Why sign.js is called 8 times?

[universeroc]

electron-builder: 20.43.0

electron-updater: 4.0.6

target: Windows 10

The part of package.json

"win": { "target": "nsis", "sign": "./sign.js" }

I'm using the code from https://www.electron.build/tutorials/code-signing-windows-apps-on-unix.html#integrate-signing-with-electron-builder

and the only diff is:

console.log('sign it!')

The full code of sign.js is:

exports.default = async function(configuration) { // do not include passwords or other sensitive data in the file // rather create environment variables with sensitive data const CERTIFICATE_NAME = 'WINDOWS_SIGN_CERTIFICATE_NAME'; const TOKEN_PASSWORD = 'WINDOWS_SIGN_TOKEN_PASSWORD'; console.log('sign it!') require("child_process").execSync(echo ${CERTIFICATE_NAME} ${TOKEN_PASSWORD}, { stdio: "inherit" } ); };

And then I run the command line: yarn dist

Then I get the "sign it" eight times!

I don't know why and how to write the specific sign.js to sign my binary files.

Please help me, thank you in advance! :)

[develar]

Because we need sign several binaries ;)

Why do you need custom sign function?

[universeroc]

Glad to get your reply so quickly! OK, as our CI flow use a customized sign tool, I can and only can use the customized sign.js to do the sign procedure.

I print the arguments configuration and see there only 4 files with isNest true and false so it runs 8 times

What should I do to get all other binary files to sign?

OR

I do the sign of all the binaries in the sign.js 8 times in one build ? @develar

[develar]

Each file is signed twice — sha1 (to support Windows 7) and sha256 (modern Windows versions).

If you don't want to support Windows 7 — you can set signingHashAlgorithms to ["sha256"]

"win": {
  "signingHashAlgorithms": ["sha256"]
}

I do the sign of all the binaries in the sign.js 8 times in one build

In your custom sign you should sign file according to passed configuration — see WindowsSignTaskConfiguration (and parent class WindowsSignOptions and so on).

Also, computeSignToolArgs(isWin: boolean) method in the passed configuration to compute signtool args.

[universeroc]

Each file is signed twice — sha1 (to support Windows 7) and sha256 (modern Windows versions).

If you don't want to support Windows 7 — you can set signingHashAlgorithms to ["sha256"]

"win": {
  "signingHashAlgorithms": ["sha256"]
}

I do the sign of all the binaries in the sign.js 8 times in one build

In your custom sign you should sign file according to passed configuration — see WindowsSignTaskConfiguration (and parent class WindowsSignOptions and so on).

Also, computeSignToolArgs(isWin: boolean) method in the passed configuration to compute signtool args.

OK, I'll try it, thank you