 (modern Windows versions).

If you don't want to support Windows 7 — you can set signingHashAlgorithms to ["sha256"]

"win": {
  "signingHashAlgorithms": ["sha256"]
}

I do the sign of all the binaries in the sign.js 8 times in one build

In your custom sign you should sign file according to passed configuration — see WindowsSignTaskConfiguration (and parent class WindowsSignOptions and so on).

Also, computeSignToolArgs(isWin: boolean) method in the passed configuration to compute signtool args.

@universeroc

This comment has been minimized.

Copy link
Author

commented Jun 26, 2019

Each file is signed twice — sha1 (to support Windows 7) and sha256 (modern Windows versions).

If you don't want to support Windows 7 — you can set signingHashAlgorithms to ["sha256"]

"win": {
  "signingHashAlgorithms": ["sha256"]
}

I do the sign of all the binaries in the sign.js 8 times in one build

In your custom sign you should sign file according to passed configuration — see WindowsSignTaskConfiguration (and parent class WindowsSignOptions and so on).

Also, computeSignToolArgs(isWin: boolean) method in the passed configuration to compute signtool args.

OK, I'll try it, thank you

@develar develar closed this Jun 26, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.