Electron-builder: windows installer not signed when building on mac

How do you specify win cert, please specify used options? And please attach build log.

Sorry it took a while to reply.

I wasn't specifying the win cert because I thought that it would be picked up automatically like for mac signing, maybe that is my problem?

My build log (removed dep install because it is very long):

Signing app (identity: Oseberg)

Creating DMG
Creating MacOS zip
Skip app dependencies rebuild because platform is different
Packaging for platform win32 x64 using electron 1.2.5 to build/download/win-unpacked

Building Squirrel.Windows installer

would be picked up automatically like for mac signing, maybe that is my problem

You cannot use Apple cert to sign windows app. So, we don't use discovered cert on Mac to sign windows app. Or do you have non-Apple cert in your MacOS keychain and expect that it will be used?

I see, I thought that code signing certificates are universal, my mistake.

If I obtain a windows specific code signing cert and keep it on my mac dev machine am I able to specify it to be used for the windows build while still having the mac cert in my keychain be auto detected and used to sign the mac build?

Yes. Using cert file/password. I will support cert from Mac keychain to sign win app soon.

@develar

Sorry for bringing up an old issue, but can you elaborate further on "Using cert file/password"? By this do you mean setting the CSC_LINK and CSC_KEY_PASSWORD variables? And if we do set these to the windows code signing cert, it will still pick up the Apple cert in keychain automatically?

@Mercieral If you build macOS and windows on one machine, you cannot specify different CSC_LINK/CSC_KEY_PASSWORD — but you need to (because certs are different). And what to do? Solution — set build.win.certificateFile/build.win.certificatePassword (or reuse CSC_KEY_PASSWORD to avoid password in the package.json — you can use the same password for both certs).

If you build win on win machine, just use CSC_LINK/CSC_KEY_PASSWORD .

@develar Ah ok, build.win.certificateFile/build.win.certificatePassword are not in the wiki/options docs (as with build.npmRebuild).

Thanks!

@develar I'm having this error when using CSC_LINK and CSC_KEY_PASSWORD as you've mentioned above:

Packaging for platform darwin x64 using electron 1.3.2 to build/download/mac

Signing app (identity: Oseberg, L.L.C.)

Creating DMG
Creating MacOS zip
Skip app dependencies rebuild because platform is different
Packaging for platform win32 x64 using electron 1.3.2 to build/download/win-unpacked

Signing Atla.exe (certificate file "/Users/build/Documents/signing/cert.p12")
Error: /Users/build/.cache/winCodeSign/winCodeSign-1.0.0/darwin/osslsigncode exited with code null
    at ChildProcess.childProcess.on.code (/Users/build/projects/atla/atla-main-build-repo/node_modules/electron-builder/src/util/util.ts:136:14)
    at emitTwo (events.js:106:13)
    at ChildProcess.emit (events.js:191:7)
    at maybeClose (internal/child_process.js:852:16)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:215:5)
From previous event:
    at Object.spawn (/Users/build/projects/atla/atla-main-build-repo/node_modules/electron-builder/src/util/util.ts:115:9)
    at /Users/build/projects/atla/atla-main-build-repo/node_modules/electron-builder/src/windowsCodeSign.ts:101:21
    at next (native)
    at runCallback (timers.js:574:20)
    at tryOnImmediate (timers.js:554:5)
    at processImmediate [as _immediateCallback] (timers.js:533:5)
From previous event:
    at tsAwaiter (/Users/build/projects/atla/atla-main-build-repo/node_modules/electron-builder/src/util/awaiter.ts:10:47)
    at Object.build (/Users/build/projects/atla/atla-main-build-repo/node_modules/electron-builder/src/builder.ts:195:52)
    at Object.<anonymous> (/Users/build/projects/atla/atla-main-build-repo/node_modules/electron-builder/src/build-cli.ts:27:28)
    at Module._compile (module.js:556:32)
    at Object.Module._extensions..js (module.js:565:10)
    at Module.load (module.js:473:32)
    at tryModuleLoad (module.js:432:12)
    at Function.Module._load (module.js:424:3)
    at Module.runMain (module.js:590:10)
    at run (bootstrap_node.js:394:7)
    at startup (bootstrap_node.js:149:9)
    at bootstrap_node.js:509:3

Do you know what might be causing this?

If I sign the Windows version of the app on my own using osslsigncode, everything works fine. Is there anyway that I can disable the windows signing and sign it myself as a temporary work around?

edit: I found a workaround to disable the windows signing so that I can sign it myself in the meantime by setting signingHashAlgorithms in build.win to an empty array.

@symbyte You cannot sign, a lot of files should be signed during build (not after). Please enable debug — set env DEBUG=electron-builder.

@develar here is the output after setting up the DEBUG env variable =

  electron-builder /usr/local/bin/node (89416) exited with code 0 +2m
Packaging for platform darwin x64 using electron 1.3.2 to build/download/mac

  electron-builder Executing security find-identity -v /var/folders/4g/4g8nl_hd6y12rj3rpysm3wnh0000gp/T/csc-1wzp-isg215wt-0.keychain +1m
  electron-builder Executing security find-identity -v -p codesigning /var/folders/4g/4g8nl_hd6y12rj3rpysm3wnh0000gp/T/csc-1wzp-isg215wt-0.keychain +15ms
Signing app (identity: Oseberg, L.L.C.)

Creating DMG
Creating MacOS zip
  electron-builder Executing wine --version +59s
Skip app dependencies rebuild because platform is different
  electron-builder appdmg: {
  "target": "/Users/build/projects/build/atla-main/build/download/mac/Atla-0.3.12.dmg",
  "basepath": "/Users/build/projects/build/atla-main",
  "specification": {
    "title": "Atla",
    "icon-size": 80,
    "contents": [
      {
        "x": 410,
        "y": 220,
        "type": "link",
        "path": "/Applications"
      },
      {
        "x": 130,
        "y": 220,
        "type": "file",
        "path": "/Users/build/projects/build/atla-main/build/download/mac/Atla.app"
      }
    ],
    "format": "UDBZ",
    "icon": "/Users/build/projects/build/atla-main/src/images/oseberg.icns"
  }
} +387ms
  electron-builder appdmg: [1] Looking for target +9ms
  electron-builder Spawning /Users/build/projects/build/atla-main/node_modules/7zip-bin-osx/7za a -bd -mm=Deflate /Users/build/projects/build/atla-main/build/download/mac/Atla-0.3.12-mac.zip /Users/build/projects/build/atla-main/build/download/mac/Atla.app +8ms
  electron-builder Found existing nsis /Users/build/.cache/nsis/nsis-3.0.0 +7ms
  electron-builder appdmg: [2] Reading JSON Specification +4ms
  electron-builder appdmg: [3] Parsing JSON Specification +0ms
  electron-builder appdmg: [4] Validating JSON Specification +1ms
  electron-builder appdmg: [5] Looking for files +2ms
  electron-builder appdmg: [6] Calculating size of image +3ms

7-Zip (a) [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21
p7zip Version 16.02 (locale=utf8,Utf16=on,HugeFiles=on,64 bits,4 CPUs x64)

Scanning the drive:
151 folders, 185 files, 673677109 bytes (643 MiB)

Creating archive: /Users/build/projects/build/atla-main/build/download/mac/Atla-0.3.12-mac.zip

Items to compress: 336

Packaging for platform win32 x64 using electron 1.3.2 to build/download/win-unpacked

  electron-builder appdmg: [7] Creating temporary image +31ms
  electron-builder appdmg: [8] Mounting temporary image +10s
  electron-builder appdmg: [9] Making hidden background folder +2s
  electron-builder appdmg: [10] Copying background +97ms
  electron-builder appdmg: [11] Reading background dimensions +0ms
  electron-builder appdmg: [12] Copying icon +1ms
  electron-builder appdmg: [13] Setting icon +779ms
  electron-builder appdmg: [14] Creating links +52ms
  electron-builder appdmg: [15] Copying files +39ms
  electron-builder appdmg: [16] Making all the visuals +6s
  electron-builder appdmg: [17] Blessing image +3s
  electron-builder appdmg: [18] Unmounting temporary image +740ms
  electron-builder appdmg: [19] Finalizing image +778ms
  electron-builder appdmg: [20] Removing temporary image +1m
Signing Atla.exe (certificate file "/Users/build/Documents/signing/cert.p12")
  electron-builder Found existing winCodeSign /Users/build/.cache/winCodeSign/winCodeSign-1.0.0 +15s
  electron-builder Spawning /Users/build/.cache/winCodeSign/winCodeSign-1.0.0/darwin/osslsigncode -in /Users/build/projects/build/atla-main/build/download/win-unpacked/Atla.exe -out /Users/build/projects/build/atla-main/build/download/win-unpacked/Atla-signed-sha1.exe -t http://timestamp.verisign.com/scripts/timstamp.dll -pkcs12 /Users/build/Documents/signing/cert.p12 -h sha1 -n Atla -pass dVq9Kw5g4UPFV5SiROdhFET7oZoVRkxG +1ms
  electron-builder Executing security delete-keychain /var/folders/4g/4g8nl_hd6y12rj3rpysm3wnh0000gp/T/csc-1wzp-isg215wt-0.keychain +1s
Error: /Users/build/.cache/winCodeSign/winCodeSign-1.0.0/darwin/osslsigncode exited with code null
    at ChildProcess.childProcess.on.code (/Users/build/projects/build/atla-main/node_modules/electron-builder/src/util/util.ts:136:14)
    at emitTwo (events.js:106:13)
    at ChildProcess.emit (events.js:191:7)
    at maybeClose (internal/child_process.js:852:16)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:215:5)
From previous event:
    at Object.spawn (/Users/build/projects/build/atla-main/node_modules/electron-builder/src/util/util.ts:115:9)
    at /Users/build/projects/build/atla-main/node_modules/electron-builder/src/windowsCodeSign.ts:101:21
    at next (native)
    at runCallback (timers.js:574:20)
    at tryOnImmediate (timers.js:554:5)
    at processImmediate [as _immediateCallback] (timers.js:533:5)
From previous event:
    at tsAwaiter (/Users/build/projects/build/atla-main/node_modules/electron-builder/src/util/awaiter.ts:10:47)
    at Object.build (/Users/build/projects/build/atla-main/node_modules/electron-builder/src/builder.ts:195:52)
    at Object.<anonymous> (/Users/build/projects/build/atla-main/node_modules/electron-builder/src/build-cli.ts:27:28)
    at Module._compile (module.js:556:32)
    at Object.Module._extensions..js (module.js:565:10)
    at Module.load (module.js:473:32)
    at tryModuleLoad (module.js:432:12)
    at Function.Module._load (module.js:424:3)
    at Module.runMain (module.js:590:10)
    at run (bootstrap_node.js:394:7)
    at startup (bootstrap_node.js:149:9)
    at bootstrap_node.js:509:3

Found existing winCodeSign /Users/build/.cache/winCodeSign/winCodeSign-1.0.0

@symbyte It seems you use outdated version of electron-builder, please try 6.3.0.

Thanks @develar, that was the problem. I appreciate your help.

Closed in favour of #548