You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cordova.apache.org by GitBox <gi...@apache.org> on 2021/09/21 10:39:05 UTC
[GitHub] [cordova-electron] lordgreg opened a new issue #209: [windows] Cannot extract publisher name from code signing certificate. As workaround, set win.publisherName.
lordgreg opened a new issue #209:
URL: https://github.com/apache/cordova-electron/issues/209
# Bug Report
## Problem
### What is expected to happen?
Get a signed version of appx or msi file.
### What does actually happen?
Exception is being thrown:
```
• cannot decode PKCS 12 data using Go pure implementation, openssl will be used error=pkcs12: unknown digest algorithm: 2.16.840.1.101.3.4.2.1
⨯ no certificates with ExtKeyUsageCodeSigning
Cannot extract publisher name from code signing certificate. As workaround, set win.publisherName. Error: Error: C:\Users\ci-windows\Downloads\demos\ionic-v5\node_modules\app-builder-bin\win\x64\app-builder.exe exited with code ERR_ELECTRON_BUILDER_CANNOT_EXECUTE
at ChildProcess.<anonymous> (C:\Users\ci-windows\Downloads\demos\ionic-v5\node_modules\builder-util\src\util.ts:249:14)
at Object.onceWrapper (events.js:520:26)
at ChildProcess.emit (events.js:400:28)
at maybeClose (internal/child_process.js:1055:16)
at Process.ChildProcess._handle.onexit (internal/child_process.js:288:5)
```
## Information
<!-- Include all relevant information that might help understand and reproduce the problem -->
build.json:
```
{
"electron": {
"windows": {
"package": [ "appx" ],
"signing": {
"release": {
"certificateFile": "my-certificate.pfx"
}
}
}
}
}
```
pasword for cert is stored in `$env:CSC_KEY_PASSWORD`.
### Additional information here:
* You can build unsigned app without any problems
* Adding PFX certificate leads to the exception being thrown
* Adding win.publisherName doesn't do anything
* Removing the build.json completely and using only package.json works but builds only NSIS even if adding information to build.json or package.json.
### Command or Code
<!-- What command or code is needed to reproduce the problem? -->
1. `npx cordova platform add electron@3.0.0`
2. `npx cordova build electron --release`
3. See exception above.
### Environment, Platform, Device
<!-- In what environment, on what platform or on which device are you experiencing the issue? -->
Windows 10 64-bit, intel-based cpu.
### Version information
<!--
What are relevant versions you are using?
For example:
Cordova: Cordova CLI, Cordova Platforms, Cordova Plugins
Other Frameworks: Ionic Framework and CLI version
Operating System, Android Studio, Xcode etc.
-->
Output from package.json:
```
"cordova": "10.0.0",
"cordova-android": "^9.0.0",
"cordova-electron": "^3.0.0",
"cordova-ios": "^6.1.0",
```
## Checklist
<!-- Please check the boxes by putting an x in the [ ] like so: [x] -->
- [x] I searched for existing GitHub issues
- [x] I updated all Cordova tooling to most recent version
- [x] I included all the necessary information above
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org
[GitHub] [cordova-electron] lordgreg closed issue #209: [windows] Cannot extract publisher name from code signing certificate. As workaround, set win.publisherName.
Posted by GitBox <gi...@apache.org>.
lordgreg closed issue #209:
URL: https://github.com/apache/cordova-electron/issues/209
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org
[GitHub] [cordova-electron] erisu edited a comment on issue #209: [windows] Cannot extract publisher name from code signing certificate. As workaround, set win.publisherName.
Posted by GitBox <gi...@apache.org>.
erisu edited a comment on issue #209:
URL: https://github.com/apache/cordova-electron/issues/209#issuecomment-924884441
It is a bit confusing why it is failing. It feels like a bug in the `electron-builder` tool...
Here is my example test run locally:
**build.json**
```json
{
"electron": {
"windows": {
"publisherName": "TEST",
"package": [
{
"appx": {
"publisher": "TEST"
}
}
]
}
}
}
```
For my test, I am excluding the signing information because I don't have a pfx. I am just confirming the `builder-effective-config.yaml` is correct.
When running, with the above settings, `electron-builder` creates this YAML file.
```yaml
directories:
output: C:\Users\cordova\cordovaTest\platforms\electron\build
buildResources: C:\Users\cordova\cordovaTest\platforms\electron\build-res
app: C:\Users\cordova\cordovaTest\platforms\electron\www
appId: io.cordova.hellocordova
productName: HelloCordova
electronVersion: 14.0.0
electronDownload:
version: 14.0.0
win:
target:
- target: appx
arch:
- x64
icon: installer.png
publisherName: TEST
appx:
publisher: TEST
files: []
```
As seen above, it has the `publisher` option under `appx` and the `publisherName` under `win`, which is all expected.
Now, why does it not work written this way, but works if the publisher is defined in the `package.json`. That is the question.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org
[GitHub] [cordova-electron] lordgreg commented on issue #209: [windows] Cannot extract publisher name from code signing certificate. As workaround, set win.publisherName.
Posted by GitBox <gi...@apache.org>.
lordgreg commented on issue #209:
URL: https://github.com/apache/cordova-electron/issues/209#issuecomment-924870855
Hi And thank you for your feedback. I've tested the json you provided:
```
{
"electron": {
"windows": {
"publisherName": "INFO_FROM_CERTIFICATE",
"package": [
{
"appx": {
"publisher": "INFO_FROM_CERTIFICATE"
}
}
],
"signing": {
"release": {
"certificateFile": "my-cert.pfx"
}
}
}
}
}
```
As you see, I've also added publisherName, since, the build job complained again:
```
• electron-builder version=22.11.7 os=10.0.19043
• writing effective config file=platforms\electron\build\builder-effective-config.yaml
• packaging platform=win32 arch=x64 electron=14.0.0 appOutDir=platforms\electron\build\win-unpacked
• signing file=platforms\electron\build\win-unpacked\some name.exe certificateFile=mway-internal-original.pfx
• building target=AppX arch=x64 file=platforms\electron\build\some name 0.0.1.appx
• cannot decode PKCS 12 data using Go pure implementation, openssl will be used error=pkcs12: unknown digest algorithm: 2.16.840.1.101.3.4.2.1
⨯ no certificates with ExtKeyUsageCodeSigning
Cannot extract publisher name from code signing certificate. As workaround, set win.publisherName.
```
That being said, adding publisherName, even with written data in effective-config.yaml, still yields the same exception.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org
[GitHub] [cordova-electron] erisu commented on issue #209: [windows] Cannot extract publisher name from code signing certificate. As workaround, set win.publisherName.
Posted by GitBox <gi...@apache.org>.
erisu commented on issue #209:
URL: https://github.com/apache/cordova-electron/issues/209#issuecomment-924618960
Also, when setting the `publisherName`, in a Cordova project, it should be set like this. The `win.publisherName` is in reference to the `electron-builder` scope...
```
{
"electron": {
"windows": {
"publisherName": "ADD publisherName HERE",
"package": [ "appx" ],
"signing": {
"release": {
"certificateFile": "my-certificate.pfx"
}
}
}
}
}
```
You can confirm that it is being set when you view the file `platforms/electron/build/builder-effective-config.yaml` which the builder uses.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org
[GitHub] [cordova-electron] lordgreg commented on issue #209: [windows] Cannot extract publisher name from code signing certificate. As workaround, set win.publisherName.
Posted by GitBox <gi...@apache.org>.
lordgreg commented on issue #209:
URL: https://github.com/apache/cordova-electron/issues/209#issuecomment-924943624
Hi. Thank you for your extended feedback, again :)
Since it falls-back to the signing, I've used (this tutorial)[https://sahajrana.medium.com/how-to-generate-a-pfx-certificate-for-flutter-windows-msix-lib-a860cdcebb8] to generate the PFX. I will also try re-creating self-signed with the steps you did and will get back to you soon.
Thank you again.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org
[GitHub] [cordova-electron] erisu commented on issue #209: [windows] Cannot extract publisher name from code signing certificate. As workaround, set win.publisherName.
Posted by GitBox <gi...@apache.org>.
erisu commented on issue #209:
URL: https://github.com/apache/cordova-electron/issues/209#issuecomment-924812304
Per electron-builder docs the location of publisherName is correct.
> publisherName String | Array<String> - The publisher name, exactly as in your code signed certificate. Several names can be provided. Defaults to common name from your code signing certificate.
https://www.electron.build/configuration/win
And is something used for all Windows target builds, but the option your talking about completely different.
> publisher String - The Windows Store publisher. Not used if AppX is build for testing. See AppX Package Code Signing below.
https://www.electron.build/configuration/appx
Now that I know what your looking for, this might work for you as well:
```json
{
"electron": {
"windows": {
"package": [ {
"appx": {
"publisher": "add here publisher data"
}
} ],
"signing": {
"release": {
"certificateFile": "my-certificate.pfx"
}
}
}
}
}
```
But seems you have a working solution anyways. But if you can confirm the above that will help out.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org
[GitHub] [cordova-electron] erisu commented on issue #209: [windows] Cannot extract publisher name from code signing certificate. As workaround, set win.publisherName.
Posted by GitBox <gi...@apache.org>.
erisu commented on issue #209:
URL: https://github.com/apache/cordova-electron/issues/209#issuecomment-924607660
This issue seems to be related to this: https://github.com/electron-userland/electron-builder/issues/3467#issuecomment-580164063
When you are setting the `publisherName`, are you using the exact same value defined in the signing cert as the common name?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org
[GitHub] [cordova-electron] erisu commented on issue #209: [windows] Cannot extract publisher name from code signing certificate. As workaround, set win.publisherName.
Posted by GitBox <gi...@apache.org>.
erisu commented on issue #209:
URL: https://github.com/apache/cordova-electron/issues/209#issuecomment-924919109
Update:
I created myself a Self-Signed Certificate & created a PFX following these steps.
1. Opened Powershell
2. Called `New-SelfSignedCertificate`
```ps
New-SelfSignedCertificate -Type Custom -Subject "CN=Abc, O=Abc, C=US" -KeyUsage DigitalSignature -FriendlyName "HelloWorld" -CertStoreLocation "Cert:\CurrentUser\My" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.3", "2.5.29.19={text}")
```
3. Opened `mmc` from `Win + R`
4. Added Certificate display by:
* Clicked on `File`
* Clicked on `Add/Remove Snap In...`
* Select `Certificate` from available list
* Click `Add >`
* Select `My user account`
* Click `Finish`
* Click `OK`
5. Navigated to `Certificates - Current User > Personal > Certificates` from **Console Root** tree
6. Right Click `Abc` which is newly created Certificate
7. Select `All Tasks > Export...`
8. Select `Yes, export private key`
9. Click `Next`
10. Select `PFX` option
11. Click `Next`
12. Check `Password` & type in password.
13. Select `Encryption` type: `TripleDES-SHA1`
14. Click `Next`
15. Select place to save PFX file
16. Click `Next`, `Finish` and then `OK`
Now from **build.json** I updated with:
```json
{
"electron": {
"windows": {
"publisherName": "Abc",
"package": [
{
"appx": {
"publisher": "CN=Abc, O=Abc, C=US"
}
}
],
"signing": {
"release": {
"certificateFile": "signing/des-test.pfx"
}
}
}
}
}
```
In command/terminal, I set the environment variables `CSC_KEY_PASSWORD` to contain the password that I used when exporting the PFX.
I run following shell command:
```shell
$ cordova build electron --release
• electron-builder version=22.11.7 os=10.0.19042
• writing effective config file=platforms\electron\build\builder-effective-config.yaml
• packaging platform=win32 arch=x64 electron=14.0.0 appOutDir=platforms\electron\build\win-unpacked
• building target=AppX arch=x64 file=platforms\electron\build\HelloCordova 1.0.0.appx
• signing file=platforms\electron\build\HelloCordova 1.0.0.appx certificateFile=signing/des-test.pfx
```
I tested with the AES encryption and I did see
```
• cannot decode PKCS 12 data using Go pure implementation, openssl will be used error=pkcs12: unknown digest algorithm: 2.16.840.1.101.3.4.2.1
```
But it still completed succesfully I believe.
Again, this is all testing with Self-Signed Certs which may not be the proper way, but I am just confirming this way.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org
[GitHub] [cordova-electron] erisu edited a comment on issue #209: [windows] Cannot extract publisher name from code signing certificate. As workaround, set win.publisherName.
Posted by GitBox <gi...@apache.org>.
erisu edited a comment on issue #209:
URL: https://github.com/apache/cordova-electron/issues/209#issuecomment-924980287
👍 Hope it helps.
Also remember, a Self-Signed Certs is only for testing. It wouldnt work for an official release to Windows Store. I suspect there is a different process for obtaining a valid cert.
As Microsoft says:
> A self-signed certificate is useful for testing your app before you're ready to publish it to the Store.
Here was my resource:
* [Microsoft Docs - Create a certificate for package signing](https://docs.microsoft.com/en-us/windows/msix/package/create-certificate-package-signing)
One more update,
In the above resource, which explains how to use Powershell for creating the cert, it also explains how to export. You might be able to use "PowerShell as Administrative" to export the PFX instead of using the MMC ("Microsoft Management Console") method which I described ealier.
E.g.
```ps
Set-Location Cert:\CurrentUser\My
Get-ChildItem | Format-Table Subject, FriendlyName, Thumbprint
$password = ConvertTo-SecureString -String "PASSWORD_HERE" -Force -AsPlainText
Export-PfxCertificate -cert "Cert:\CurrentUser\My\THUMBPRINT_HERE" -FilePath "PATH_TO/FILE_NAME.pfx" -Password $password
```
Sorry for many updates.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org
[GitHub] [cordova-electron] erisu edited a comment on issue #209: [windows] Cannot extract publisher name from code signing certificate. As workaround, set win.publisherName.
Posted by GitBox <gi...@apache.org>.
erisu edited a comment on issue #209:
URL: https://github.com/apache/cordova-electron/issues/209#issuecomment-924812304
Per electron-builder docs the location of publisherName is correct.
> publisherName String | Array<String> - The publisher name, exactly as in your code signed certificate. Several names can be provided. Defaults to common name from your code signing certificate.
https://www.electron.build/configuration/win
And is something used for all Windows target builds, but the option your talking about completely different.
> publisher String - The Windows Store publisher. Not used if AppX is build for testing. See AppX Package Code Signing below.
https://www.electron.build/configuration/appx
Now that I know what your looking for, this might work for you as well:
```json
{
"electron": {
"windows": {
"package": [
{
"appx": {
"publisher": "add here publisher data"
}
}
],
"signing": {
"release": {
"certificateFile": "my-certificate.pfx"
}
}
}
}
}
```
But seems you have a working solution anyways. But if you can confirm the above that will help out.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org
[GitHub] [cordova-electron] lordgreg edited a comment on issue #209: [windows] Cannot extract publisher name from code signing certificate. As workaround, set win.publisherName.
Posted by GitBox <gi...@apache.org>.
lordgreg edited a comment on issue #209:
URL: https://github.com/apache/cordova-electron/issues/209#issuecomment-924723149
Hi @erisu and thank you for your feedback. I've found a bug.
When building/specifying the target "appx", the publisherName is written in `builder-effective-config.yaml` under `win`. However, reading electron-builder (https://www.electron.build/configuration/appx)[docs several time], `appx` should have its own configuration written in `builder-effective-config.yaml`. That is why the appx cannot be signed as such and throws an exception.
Wrong:
```
directories:
output: XXX\ionic-v5\platforms\electron\build
buildResources: XXX\ionic-v5\platforms\electron\build-res
app: XXX\ionic-v5\platforms\electron\www
win:
target:
- target: appx
arch:
- x64
icon: installer.png
publisherName: INFO_FROM_CERT
appId: snoot.boop
productName: boop a snoot
electronVersion: 14.0.0
electronDownload:
version: 14.0.0
files: []
```
Correct:
```
directories:
output: XXX\ionic-v5\platforms\electron\build
buildResources: XXX\ionic-v5\platforms\electron\build-res
app: XXX\ionic-v5\platforms\electron\www
appx:
publisher: SUBJECT_FROM_CERT
win:
target:
- target: appx
arch:
- x64
icon: installer.png
appId: snoot.boop
productName: boop a snoot
electronVersion: 14.0.0
electronDownload:
version: 14.0.0
files: []
```
### Current workaround:
1. create build.json without any other addition except target:
```
{
"electron": {
"windows": {
"package": [
"appx"
]
}
}
}
```
2. update package.json and add this content to it:
```
"build": {
"appx": {
"publisher": SUBJECT_FROM_CERTIFICATE (ex: CN=aaa,E=foo@bar,O=aaa...)
}
}
```
3. run cordova electorn build: `npx cordova build electron --release`
4. Then use windows SignTool to sign:
```
SignTool sign /tr http://timestamp.digicert.com /fd SHA256 /a /f CERTIFICATE.pfx /p PASSWORD "platforms\electron\build\*.appx"
```
5. Success.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org
[GitHub] [cordova-electron] erisu edited a comment on issue #209: [windows] Cannot extract publisher name from code signing certificate. As workaround, set win.publisherName.
Posted by GitBox <gi...@apache.org>.
erisu edited a comment on issue #209:
URL: https://github.com/apache/cordova-electron/issues/209#issuecomment-924618960
Also, when setting the `publisherName`, in a Cordova project, it should be set like this:
```json
{
"electron": {
"windows": {
"publisherName": "ADD publisherName HERE",
"package": [ "appx" ],
"signing": {
"release": {
"certificateFile": "my-certificate.pfx"
}
}
}
}
}
```
You can confirm that it is being set when you view the file: `platforms/electron/build/builder-effective-config.yaml`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org
[GitHub] [cordova-electron] erisu commented on issue #209: [windows] Cannot extract publisher name from code signing certificate. As workaround, set win.publisherName.
Posted by GitBox <gi...@apache.org>.
erisu commented on issue #209:
URL: https://github.com/apache/cordova-electron/issues/209#issuecomment-924980287
👍 Hope it helps.
Also remember, a Self-Signed Certs is only for testing. It wouldnt work for an official release to Windows Store. I suspect there is a different process for obtaining a valid cert.
As Microsoft says:
> A self-signed certificate is useful for testing your app before you're ready to publish it to the Store.
Here was my resource:
* [Microsoft Docs - Create a certificate for package signing](https://docs.microsoft.com/en-us/windows/msix/package/create-certificate-package-signing)
One more update,
In the above resource, which explains how to use Powershell for creating the cert, it also explains how to export. You might be able to use PowerShell, as administrative, to export the PFX vs using the MMC ("Microsoft Management Console") method which I described ealier.
E.g.
```ps
Set-Location Cert:\CurrentUser\My
Get-ChildItem | Format-Table Subject, FriendlyName, Thumbprint
$password = ConvertTo-SecureString -String "PASSWORD_HERE" -Force -AsPlainText
Export-PfxCertificate -cert "Cert:\CurrentUser\My\THUMBPRINT_HERE" -FilePath "PATH_TO/FILE_NAME.pfx" -Password $password
```
Sorry for many updates.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org
[GitHub] [cordova-electron] erisu edited a comment on issue #209: [windows] Cannot extract publisher name from code signing certificate. As workaround, set win.publisherName.
Posted by GitBox <gi...@apache.org>.
erisu edited a comment on issue #209:
URL: https://github.com/apache/cordova-electron/issues/209#issuecomment-924884441
It is a bit confusing why it is failing. It feels like a bug in the `electron-builder` tool...
Here is my example test run locally:
**build.json**
```json
{
"electron": {
"windows": {
"publisherName": "TEST",
"package": [
{
"appx": {
"publisher": "TEST"
}
}
]
}
}
}
```
For my test, I am excluding the signing information because I don't have a pfx. I am just confirming the `builder-effective-config.yaml` is correct.
When running, with the above settings, `electron-builder` creates this YAML file.
```yaml
directories:
output: C:\Users\cordova\cordovaTest\platforms\electron\build
buildResources: C:\Users\cordova\cordovaTest\platforms\electron\build-res
app: C:\Users\cordova\cordovaTest\platforms\electron\www
appId: io.cordova.hellocordova
productName: HelloCordova
electronVersion: 14.0.0
electronDownload:
version: 14.0.0
win:
target:
- target: appx
arch:
- x64
icon: installer.png
publisherName: TEST
appx:
publisher: TEST
files: []
```
As seen above, it has the `publisher` option under `appx` and the `publisherName` under `win`, which is all expected.
Now, why does it not work but works if the publisher info is defined in the `package.json` is the question.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org
[GitHub] [cordova-electron] lordgreg commented on issue #209: [windows] Cannot extract publisher name from code signing certificate. As workaround, set win.publisherName.
Posted by GitBox <gi...@apache.org>.
lordgreg commented on issue #209:
URL: https://github.com/apache/cordova-electron/issues/209#issuecomment-1014471178
Dearest @erisu. I'm terribly sorry for leaving this ticket open so long.
I've finally had time to make additional tests. I've also used Powershell method to create new Self signed certificate, the same way you did. I can confirm that it works as expected, with cordova build.json, without touching package.json.
I would like to thank you again for you support.
Kind regards.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org
[GitHub] [cordova-electron] lordgreg commented on issue #209: [windows] Cannot extract publisher name from code signing certificate. As workaround, set win.publisherName.
Posted by GitBox <gi...@apache.org>.
lordgreg commented on issue #209:
URL: https://github.com/apache/cordova-electron/issues/209#issuecomment-924723149
Hi @erisu and thank ouy for your feedback. I've found a bug.
When building/specifying the target "appx", the publisherName is written in `builder-effective-config.yaml` under `win`. However, reading electron-builder (https://www.electron.build/configuration/appx)[docs several time], `appx` should have its own configuration written in `builder-effective-config.yaml`. That is why the appx cannot be signed as such and throws an exception.
Wrong:
```
directories:
output: XXX\ionic-v5\platforms\electron\build
buildResources: XXX\ionic-v5\platforms\electron\build-res
app: XXX\ionic-v5\platforms\electron\www
win:
target:
- target: appx
arch:
- x64
icon: installer.png
publisherName: INFO_FROM_CERT
appId: snoot.boop
productName: boop a snoot
electronVersion: 14.0.0
electronDownload:
version: 14.0.0
files: []
```
Correct:
```
directories:
output: XXX\ionic-v5\platforms\electron\build
buildResources: XXX\ionic-v5\platforms\electron\build-res
app: XXX\ionic-v5\platforms\electron\www
appx:
publisher: SUBJECT_FROM_CERT
win:
target:
- target: appx
arch:
- x64
icon: installer.png
appId: snoot.boop
productName: boop a snoot
electronVersion: 14.0.0
electronDownload:
version: 14.0.0
files: []
```
### Current workaround:
1. create build.json without any other addition except target:
```
{
"electron": {
"windows": {
"package": [
"appx"
]
}
}
}
```
2. update package.json and add this content to it:
```
"build": {
"appx": {
"publisher": SUBJECT_FROM_CERTIFICATE (ex: CN=aaa,E=foo@bar,O=aaa...)
}
}
```
3. run cordova electorn build: `npx cordova build electron --release`
4. Then use windows SignTool to sign:
```
SignTool sign /tr http://timestamp.digicert.com /fd SHA256 /a /f CERTIFICATE.pfx /p PASSWORD "platforms\electron\build\*.appx"
```
5. Success.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org
[GitHub] [cordova-electron] erisu commented on issue #209: [windows] Cannot extract publisher name from code signing certificate. As workaround, set win.publisherName.
Posted by GitBox <gi...@apache.org>.
erisu commented on issue #209:
URL: https://github.com/apache/cordova-electron/issues/209#issuecomment-924884441
It is a bit confusing why it is failing. It feels like a bug in the `electron-builder` tool...
Here is my example test run locally:
**build.json**
```json
{
"electron": {
"windows": {
"publisherName": "TEST",
"package": [
{
"appx": {
"publisher": "TEST"
}
}
]
}
}
}
```
For my test, I am exclusing the signing information because I dont have a pfx. I am just confirming the `builder-effective-config.yaml` is correct.
When running, with the above settings, `electron-builder` creates this yaml file.
```yaml
directories:
output: C:\Users\cordova\cordovaTest\platforms\electron\build
buildResources: C:\Users\cordova\cordovaTest\platforms\electron\build-res
app: C:\Users\cordova\cordovaTest\platforms\electron\www
appId: io.cordova.hellocordova
productName: HelloCordova
electronVersion: 14.0.0
electronDownload:
version: 14.0.0
win:
target:
- target: appx
arch:
- x64
icon: installer.png
publisherName: TEST
appx:
publisher: TEST
files: []
```
As seen above, it has the `publisher` option under `appx` and the `publisherName` under `win`, which is all expected.
Now why does it not work but works if the publisher info is defined in the `package.json` is the question.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org