Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Docs for cloud-based EV code signing #3617

Open
3 tasks done
PascalPixel opened this issue Jun 4, 2024 · 4 comments
Open
3 tasks done

Update Docs for cloud-based EV code signing #3617

PascalPixel opened this issue Jun 4, 2024 · 4 comments

Comments

@PascalPixel
Copy link

Pre-flight checklist

  • I have read the contribution documentation for this project.
  • I agree to follow the code of conduct that this project uses.
  • I have searched the issue tracker for a feature request that matches the one I want to file, without success.

Problem description

The docs haven't been updated for a year now regarding windows code signing, electron's own docs have however and make reference to windowsSign in forge, but I would love to have examples of how to use windowsSign on forge in combination with MakerSquirrel, as I seem unable to get it working with ssl.com's cloud signing after several months of stumbling in and out of trying 🤡

Proposed solution

Update the docs with examples for;

Alternatives considered

I tried Electron Forge SSL Code Sign Plugin but it runs too late and doesn't update the RELEASES file, meaning no updates are installed on Windows due to a checksum mismatch.

Additional information

No response
@PascalPixel
Copy link
Author

PascalPixel commented Jun 4, 2024
edited
Loading

Here's mine that works for SSL.com;

const forgeConfig: ForgeConfig = {
  packagerConfig: {
    // invalid according to typescript, 
    // but this is the only place it works, 
    // all the other places you can put this key will *not* pick it up 
    // during the build process and use the built-in signTool
    // @ts-ignore
    signToolPath: path.resolve(
      "C:\\Users\\circleci\\project\\CodeSignTool.bat",
    ),
    signWithParams: [
      `-override="true"`,
      `-credential_id="${process.env.WINDOWS_CERT_CREDENTIAL_ID}"`,
      `-username="${process.env.WINDOWS_CERT_USER_NAME}"`,
      `-password="${process.env.WINDOWS_CERT_PASSWORD}"`,
      `-totp_secret="${process.env.WINDOWS_CERT_USER_TOTP}"`,
    ],
  },
};

export default forgeConfig;
@ndench
Copy link

ndench commented Jul 2, 2024

I've been trying to use the WindowsSign options with MakerWix. According to the code, the config is just passed directly into MSICreator (https://github.com/electron/forge/blob/main/packages/maker/wix/src/MakerWix.ts#L40) which supports the option (https://github.com/electron-userland/electron-wix-msi/blob/master/src/creator.ts#L74) so maybe it's as simple as updating the MakerWixConfig interface (https://github.com/electron/forge/blob/main/packages/maker/wix/src/Config.ts#L3)?
@PascalPixel
Copy link
Author

PascalPixel commented Jul 2, 2024
edited
Loading

as my last code snippet said, even though typescript reports it as invalid, i found this the only place to put the signing config that actually picks up the options; packagerConfig

give that a try?
@NickBurnam
Copy link

I am also running into a similar situation using an SSL EV certificate and the @electron-forge/maker-squirrel.
I set up the SSL eSigner CKA using the SSL guide to automate with signtool.exe and got it working on its own outside of Forge.
Unfortunately, I need to use the SSL CodeSignTool pre-signing malware scan as well, but I'm not sure how to use it within the Forge build config.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
3 participants
@ndench @PascalPixel @NickBurnam