packager icon indicating copy to clipboard operation
packager copied to clipboard
verified publisher icon electron

Add Windows signed binaries support

Open junosuarez opened this issue 10 years ago • 5 comments

see #31

It would be awesome to be able to output signed binaries.

I'm not positive if it's possible to sign executables after compilation with the current rcedit strategy we use. TODO: investigate this.

I'm actually pretty unfamiliar with the Visual Studio code signing tools overall. If anyone else knows what they're doing, feel free to pitch in! Otherwise, I'll try to investigate when I get time.

junosuarez avatar May 12 '15 23:05 junosuarez

I have too many issues with https://github.com/atom/grunt-electron-installer for creating installers and code signing. I can't get this even compile in my local/build servers.

So i went ahead and implemented my own app installer creation (using inno setup https://github.com/jrsoftware/issrc instead the atom squirrel) and code signing with signtool.. it works perfect... its currently a bit messy.

Its a set of separate grunt tasks now. If you are looking to go this way, let me know.. i ll integrate with electron-package (along with this https://github.com/maxogden/electron-packager/issues/30) and make a pull request soon

Rameshv avatar Jun 10 '15 15:06 Rameshv

@Rameshv do you have this work in a repo somewhere? We'll be happy to work with you to review it and integrate it with electron-packager as cleanly as possible. We're currently not using grunt, and I'd like to avoid introducing large new dependencies like that if we don't need to.

junosuarez avatar Jun 10 '15 16:06 junosuarez

I am using electron-boilerplate but I trust the logic would be the same here. I sign my app twice. First the "app.exe" and then the "app_installer.exe"

var sign = childProcess.spawn(resourcesDir.path("signtool"),
    [
        'sign',
        '/f',
        resourcesDir.path("MyCertificate.p12"),
        '/p',
        'APassword',
        '/t',
        'http://timestamp.verisign.com/scripts/timstamp.dll',
        readyAppDir.path(manifest.productName + '.exe')
    ],
    {
            stdio: 'inherit'
    });

  sign.on('error', function (err) {
      if (err) {
          throw "sign error " + err;
      } else {
          throw err;
      }
  });
  sign.on('close', function () {
      gulpUtil.log('Sign done!');
      deferred.resolve();
  });

And then this is the "packaged" into the installer, that I will sign the same way.

coclav avatar Nov 23 '15 22:11 coclav

According to the Electron documentation, some tools already offer this.

Specifically:

Have you tried any of those?

totallygideon avatar Jul 03 '20 16:07 totallygideon

Those are all for signing installers, not the Electron binary.

malept avatar Jul 03 '20 16:07 malept