Squirrel.Windows icon indicating copy to clipboard operation
Squirrel.Windows copied to clipboard
verified publisher icon Squirrel

Code signing with token based EV certificate

Open Achder opened this issue 4 years ago • 2 comments

Squirrel version(s) I'm using the squirrel version used in the current Electron Forge 6.0.0-beta.61

Description I'm trying to sign my application with my EV certificate which lives on an eToken. The signtools parameters should be correct because I was able to use the same config with the wix-maker and it worked fine. Also the first few files seem to get signed correctly before squirrel crashes.

Output:

An unhandled error has occurred inside Forge:
An error occured while making for target: squirrel
Failed with exit code: 4294967295
Output:
Done Adding Additional Store
Successfully signed and timestamped: C:\Users\tmeerpohl\AppData\Local\SquirrelTemp\tempa\lib\net45\ffmpeg.dll
Done Adding Additional Store
Successfully signed and timestamped: C:\Users\tmeerpohl\AppData\Local\SquirrelTemp\tempa\lib\net45\libEGL.dll
Done Adding Additional Store
Successfully signed and timestamped: C:\Users\tmeerpohl\AppData\Local\SquirrelTemp\tempa\lib\net45\libGLESv2.dll
Done Adding Additional Store
Successfully signed and timestamped: C:\Users\tmeerpohl\AppData\Local\SquirrelTemp\tempa\lib\net45\spectro-client.exe
Done Adding Additional Store
Successfully signed and timestamped: C:\Users\tmeerpohl\AppData\Local\SquirrelTemp\tempa\lib\net45\spectro-client_ExecutionStub.exe
Done Adding Additional Store
Successfully signed and timestamped: C:\Users\tmeerpohl\AppData\Local\SquirrelTemp\tempa\lib\net45\squirrel.exe
Done Adding Additional Store
Successfully signed and timestamped: C:\Users\tmeerpohl\AppData\Local\SquirrelTemp\tempa\lib\net45\vk_swiftshader.dll
Done Adding Additional Store
Successfully signed and timestamped: C:\Users\tmeerpohl\AppData\Local\SquirrelTemp\tempa\lib\net45\vulkan-1.dll
System.AggregateException: Mindestens ein Fehler ist aufgetreten. ---> System.Exception: Failed to sign, command invoked was: 'C:\Development\spectro-demo\internal-client\node_modules\electron-winstaller\vendor\signtool.exe sign  /a /tr http://rfc3161timestamp.globalsign.com/advanced /fd SHA256 /td SHA256 C:\Users\tmeerpohl\AppData\Local\SquirrelTemp\tempa\lib\net45\resources\app\.webpack\renderer\main_window\02527522cf6c0be425deaa002dd638fd.node'
   bei Squirrel.Update.Program.<signPEFile>d__17.MoveNext()
--- Ende der Stapel�berwachung vom vorhergehenden Ort, an dem die Ausnahme ausgel�st wurde ---
   bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   bei System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   bei Squirrel.Update.Program.<>c__DisplayClass10_0.<<Releasify>b__14>d.MoveNext()
--- Ende der Stapel�berwachung vom vorhergehenden Ort, an dem die Ausnahme ausgel�st wurde ---
   bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   bei Squirrel.Utility.<>c__DisplayClass13_1`1.<<ForEachAsync>b__1>d.MoveNext()
   --- Ende der internen Ausnahmestapel�berwachung ---
   bei System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
   bei System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
   bei Squirrel.Update.Program.<>c__DisplayClass10_0.<Releasify>b__7(String pkgPath)
   bei Squirrel.ReleasePackage.CreateReleasePackage(String outputFile, String packagesRootDir, Func`2 releaseNotesProcessor, Action`1 contentsPostProcessHook)
   bei Squirrel.Update.Program.Releasify(String package, String targetDir, String packagesDir, String bootstrapperExe, String backgroundGif, String signingOpts, String baseUrl, String setupIcon, Boolean generateMsi, Boolean packageAs64Bit, String frameworkVersion, Boolean generateDeltas)
   bei Squirrel.Update.Program.executeCommandLine(String[] args)
   bei Squirrel.Update.Program.main(String[] args)
   bei Squirrel.Update.Program.Main(String[] args)
---> (Interne Ausnahme #0) System.Exception: Failed to sign, command invoked was: 'C:\Development\spectro-demo\internal-client\node_modules\electron-winstaller\vendor\signtool.exe sign  /a /tr http://rfc3161timestamp.globalsign.com/advanced /fd SHA256 /td SHA256 C:\Users\tmeerpohl\AppData\Local\SquirrelTemp\tempa\lib\net45\resources\app\.webpack\renderer\main_window\02527522cf6c0be425deaa002dd638fd.node'
   bei Squirrel.Update.Program.<signPEFile>d__17.MoveNext()
--- Ende der Stapel�berwachung vom vorhergehenden Ort, an dem die Ausnahme ausgel�st wurde ---
   bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   bei System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   bei Squirrel.Update.Program.<>c__DisplayClass10_0.<<Releasify>b__14>d.MoveNext()
--- Ende der Stapel�berwachung vom vorhergehenden Ort, an dem die Ausnahme ausgel�st wurde ---
   bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   bei Squirrel.Utility.<>c__DisplayClass13_1`1.<<ForEachAsync>b__1>d.MoveNext()<---


Error: Failed with exit code: 4294967295
Output:
Done Adding Additional Store
Successfully signed and timestamped: C:\Users\tmeerpohl\AppData\Local\SquirrelTemp\tempa\lib\net45\ffmpeg.dll
Done Adding Additional Store
Successfully signed and timestamped: C:\Users\tmeerpohl\AppData\Local\SquirrelTemp\tempa\lib\net45\libEGL.dll
Done Adding Additional Store
Successfully signed and timestamped: C:\Users\tmeerpohl\AppData\Local\SquirrelTemp\tempa\lib\net45\libGLESv2.dll
Done Adding Additional Store
Successfully signed and timestamped: C:\Users\tmeerpohl\AppData\Local\SquirrelTemp\tempa\lib\net45\spectro-client.exe
Done Adding Additional Store
Successfully signed and timestamped: C:\Users\tmeerpohl\AppData\Local\SquirrelTemp\tempa\lib\net45\spectro-client_ExecutionStub.exe
Done Adding Additional Store
Successfully signed and timestamped: C:\Users\tmeerpohl\AppData\Local\SquirrelTemp\tempa\lib\net45\squirrel.exe
Done Adding Additional Store
Successfully signed and timestamped: C:\Users\tmeerpohl\AppData\Local\SquirrelTemp\tempa\lib\net45\vk_swiftshader.dll
Done Adding Additional Store
Successfully signed and timestamped: C:\Users\tmeerpohl\AppData\Local\SquirrelTemp\tempa\lib\net45\vulkan-1.dll
System.AggregateException: Mindestens ein Fehler ist aufgetreten. ---> System.Exception: Failed to sign, command invoked was: 'C:\Development\spectro-demo\internal-client\node_modules\electron-winstaller\vendor\signtool.exe sign  /a /tr http://rfc3161timestamp.globalsign.com/advanced /fd SHA256 /td SHA256 C:\Users\tmeerpohl\AppData\Local\SquirrelTemp\tempa\lib\net45\resources\app\.webpack\renderer\main_window\02527522cf6c0be425deaa002dd638fd.node'
   bei Squirrel.Update.Program.<signPEFile>d__17.MoveNext()
--- Ende der Stapel�berwachung vom vorhergehenden Ort, an dem die Ausnahme ausgel�st wurde ---
   bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   bei System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   bei Squirrel.Update.Program.<>c__DisplayClass10_0.<<Releasify>b__14>d.MoveNext()
--- Ende der Stapel�berwachung vom vorhergehenden Ort, an dem die Ausnahme ausgel�st wurde ---
   bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   bei Squirrel.Utility.<>c__DisplayClass13_1`1.<<ForEachAsync>b__1>d.MoveNext()
   --- Ende der internen Ausnahmestapel�berwachung ---
   bei System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
   bei System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
   bei Squirrel.Update.Program.<>c__DisplayClass10_0.<Releasify>b__7(String pkgPath)
   bei Squirrel.ReleasePackage.CreateReleasePackage(String outputFile, String packagesRootDir, Func`2 releaseNotesProcessor, Action`1 contentsPostProcessHook)
   bei Squirrel.Update.Program.Releasify(String package, String targetDir, String packagesDir, String bootstrapperExe, String backgroundGif, String signingOpts, String baseUrl, String setupIcon, Boolean generateMsi, Boolean packageAs64Bit, String frameworkVersion, Boolean generateDeltas)
   bei Squirrel.Update.Program.executeCommandLine(String[] args)
   bei Squirrel.Update.Program.main(String[] args)
   bei Squirrel.Update.Program.Main(String[] args)
---> (Interne Ausnahme #0) System.Exception: Failed to sign, command invoked was: 'C:\Development\spectro-demo\internal-client\node_modules\electron-winstaller\vendor\signtool.exe sign  /a /tr http://rfc3161timestamp.globalsign.com/advanced /fd SHA256 /td SHA256 C:\Users\tmeerpohl\AppData\Local\SquirrelTemp\tempa\lib\net45\resources\app\.webpack\renderer\main_window\02527522cf6c0be425deaa002dd638fd.node'
   bei Squirrel.Update.Program.<signPEFile>d__17.MoveNext()
--- Ende der Stapel�berwachung vom vorhergehenden Ort, an dem die Ausnahme ausgel�st wurde ---
   bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   bei System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   bei Squirrel.Update.Program.<>c__DisplayClass10_0.<<Releasify>b__14>d.MoveNext()
--- Ende der Stapel�berwachung vom vorhergehenden Ort, an dem die Ausnahme ausgel�st wurde ---
   bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   bei Squirrel.Utility.<>c__DisplayClass13_1`1.<<ForEachAsync>b__1>d.MoveNext()<---


    at ChildProcess.<anonymous> (C:\Development\spectro-demo\internal-client\node_modules\electron-winstaller\src\spawn-promise.ts:52:16)
    at ChildProcess.emit (events.js:400:28)
    at ChildProcess.emit (domain.js:470:12)
    at maybeClose (internal/child_process.js:1055:16)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:288:5)
error Command failed with exit code 1.

Steps to recreate Create an app with the Electron Forge template and try signing with squirrel-maker. Config:

"makers": [
  {
    "name": "@electron-forge/maker-squirrel",
    "config": {
      "name": "spectro-client",
      "signWithParams": " /a /tr http://rfc3161timestamp.globalsign.com/advanced /fd SHA256 /td SHA256"
    }
  }
],

Expected behavior Signing should finish without errors.

Actual behavior Throws error after signing a few files correctly.

Additional information I was asking in the electron forge repo first but it's maintainer send me here. https://github.com/electron-userland/electron-forge/issues/2545

Achder avatar Sep 23 '21 18:09 Achder

I know that you just got bounced before, but we can't really do anything about this either. Signtool.exe is a tool provided by Microsoft, and it's extremely temperamental as you're seeing here :-/ All I can suggest is that you could try finding that file yourself and running the signtool.exe command by-hand to see why it's failing, it seems to specifically be failing on these #yolo native Node modules with hashed names

anaisbetts avatar Sep 27 '21 13:09 anaisbetts