Skip to content

fix: generate stubExecutableExe and sign it #8959

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 40 commits into from
Jul 31, 2025
Merged

fix: generate stubExecutableExe and sign it #8959

merged 40 commits into from
Jul 31, 2025

Conversation

beyondkmp
Copy link
Collaborator

@beyondkmp beyondkmp commented Mar 14, 2025
edited
Loading

fix #8952

Root Cause

when createExecutableStubForExe is executed, WriteZipToSetup writes information to the file, essentially creating a new file, which invalidates the original signature.
Image

https://github.com/Squirrel/Squirrel.Windows/blob/51f5e2cb01add79280a53d51e8d0cfa20f8c9f9f/src/Update/Program.cs#L633-L647

Image

How to fix
Apply a patch to the Squirrel Windows source code(Squirrel/Squirrel.Windows#1903). For the existing stub exe files, don't generate them anymore. Then, a new stub exe can be generated in Electron Builder and signed.

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Mar 14, 2025
edited
Loading

🦋 Changeset detected

Latest commit: afa0513

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 8 packages
Name Type
electron-builder-squirrel-windows Patch
app-builder-lib Patch
dmg-builder Patch
electron-builder Patch
electron-forge-maker-appimage Patch
electron-forge-maker-nsis-web Patch
electron-forge-maker-nsis Patch
electron-forge-maker-snap Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@beyondkmp beyondkmp marked this pull request as draft March 14, 2025 08:06
@beyondkmp beyondkmp mentioned this pull request Mar 15, 2025
Closed
@beyondkmp beyondkmp marked this pull request as ready for review March 16, 2025 01:12
@beyondkmp beyondkmp requested a review from mmaietta March 16, 2025 01:47
mmaietta
mmaietta reviewed Mar 16, 2025
View reviewed changes
@t3chguy
Copy link
Contributor

t3chguy commented Mar 17, 2025
edited
Loading

Seems to fail to build at least for ARM64 package: https://github.com/element-hq/element-desktop/actions/runs/13895690921/job/38875908510?pr=2211 looks like my testing is insufficient, doesn't bring in the vendor dir - looks like patch-package doesn't support binary files ds300/patch-package#193

@t3chguy
Copy link
Contributor

t3chguy commented Mar 17, 2025

Looks like package.json files needs updating to include vendor dir

@t3chguy
Copy link
Contributor

t3chguy commented Mar 17, 2025

image

Looks like it works sans the package.json not including vendor in the package - good job @beyondkmp

I also checked that the number of signings remained the same

mmaietta
mmaietta reviewed Mar 17, 2025
View reviewed changes
Copy link
Collaborator

@mmaietta mmaietta left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding the vendor directory adds a few megabytes (quick maffs) to the repo, which is the antipattern from what electron-builder-binaries is supposed to be used for. IIRC though, the squirrel windows target/package must be installed separately and isn't part of the electron-builder dependency tree, right? In this case, I think it's safe to add the vendor files (albeit I'll still need to verify file origin). In general though, we should avoid adding vendor files directly to electron-builder unless absolutely necessary (which is the case with this fix)

@t3chguy
Copy link
Contributor

t3chguy commented Mar 17, 2025

the squirrel windows target/package must be installed separately and isn't part of the electron-builder dependency tree, right?

Yup, electron-builder-squirrel-windows https://www.npmjs.com/package/electron-builder-squirrel-windows is not a transitive dependency of electron-builder

@beyondkmp
Copy link
Collaborator Author

Looks like package.json files needs updating to include vendor dir

my bad. Added.

@beyondkmp
Copy link
Collaborator Author

These vendor files are copied from the GitHub Actions workflow at https://github.com/beyondkmp/Squirrel.Windows/actions/runs/13871759240/job/38819263248 and the other files(like 7zip,nuget) are copiled from https://github.com/electron/windows-installer/tree/main/vendor.

https://github.com/Squirrel/Squirrel.Windows/pull/1903/files
The code changes for Squirrel Windows are located here.

@beyondkmp beyondkmp requested a review from mmaietta June 22, 2025 01:30
@t3chguy
Copy link
Contributor

t3chguy commented Jul 16, 2025

Hey @beyondkmp - any light at the end of this tunnel?

@beyondkmp
Copy link
Collaborator Author

@mmaietta Please help review again when you have a chance.

mmaietta
mmaietta previously approved these changes Jul 30, 2025
View reviewed changes
@beyondkmp beyondkmp requested a review from mmaietta July 31, 2025 03:21
@beyondkmp beyondkmp merged commit 0ad8f91 into electron-userland:master Jul 31, 2025
18 of 19 checks passed
@github-actions github-actions bot mentioned this pull request Jul 30, 2025
Open
@beyondkmp beyondkmp deleted the StubExecutable branch July 31, 2025 05:05
@github-actions github-actions bot mentioned this pull request Jul 31, 2025
Open
daihere1993 pushed a commit to daihere1993/electron-builder that referenced this pull request Jul 31, 2025
@beyondkmp @mmaietta @daihere1993
fix: generate stubExecutableExe and sign it (electron-userland#8959)
9263ba2 
fix electron-userland#8952

**Root Cause**

when createExecutableStubForExe is executed, WriteZipToSetup writes
information to the file, essentially creating a new file, which
invalidates the original signature.

![Image](https://github.com/user-attachments/assets/9f5b0f4b-8f50-4373-8dad-45b00a730ee1)


https://github.com/Squirrel/Squirrel.Windows/blob/51f5e2cb01add79280a53d51e8d0cfa20f8c9f9f/src/Update/Program.cs#L633-L647


![Image](https://github.com/user-attachments/assets/f0ea1e22-9727-4599-a836-1fa1f3c77dcc)

**How to fix**
Apply a patch to the Squirrel Windows source
code(Squirrel/Squirrel.Windows#1903). For the
existing stub exe files, don't generate them anymore. Then, a new stub
exe can be generated in Electron Builder and signed.

---------

Co-authored-by: Mike Maietta <mmaietta@users.noreply.github.com>
This was referenced Aug 1, 2025
Open
Closed
Open
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mmaietta mmaietta

Assignees
No one assigned
Labels
Squirrel.Windows
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Missing signature on Squirrel ExecutionStub
3 participants
@beyondkmp @t3chguy @mmaietta