Rocket.Chat.Electron
Rocket.Chat.Electron copied to clipboard
RocketChat
Github Action build not signing AppX package
Describe the bug In the automatic build of this project, the AppX package was not properly signed, which caused the .appx format installation file downloaded in Release to fail to install due to certificate issues.
To Reproduce Steps to reproduce the behavior:
- Download .appx file from release
- Double-click it
- Windows warns that it is an untrusted application and therefore cannot be installed
Expected behavior It should be able to be installed normally, just like the version in exe or msi format.
Screenshots
Additional context After checking the Github Action build process for this project, I located the problem here https://github.com/RocketChat/Rocket.Chat.Electron/blob/1b6ba4974b826c88b4948900e77c488c2deb9087/workspaces/desktop-release-action/src/windows.ts#L11 It does not properly configure the environment variables required for digital signatures, like https://github.com/RocketChat/Rocket.Chat.Electron/blob/1b6ba4974b826c88b4948900e77c488c2deb9087/workspaces/desktop-release-action/src/windows.ts#L6-L9 You can check the Github Action log to check this issue https://github.com/RocketChat/Rocket.Chat.Electron/runs/3539521579?check_suite_focus=true#step:10:53
Please test if the problem persists with our latest release. I will be closing the issue but if there is any problem yet, we will open it again.
In the current latest release (3.8.7), this problem still exists. https://github.com/RocketChat/Rocket.Chat.Electron/releases/download/3.8.7/rocketchat-3.8.7-win-x64.appx https://github.com/RocketChat/Rocket.Chat.Electron/runs/6713607085?check_suite_focus=true#step:10:61
It still exists with 3.9.14.
This app package’s publisher certificate could not be verified. Contact your system administrator or the app developer to obtain a new app package with verified certificates. The root certificate and all immediate certificates of the signature in the app package must be verified (0x800B010A)
It still exists with 3.9.14.
This app package’s publisher certificate could not be verified. Contact your system administrator or the app developer to obtain a new app package with verified certificates. The root certificate and all immediate certificates of the signature in the app package must be verified (0x800B010A)
@cmouse we are using the .appx installers to publish on Microsoft Store. They don't complain about that, what could be different that you need that Microsoft store didn't asked?
I have no idea, I was using the asset from your release page. I have pretty vanilla windows 11 with no special things, and I get that message when I tried to install the appx package.
I have no idea, I was using the asset from your release page. I have pretty vanilla windows 11 with no special things, and I get that message when I tried to install the appx package.
But why you dont use MSI or EXE installer? APPX is just for distribution as far as I know.
If it is not intended to be used should this be mentioned somewhere?
Sorry, where it is mentioned? We generate it to send to Microsoft Store.
You publish it in your release page. Nothing says one should not use it, so I wonder if you could add a note about this that it is not supposed to be used.
I feel like you feel somehow offended, it's not my intention to do so. If you feel this is not useful discussion, feel free to close this issue.
You publish it in your release page. Nothing says one should not use it, so I wonder if you could add a note about this that it is not supposed to be used.
I feel like you feel somehow offended, it's not my intention to do so. If you feel this is not useful discussion, feel free to close this issue.
No no, not offended at all. I want to understand what we can do to improve this. We publish all the packages that we use, but people usually use what installer they need. I can take a look if we can sign the appx packages, but they are mainly generated to be published by Microsoft Store.