Electron-builder: Windows publisherName doesn't match code sign cert
Version:
"electron": "^1.6.11",
"electron-builder": "^19.11.1",
"electron-publisher-s3": "^19.5.0",
"electron-updater": "^2.4.3"Target:
build --win --publish always --x64
// build config
...
"productName": "Wayhome",
"artifactName": "${productName}-setup-${version}.${ext}",
"publish": {
"provider": "s3",
"bucket": "mybucket",
"path": "${channel}/${os}"
},
"appId": "com.Wayhome.desktop",
"forceCodeSigning": true,
"win": {
"icon": "./resources/icon.ico",
"signingHashAlgorithms": ["sha256"],
"target": ["nsis"],
"publisherName": "WAYHOME, INC." // this matches the p12 cert CN
},
Think this is related to #1641
With the above config, app-update.yml on my development machine looks like this (note that publisherName should equal WAYHOME,INC, no quotes or dash)
publisherName:
- 'WAYHOME, INC.'
provider: s3
bucket: mybucket
path: beta/win
channel: beta
&& it looks the same once it's installed on Windows.
Since this publisherName doesn't match my cert, it's giving me the error pasted at the bottom.
If I omit publisherName from the config and let it default to the cert, app-update.yml ends up with:
publisherName:
- |-
WAYHOME, INC.
issuer=
provider: s3
bucket: mybucket
path: beta/win
channel: beta
If I manually change the app-update.yml to this:
publisherName: WAYHOME, INC.
provider: s3
bucket: mybucket
path: beta/win
channel: beta
...update works as expected.
Signs don't match error:
[2017-06-30 11:12:34:0854] [error] Error: New version 1.0.3-beta.17 is not signed by the application owner: {
"SignerCertificate": {
"FriendlyName": "",
"IssuerName": {
"Name": "CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB",
"Oid": "System.Security.Cryptography.Oid"
},
"NotAfter": "/Date(1528934399000)/",
"NotBefore": "/Date(1497312000000)/",
"PrivateKey": null,
"PublicKey": {
"Key": "System.Security.Cryptography.RSACryptoServiceProvider",
"Oid": "System.Security.Cryptography.Oid",
"EncodedKeyValue": "System.Security.Cryptography.AsnEncodedData",
"EncodedParameters": "System.Security.Cryptography.AsnEncodedData"
},
"SerialNumber": "...",
"SignatureAlgorithm": {
"Value": "1.2.840.113549.1.1.11",
"FriendlyName": "sha256RSA"
},
"Thumbprint": "...",
"Version": 3,
"Issuer": "CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB",
"Subject": "CN=\"WAYHOME, INC.\", O=\"...address etc"
},
"TimeStamperCertificate": null,
"Status": 0,
"StatusMessage": "Signature verified."
}
at C:\Users\brand\AppData\Local\Programs\wayhome\resources\app.asar\webpack:\~\electron-updater\out\NsisUpdater.js:121:1
From previous event:
at _e.doDownloadUpdate (C:\Users\brand\AppData\Local\Programs\wayhome\resources\app.asar\webpack:\~\electron-updater\out\NsisUpdater.js:129:1)
at C:\Users\brand\AppData\Local\Programs\wayhome\resources\app.asar\webpack:\~\electron-updater\out\AppUpdater.js:320:1
at Generator.next (<anonymous>)
From previous event:
at _e.downloadUpdate (C:\Users\brand\AppData\Local\Programs\wayhome\resources\app.asar\webpack:\~\electron-updater\out\AppUpdater.js:326:1)
at C:\Users\brand\AppData\Local\Programs\wayhome\resources\app.asar\webpack:\~\electron-updater\out\AppUpdater.js:293:1
From previous event:
at _e.doCheckForUpdates (C:\Users\brand\AppData\Local\Programs\wayhome\resources\app.asar\webpack:\~\electron-updater\out\AppUpdater.js:296:1)
at C:\Users\brand\AppData\Local\Programs\wayhome\resources\app.asar\webpack:\~\electron-updater\out\AppUpdater.js:250:1
at Generator.next (<anonymous>)
at runCallback (timers.js:651:20)
at tryOnImmediate (timers.js:624:5)
at processImmediate [as _immediateCallback] (timers.js:596:5)
From previous event:
at _e._checkForUpdates (C:\Users\brand\AppData\Local\Programs\wayhome\resources\app.asar\webpack:\~\electron-updater\out\AppUpdater.js:255:1)
at _e.checkForUpdates (C:\Users\brand\AppData\Local\Programs\wayhome\resources\app.asar\webpack:\~\electron-updater\out\AppUpdater.js:213:1)
at App.<anonymous> (C:\Users\brand\AppData\Local\Programs\wayhome\resources\app.asar\webpack:\app\auto-updating\auto-updater.js:6:1)
at emitTwo (events.js:111:20)
at App.emit (events.js:191:7)
bug
brandonmp
All 7 comments
Please set env DEBUG=electron-builder:* and attach log of the terminal output (without explicitly defined name). To make clearing this name was computed.
develar
on 1 Jul 2017
thanks @develar. here's relevant output from build --win --x64 --publish never with no build.publisherName defined
click to show debug log
> [email protected] release-win:beta /home/bmp/code/wayhome/electron-poc
> bnr release-win:beta
running better-npm-run in /home/bmp/code/wayhome/electron-poc
Executing script: release-win:beta
to be executed: npm run build && build --win --publish never --x64
> [email protected] build /home/bmp/code/wayhome/electron-poc
> concurrently "npm run build-main" "npm run build-renderer"
[0]
[0] > [email protected] build-main /home/bmp/code/wayhome/electron-poc
[0] > cross-env NODE_ENV=production node --trace-warnings -r babel-register ./node_modules/webpack/bin/webpack --config webpack.config.main.prod.js --progress --profile --colors
[0]
[1]
[1] > [email protected] build-renderer /home/bmp/code/wayhome/electron-poc
[1] > cross-env NODE_ENV=production node --trace-warnings -r babel-register ./node_modules/webpack/bin/webpack --config webpack.config.renderer.prod.js --progress --profile --colors
*** removed 10k lines of webpack build spam
[1] npm run build-renderer exited with code 0
electron-builder 19.11.1
No native production dependencies
Packaging for win32 x64 using electron 1.6.11 to release/win-unpacked
Building NSIS installer
Packaging NSIS installer for arch x64
7-Zip (a) [64] 15.14 : Copyright (c) 1999-2015 Igor Pavlov : 2015-12-31
p7zip Version 15.14.1 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,64 bits,4 CPUs Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz (506E3),ASM,AES-NI)
Scanning the drive:
2 folders, 75 files, 169014845 bytes (162 MiB)
Creating archive: /home/bmp/code/wayhome/electron-poc/release/wayhome-1.0.3-x64.nsis.7z
Items to compress: 77
A Wayhome.exe
A d3dcompiler_47.dll
A ffmpeg.dll
A libEGL.dll
A libGLESv2.dll
A node.dll
A resources/elevate.exe
+ LICENSE.electron.txt
+ LICENSES.chromium.html
+ blink_image_resources_200_percent.pak
+ content_resources_200_percent.pak
+ content_shell.pak
+ icudtl.dat
+ locales/am.pak
+ locales/ar.pak
+ locales/bg.pak
+ locales/bn.pak
+ locales/ca.pak
+ locales/cs.pak
+ locales/da.pak
+ locales/de.pak
+ locales/el.pak
+ locales/en-GB.pak
+ locales/en-US.pak
+ locales/es-419.pak
+ locales/es.pak
+ locales/et.pak
+ locales/fa.pak
+ locales/fake-bidi.pak
+ locales/fi.pak
+ locales/fil.pak
+ locales/fr.pak
+ locales/gu.pak
+ locales/he.pak
+ locales/hi.pak
+ locales/hr.pak
+ locales/hu.pak
+ locales/id.pak
+ locales/it.pak
+ locales/ja.pak
+ locales/kn.pak
+ locales/ko.pak
+ locales/lt.pak
+ locales/lv.pak
+ locales/ml.pak
+ locales/mr.pak
+ locales/ms.pak
+ locales/nb.pak
+ locales/nl.pak
+ locales/pl.pak
+ locales/pt-BR.pak
+ locales/pt-PT.pak
+ locales/ro.pak
+ locales/ru.pak
+ locales/sk.pak
+ locales/sl.pak
+ locales/sr.pak
+ locales/sv.pak
+ locales/sw.pak
+ locales/ta.pak
+ locales/te.pak
+ locales/th.pak
+ locales/tr.pak
+ locales/uk.pak
+ locales/vi.pak
+ locales/zh-CN.pak
+ locales/zh-TW.pak
+ natives_blob.bin
+ pdf_viewer_resources.pak
+ resources/app-update.yml
+ resources/app.asar
+ resources/electron.asar
+ snapshot_blob.bin
+ ui_resources_200_percent.pak
+ views_resources_200_percent.pak
+ Wayhome.exe
+ d3dcompiler_47.dll
+ ffmpeg.dll
+ libEGL.dll
+ libGLESv2.dll
+ node.dll
+ resources/elevate.exe
Files read from disk: 75
Archive size: 36221496 bytes (35 MiB)
Everything is Ok
NSIS script:
!addincludedir "/home/bmp/code/wayhome/electron-poc/node_modules/electron-builder/templates/nsis/include"
!addplugindir /x86-unicode "/home/bmp/.cache/electron-builder/nsis-resources/nsis-resources-3.0.0/plugins/x86-unicode"
!addplugindir /x86-unicode "/home/bmp/code/wayhome/electron-poc/resources/x86-unicode"
!include "/run/user/1000/snap.vscode/electron-builder-GXdKCK/0-2-messages.nsh"
Var startMenuLink
Var desktopLink
!include "common.nsh"
!include "MUI2.nsh"
!include "multiUser.nsh"
!include "allowOnlyOneInstallerInstance.nsh"
!ifdef INSTALL_MODE_PER_ALL_USERS
!ifdef BUILD_UNINSTALLER
RequestExecutionLevel user
!else
RequestExecutionLevel admin
!endif
!else
RequestExecutionLevel user
!endif
!ifdef ONE_CLICK
!include "oneClick.nsh"
!else
!include "boringInstaller.nsh"
!endif
!ifmacrodef customHeader
!insertmacro customHeader
!endif
!ifdef BUILD_UNINSTALLER
SilentInstall silent
!else
Var appExe
!endif
Function .onInit
!ifmacrodef preInit
!insertmacro preInit
!endif
!ifdef BUILD_UNINSTALLER
WriteUninstaller "${UNINSTALLER_OUT_FILE}"
!insertmacro quitSuccess
!else
!insertmacro check64BitAndSetRegView
!ifdef ONE_CLICK
!insertmacro ALLOW_ONLY_ONE_INSTALLER_INSTANCE
!else
${IfNot} ${UAC_IsInnerInstance}
!insertmacro ALLOW_ONLY_ONE_INSTALLER_INSTANCE
${EndIf}
!endif
!insertmacro initMultiUser
!ifmacrodef customInit
!insertmacro customInit
!endif
!endif
FunctionEnd
!ifndef BUILD_UNINSTALLER
!include "installUtil.nsh"
!endif
Section "install"
!ifndef BUILD_UNINSTALLER
!include "installSection.nsh"
!endif
SectionEnd
!ifdef BUILD_UNINSTALLER
!include "uninstaller.nsh"
!endif
---
End of NSIS script.
Command line defined: "APP_ID=com.Wayhome.desktop"
Command line defined: "APP_GUID=/* redacted b/c idk what this is*/"
Command line defined: "PRODUCT_NAME=Wayhome"
Command line defined: "PRODUCT_FILENAME=Wayhome"
Command line defined: "APP_FILENAME=wayhome"
Command line defined: "APP_DESCRIPTION=Wayhome lets you learn about houses & apartments from other people, not just real estate agents."
Command line defined: "VERSION=1.0.3"
Command line defined: "PROJECT_DIR=/home/bmp/code/wayhome/electron-poc"
Command line defined: "BUILD_RESOURCES_DIR=/home/bmp/code/wayhome/electron-poc/resources"
Command line defined: "COMPANY_NAME=Wayhome"
Command line defined: "APP_PRODUCT_FILENAME=Wayhome"
Command line defined: "MUI_ICON=/home/bmp/code/wayhome/electron-poc/resources/icon.ico"
Command line defined: "MUI_UNICON=/home/bmp/code/wayhome/electron-poc/resources/icon.ico"
Command line defined: "APP_64=/home/bmp/code/wayhome/electron-poc/release/wayhome-1.0.3-x64.nsis.7z"
Command line defined: "APP_64_NAME=wayhome-1.0.3-x64.nsis.7z"
Command line defined: "COMPRESSION_METHOD=7z"
Command line defined: "ONE_CLICK"
Command line defined: "RUN_AFTER_FINISH"
Command line defined: "MULTI_LANGUAGE_INSTALLER"
Command line defined: "UNINSTALL_DISPLAY_NAME=Wayhome 1.0.3"
Command line defined: "COMPRESS=auto"
Command line defined: "BUILD_UNINSTALLER"
Command line defined: "UNINSTALLER_OUT_FILE=Z:\run\user\1000\snap.vscode\electron-builder-GXdKCK\0-1-uninstaller.exe"
Processing script file: "<stdin>" (UTF8)
Processed 1 file, 10 command line commands, writing output (x86-unicode):
Output: "/home/bmp/code/wayhome/electron-poc/release/Wayhome-setup-1.0.3.exe"
Install: 1 page (64 bytes), 1 section (32792 bytes), 44 instructions (1232 bytes), 2651 strings (23548 bytes), 21 language tables (4074 bytes).
Uninstall: 1 page (128 bytes), 1 section (32792 bytes), 546 instructions (15288 bytes), 4038 strings (40708 bytes), 21 language tables (5166 bytes).
Using lzma compression.
EXE header size: 411136 / 37376 bytes
Install code: 7369 / 45766 bytes
Install data: 0 / 8 bytes
Uninstall code+data: 36918 / 392601 bytes
CRC (0xCD7D669E): 4 / 4 bytes
Total size: 455427 / 475755 bytes (95.7%)
Signing NSIS uninstaller (certificate file: "/home/bmp/code/wayhome/electron-poc/config/certs/wayhome-code-sign-win.p12")
NSIS script:
!addincludedir "/home/bmp/code/wayhome/electron-poc/node_modules/electron-builder/templates/nsis/include"
!addplugindir /x86-unicode "/home/bmp/.cache/electron-builder/nsis-resources/nsis-resources-3.0.0/plugins/x86-unicode"
!addplugindir /x86-unicode "/home/bmp/code/wayhome/electron-poc/resources/x86-unicode"
!include "/run/user/1000/snap.vscode/electron-builder-GXdKCK/0-3-messages.nsh"
Var startMenuLink
Var desktopLink
!include "common.nsh"
!include "MUI2.nsh"
!include "multiUser.nsh"
!include "allowOnlyOneInstallerInstance.nsh"
!ifdef INSTALL_MODE_PER_ALL_USERS
!ifdef BUILD_UNINSTALLER
RequestExecutionLevel user
!else
RequestExecutionLevel admin
!endif
!else
RequestExecutionLevel user
!endif
!ifdef ONE_CLICK
!include "oneClick.nsh"
!else
!include "boringInstaller.nsh"
!endif
!ifmacrodef customHeader
!insertmacro customHeader
!endif
!ifdef BUILD_UNINSTALLER
SilentInstall silent
!else
Var appExe
!endif
Function .onInit
!ifmacrodef preInit
!insertmacro preInit
!endif
!ifdef BUILD_UNINSTALLER
WriteUninstaller "${UNINSTALLER_OUT_FILE}"
!insertmacro quitSuccess
!else
!insertmacro check64BitAndSetRegView
!ifdef ONE_CLICK
!insertmacro ALLOW_ONLY_ONE_INSTALLER_INSTANCE
!else
${IfNot} ${UAC_IsInnerInstance}
!insertmacro ALLOW_ONLY_ONE_INSTALLER_INSTANCE
${EndIf}
!endif
!insertmacro initMultiUser
!ifmacrodef customInit
!insertmacro customInit
!endif
!endif
FunctionEnd
!ifndef BUILD_UNINSTALLER
!include "installUtil.nsh"
!endif
Section "install"
!ifndef BUILD_UNINSTALLER
!include "installSection.nsh"
!endif
SectionEnd
!ifdef BUILD_UNINSTALLER
!include "uninstaller.nsh"
!endif
---
End of NSIS script.
Command line defined: "APP_ID=com.Wayhome.desktop"
Command line defined: "APP_GUID=/* redacted b/c idk what this is*/"
Command line defined: "PRODUCT_NAME=Wayhome"
Command line defined: "PRODUCT_FILENAME=Wayhome"
Command line defined: "APP_FILENAME=wayhome"
Command line defined: "APP_DESCRIPTION=Wayhome lets you learn about houses & apartments from other people, not just real estate agents."
Command line defined: "VERSION=1.0.3"
Command line defined: "PROJECT_DIR=/home/bmp/code/wayhome/electron-poc"
Command line defined: "BUILD_RESOURCES_DIR=/home/bmp/code/wayhome/electron-poc/resources"
Command line defined: "COMPANY_NAME=Wayhome"
Command line defined: "APP_PRODUCT_FILENAME=Wayhome"
Command line defined: "MUI_ICON=/home/bmp/code/wayhome/electron-poc/resources/icon.ico"
Command line defined: "MUI_UNICON=/home/bmp/code/wayhome/electron-poc/resources/icon.ico"
Command line defined: "APP_64=/home/bmp/code/wayhome/electron-poc/release/wayhome-1.0.3-x64.nsis.7z"
Command line defined: "APP_64_NAME=wayhome-1.0.3-x64.nsis.7z"
Command line defined: "COMPRESSION_METHOD=7z"
Command line defined: "ONE_CLICK"
Command line defined: "RUN_AFTER_FINISH"
Command line defined: "MULTI_LANGUAGE_INSTALLER"
Command line defined: "UNINSTALL_DISPLAY_NAME=Wayhome 1.0.3"
Command line defined: "COMPRESS=auto"
Command line defined: "UNINSTALLER_OUT_FILE=/run/user/1000/snap.vscode/electron-builder-GXdKCK/0-1-uninstaller.exe"
Processing script file: "<stdin>" (UTF8)
Processed 1 file, 10 command line commands, writing output (x86-unicode):
Output: "/home/bmp/code/wayhome/electron-poc/release/Wayhome-setup-1.0.3.exe"
Install: 1 page (64 bytes), 1 section (32792 bytes), 969 instructions (27132 bytes), 4416 strings (42092 bytes), 21 language tables (5166 bytes).
Using lzma compression.
EXE header size: 411136 / 37376 bytes
Install code: 14942 / 91302 bytes
Install data: 36485172 / 37092156 bytes
CRC (0x78CD6648): 4 / 4 bytes
Total size: 36911254 / 37220838 bytes (99.1%)
Signing Wayhome-setup-1.0.3.exe (certificate file: "/home/bmp/code/wayhome/electron-poc/config/certs/wayhome-code-sign-win.p12")
build config from package.json
"build": {
"productName": "Wayhome",
"artifactName": "${productName}-setup-${version}.${ext}",
"publish": {
"provider": "s3",
"bucket": "my bucket",
"path": "latest/${os}",
"channel": "latest"
},
"appId": "my app id",
"forceCodeSigning": true,
"files": [
"dist/",
"node_modules/",
"routes/",
"app.html",
"main.js",
"main.js.map",
"package.json"
],
"mac": {
"category": "public.app-category.productivity",
"target": ["zip", "dmg"]
},
"dmg": {
"contents": [
{
"x": 130,
"y": 220
},
{
"x": 410,
"y": 220,
"type": "link",
"path": "/Applications"
}
]
},
"win": {
"icon": "./resources/icon.ico",
"signingHashAlgorithms": ["sha256"],
"target": ["nsis"]
},
"nsis": {
"installerIcon": "./resources/icon.ico"
},
"linux": {
"target": ["deb"]
},
"directories": {
"buildResources": "resources",
"output": "release"
}
},
release/win-unpacked/resources/app-update.yml
publisherName:
- |-
WAYHOME, INC.
issuer=
provider: s3
bucket: wayhome-app-downloads
path: latest/win
channel: latest
Error in the parsing openssl output. Now we use win csc link in the our test suite to test this case.
develar
on 2 Jul 2017
thanks @develar , any idea when you'l be able to publish v19.13.0? or is there a way to install that version before it hits npm ?
brandonmp
on 5 Jul 2017
@brandonmp It is already released (https://github.com/electron-userland/electron-builder/releases/tag/v19.13.0), but not as next. Install using yarn add electron-builder@next --dev.
develar
on 5 Jul 2017
Ok, published to all (marked as latest).
develar
on 5 Jul 2017
wow, you're the most responsive OSS dev I've ever seen. thanks again @develar
brandonmp
on 5 Jul 2017
🎉3
👍3
Was this page helpful?
0 / 5 - 0 ratings
Related issues
iklemm
路
3Comments
antonycourtney
路
3Comments
ccorcos
路
3Comments
JohnWeisz
路
3Comments
StickNitro
路
3Comments
Most helpful comment
wow, you're the most responsive OSS dev I've ever seen. thanks again @develar