Electron-builder: Best practice for setting codesigning env variables
I'm struggling setting the various code-signing environment variables (CSC_LINK, CSC_NAME etc.) on Mac OSX.
My Issue is that env variables set via npm scripts don't seem to be picked up by electron-builder. Here's how my npm script looks like:
export CSC_LINK=mylink && export CSC_KEY_PASSWORD=mypwd && build -w --x64
Note that while this doesn't work, if I set the variables via the terminal everything works correctly.
I'm guessing this is because the electron-builder code is being executed in a different process where env variables aren't available anymore, but I'm not sure. I basically have 2 questions:
- _should_ this work, ie is this the right way to set env variables in terms of best practices?
- if yes, is there a way we can ensure that env variables set via
npmscripts get picked up byelectron-builder?
guidupuy
All 9 comments
Never, please never use these env in your npm script (in any case Windows doesn't support it).
I hope you read https://github.com/electron-userland/electron-builder/wiki/Code-Signing
On OS X development machine it works without any configuration. Just import your cert to keychain. It will be automatically discovered and used.
On CI server see docs.
should this work,
It should, but be aware of special characters (for bash). I suppose bash just confused and doesn't set env correctly. In this case you can set CSC_LINK to base64 encoded data of file. Or try to escape link (and password).
develar
on 3 Jun 2016
To be clear — you use normal OS — OS X, not ugly Windows, so, for security reasons on development machine keychain is preferred way to store certs. No files, no env — it is all not secured (on CI env is secured because it is one-time isolated container).
develar
on 3 Jun 2016
I should have mentioned that I'm building on OSX targeting Windows, so I do need to set the CSC_LINK and CSC_KEY_PASSWORD env variables.
guidupuy
on 3 Jun 2016
And it's not a problem with special characters, since using the exact same export command directly in terminal works.
guidupuy
on 3 Jun 2016
since using the exact same export command directly in terminal works.
So use syntax CSC_LINK=mylink CSC_KEY_PASSWORD=mypwd build -w --x64 (not export).
I'm building on OSX targeting Windows, so I do need to set the
Hmm... it seems we should support this case. Do you want this feature or store cert in the fs is ok for you?
develar
on 3 Jun 2016
Stupid me... simply adding the env variables before calling build is enough for me.
guidupuy
on 3 Jun 2016
@develar
So use syntax
CSC_LINK=mylink CSC_KEY_PASSWORD=mypwd build -w --x64(not export).
is this the syntax to use in the npm script? Or somewhere else?
mzmousa
on 9 Jun 2016
In the npm script
Le jeudi 9 juin 2016, Muhammad Z. Mousa [email protected] a écrit :
@develar https://github.com/develar
So use syntax CSC_LINK=mylink CSC_KEY_PASSWORD=mypwd build -w --x64 (not
export).
is this the syntax to use in the npm script? Or somewhere else?—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
https://github.com/electron-userland/electron-builder/issues/466#issuecomment-225002640,
or mute the thread
https://github.com/notifications/unsubscribe/AA-oN7IUljBhrytiDmj2qiTpKIy2ixU7ks5qKGrxgaJpZM4ItnvL
.
guidupuy
on 10 Jun 2016
On Windows I had to use: CSC_LINK=mylink CSC_KEY_PASSWORD=mypwd && build
Note the addition of the double ampersand to join multiple statements on the command line.
daveywc
on 30 May 2017
Related issues
NPellet
·
3Comments
noahprince22
·
3Comments
antonycourtney
·
3Comments
talarari
·
3Comments
lbssousa
·
3Comments
Most helpful comment
In the npm script
Le jeudi 9 juin 2016, Muhammad Z. Mousa [email protected] a écrit :