I am getting an issue code-signing a Windows .exe build, on a Mac, using a .p12 certificate generated by Apple, and stored in the Mac keychain.
My electron-builder version is: 20.28.1 And the target build i'm trying to run is a Windows ia32 build.
Codesigning works for the Mac app fine. But when trying to sign the Windows build it's not able to sign it.
If possible I would like to try and sign Windows build on a macOS machine, as I've read this is possible in the docs (I hope I've read that correctly?)
After trying to codesign I check the build using:
codesign -dv [path/to/app/appname].exe
And always get (for the Windows build only, the Mac app signs fine):
code object is not signed at all
I am building for both Mac and Windows, but for Windows I only build for the ia32 architecture at the moment. Here is what my build config looks like in my package.json
"build": {
"appId": "[my-app-id]",
"files": [
"public/**/*",
"node_modules/**/*",
"package.json"
],
"directories": {
"buildResources": "build/resources"
},
"mac": {
"category": "public.app-category.productivity",
"target": [
"dmg",
"zip"
],
"publish": {
"provider": "s3",
"bucket": "[BUCKET_NAME]",
"path": "my-path"
}
},
"win": {
"target": [
{
"target": "nsis",
"arch": [
"ia32"
]
}
],
"publish": {
"provider": "s3",
"bucket": "[BUCKET NAME]",
"path": "my-path"
}
},
"extends": null
},
And here also is how my .env file looks, where I load up environment variables for electron-builder:
export ENV_NAME=staging
export CSC_NAME='[certificatename]' #example 1A3JKJD89O
export CSC_LINK=./path/to/mycert/cert.p12
export CSC_KEY_PASSWORD='my-passowrd'
export WIN_CSC_LINK=./path/to/mycert/cert.p12
export WIN_CSC_KEY_PASSWORD='my-passowrd'
export CSC_IDENTITY_AUTO_DISCOVERY=true
export DEBUG=electron-builder
export AWS_ACCESS_KEY_ID=[AWSKEYID]
export AWS_SECRET_ACCESS_KEY=[AWSSECRETACCESSKEY]
export AWS_S3_ENDPOINT=[S3ENDPOINT]
And finally, here's the yarn command I run to package the build (this is in a yarn script)
export $(grep -v '^#' ./path/t/my/env/file/staging.env | xargs) && electron-builder -p never -mw --ia32
I am not sure what I am missing here? Would anyone have an idea of what else I would need to do? Thanks! :)
On macOS/Linux you can build Electron app for Windows locally, except Appx for Windows Store (in the future (feel free to file issue) electron-build-service will support Appx target).
Run the DigiCert® Certificate Utility for Windows. Double-click DigiCertUtil. In the Certificate Export wizard, select Yes, export the private key, select pfx file, and then check Include all certificates in the certification path if possible, and finally, click Next.
Electron is an open source framework for creating native applications with web technologies like JavaScript, HTML, and CSS. It combines support for building and running applications cross platform on Mac, Windows, and Linux.
As far as I understand you have to use compatible certificates:
https://www.electron.build/code-signing
To sign an app on Windows, there are two types of certificates:
EV Code Signing Certificate
Code Signing Certificate
Personally getting the right certificate was hard. A certificate that will work for Windows is not easy to get, I had to go through a lot of paperwork to get this done. I hope that this article, will make your life easier: https://blog.dcpos.ch/how-to-make-your-electron-app-sexy
Go to the section: Signed Installers
Quoting the article:
To get a Windows signing certificate, we recommend Digicert. The documentation for Windows app signing is surprisingly bad. If you go with the wrong vendor, they'll ask you to mail them notarized paperwork. That makes it a slow and annoying process to get the cert. Digicert is easier: they just send you a password via Certified Mail, you go to the post office, show your ID to pick it up, and bam, you get your signing certificate.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With