How to sign Update.exe?

[TerryChan]

I'm using electron-winstaller to package my electron application, but I can't code sign Update.exe, because my sign process is upload the binary files to code sign server, and the Update.exe is not available during the build and package process, so I can't upload it to the server to sign.

I found the sign mechanism of electron-winstaller is pass the cetificate file path and password to the signWithParams parameter, but I can't get the cetificate file to my build machine. Is there any mehod to do code sign for my scenarios?

[TerryChan]

I found my issue is similar to #174 , and my sign method is upload the binary to code sign server to complete the sign. Anyone can help? Thanks

[jasonnet]

I notice that squirrel.exe is in the windows-installer git repository and it's unsigned. Should we be signing it before we commit it to github? Would that eliminate the need to have apps sign it with the own certs? Or is it typical for an app to distribute a modified squirrel.exe?

I mention squirrel.exe here because it seems update.exe and squirrel.exe are identical. 'at least in the app that I'm looking at.