search

Squirrel / Squirrel.Windows

An installation and update framework for Windows desktop apps
MIT License
7.23k stars 1.02k forks source link

Don't sign .node files by default #1878

Closed xNaCly closed 3 months ago

xNaCly commented 3 months ago

Squirrel version(s) 2.0.1

Description Squirrel fails to sign the application due to encountering *.node files the signtool.exe does not support.

Steps to recreate

  1. Electron forge setup
  2. Configure signing
  3. Attempt to package

Expected behavior Signing process should be successful.

Actual behavior Signing fails for *.node files, but not for *.exe and *.dll files.

signtool.exe does not support *.node files, why is squirrel attempting to sign these files?

Additional information

I am using @electron/forge with @electron/maker-squirrel to build my electron application with the following configuration:

module.exports = {
  packagerConfig: {
    icon: "./vue/public/icon.ico",
    ignore: [/.*\.test\.ts/],
  },
  rebuildConfig: {},
  makers: [
    {
      name: "@electron-forge/maker-squirrel",
      config: {
        icon: "./vue/public/favicon.ico",
        certificateFile: "./my.pfx",
        certificatePassword: "mypw",
      },
    },
  ],
};

Output of squirrel attempting to sign a .node file:

Failed to sign, command invoked was: '[REDACTED]\node_modules\electron-winstaller\vendor\signtool.exe sign /a /f "[REDACTED]\mypfx.pfx" /p "mypw" [REDACTED]AppData\Local\SquirrelTemp\tempa\lib\net45\resources\app\node_modules\koffi\build\koffi\darwin_arm64\koffi.node'

Stacktrace:

at Squirrel.Update.Program.<signPEFile>d__17.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Squirrel.Update.Program.<>c__DisplayClass10_0.<<Releasify>b__14>d.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Squirrel.Utility.<>c__DisplayClass13_1`1.<<ForEachAsync>b__1>d.MoveNext()
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
at Squirrel.Update.Program.<>c__DisplayClass10_0.<Releasify>b__7(String pkgPath)
at Squirrel.ReleasePackage.CreateReleasePackage(String outputFile, String packagesRootDir, Func`2 releaseNotesProcessor, Action`1 contentsPostProcessHook)
at Squirrel.Update.Program.Releasify(String package, String targetDir, String packagesDir, String bootstrapperExe, String backgroundGif, String signingOpts, String baseUrl, String setupIcon, Boolean generateMsi, Boolean packageAs64Bit, String

Failed with exit code: 4294967295

Code for enabling *.node signing:

https://github.com/Squirrel/Squirrel.Windows/blob/51f5e2cb01add79280a53d51e8d0cfa20f8c9f9f/src/Squirrel/Utility.cs#L562

The specific error occurs due to the fact, that a dependency of mine ships ELF and MACHO binaries, which are labelled as .node files and can't be signed by signtool.exe. I would love to contribute an option to list a .node file to exclude it from the signing process or check the magic numbers to match the binary format of the current operating system.

anaisbetts commented 3 months ago

Squirrel does support .node files, because the Windows ones are just renamed DLLs (and should be signed). You need to remove the macOS and Linux binaries from your package before signing. Most Electron packaging tools have a way to strip non-required content before packaging (and it's a good idea! Shipping macOS binaries in your Windows app is silly)