search

electron-userland / electron-builder

A complete solution to package and build a ready for distribution Electron app with “auto update” support out of the box
https://www.electron.build
MIT License
13.71k stars 1.74k forks source link

I found that "windowsExecutableCodeSignatureVerifier" failed to work in the Chinese Windows. #3548

Closed ovo4096 closed 5 years ago

ovo4096 commented 5 years ago

My application can be updated normally in the English Windows 10, but not in the Chinese Windows 10.

Normal update English Windows 10 log:

[2018-12-14 16:43:50.290] [info] Checking for update
[2018-12-14 16:43:51.364] [info] Generated new staging user ID: 4dabb442-b43b-58b9-8cf8-6afc1d6ebf70
[2018-12-14 16:43:51.450] [info] Found version 1.3.9 (url: <hidden> Setup 1.3.9.exe)
[2018-12-14 16:43:52.734] [info] Downloading update from <hidden> Setup 1.3.9.exe
[2018-12-14 16:43:52.740] [info] No cached update info available
[2018-12-14 16:43:52.742] [info] Download block maps (old: "<hidden>Setup%201.3.7.exe.blockmap", new: <hidden>Setup%201.3.9.exe.blockmap)
[2018-12-14 16:43:53.015] [info] File has 290 changed blocks
[2018-12-14 16:43:53.017] [info] Full: 40,765.1 KB, To download: 6,285.37 KB (15%)
[2018-12-14 16:43:53.020] [error] Cannot download differentially, fallback to full download: Error: ENOENT: no such file or directory, open '<hidden>\__installer.exe'
    at S.I [as _captureStackTrace] (<hidden>\resources\app.asar\dist_electron\bundled\background.js:215:144360)
    at new h (<hidden>\resources\app.asar\dist_electron\bundled\background.js:215:174039)
    at <hidden>\resources\app.asar\dist_electron\bundled\background.js:215:177128
    at t.NsisUpdater.downloadUpdate (<hidden>\resources\app.asar\dist_electron\bundled\background.js:11:78602)
    at EventEmitter.r.ipcMain.on (<hidden>\resources\app.asar\dist_electron\bundled\background.js:410:242914)
    at emitOne (events.js:116:13)
    at EventEmitter.emit (events.js:211:7)
    at WebContents.<anonymous> (<hidden>\resources\electron.asar\browser\api\web-contents.js:286:13)
    at emitTwo (events.js:126:13)
    at WebContents.emit (events.js:214:7)
[2018-12-14 16:44:55.804] [info] New version 1.3.9 has been downloaded to <hidden>\AppData\Roaming\<hidden>\__update__\<hidden> Setup 1.3.9.exe
[2018-12-14 16:45:01.813] [info] Install on explicit quitAndInstall
[2018-12-14 16:45:01.814] [info] Install: isSilent: false, isRunAfter: true
[2018-12-14 16:45:02.393] [info] Access denied or UNKNOWN error code on spawn, will be executed again using elevate

Not update Chinese Windows 10 log:

[2018-12-14 16:27:00.204] [info] Checking for update
[2018-12-14 16:27:01.967] [info] Found version 1.3.9 (url: <hidden> Setup 1.3.9.exe)
[2018-12-14 16:27:04.112] [info] Downloading update from <hidden> Setup 1.3.9.exe
[2018-12-14 16:27:04.120] [info] No cached update info available
[2018-12-14 16:27:04.123] [info] Download block maps (old: "<hidden>Setup%201.3.7.exe.blockmap", new: <hidden>Setup%201.3.9.exe.blockmap)
[2018-12-14 16:27:06.429] [info] File has 302 changed blocks
[2018-12-14 16:27:06.429] [info] Full: 40,765.15 KB, To download: 6,399.52 KB (16%)
[2018-12-14 16:27:06.445] [error] Cannot download differentially, fallback to full download: Error: ENOENT: no such file or directory, open 'C:\Users\<hidden>\AppData\Roaming\<hidden>\__installer.exe'
    at S.I [as _captureStackTrace] (C:\Program Files\<hidden>\resources\app.asar\dist_electron\bundled\background.js:215:144360)
    at new h (<hidden>\resources\app.asar\dist_electron\bundled\background.js:215:174039)
    at <hidden>\resources\app.asar\dist_electron\bundled\background.js:215:177128
    at t.NsisUpdater.downloadUpdate (<hidden>\resources\app.asar\dist_electron\bundled\background.js:11:78602)
    at EventEmitter.r.ipcMain.on (<hidden>\resources\app.asar\dist_electron\bundled\background.js:410:242914)
    at emitOne (events.js:116:13)
    at EventEmitter.emit (events.js:211:7)
    at WebContents.<anonymous> (<hidden>\resources\electron.asar\browser\api\web-contents.js:286:13)
    at emitTwo (events.js:126:13)
    at WebContents.emit (events.js:214:7)
[2018-12-14 16:28:13.934] [warn] Sign verification failed, installer signed with incorrect certificate: publisherNames: ????????????, raw info: {
  "SignerCertificate": {
    "FriendlyName": "",
    "IssuerName": {
      "Name": "CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US",
      "Oid": "System.Security.Cryptography.Oid"
    },
    "NotAfter": "/Date(1571227200000)/",
    "NotBefore": "/Date(1539043200000)/",
    "PrivateKey": null,
    "PublicKey": {
      "Key": "System.Security.Cryptography.RSACryptoServiceProvider",
      "Oid": "System.Security.Cryptography.Oid",
      "EncodedKeyValue": "System.Security.Cryptography.AsnEncodedData",
      "EncodedParameters": "System.Security.Cryptography.AsnEncodedData"
    },
    "SerialNumber": "076930A9A2AAC87FF89185F2981F9E19",
    "SignatureAlgorithm": {
      "Value": "1.2.840.113549.1.1.11",
      "FriendlyName": "sha256RSA"
    },
    "Thumbprint": "1E9CFB308269A03100DA31319E2562C2F7429130",
    "Version": 3,
    "Issuer": "CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US",
    "Subject": "CN=̨����������Ƽ����޹�˾, O=̨����������Ƽ����޹�˾, L=̨����, S=�㽭ʡ, C=CN, SERIALNUMBER=91331000MA28GER80U, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=̨�ݾ��ÿ�����, OID.1.3.6.1.4.1.311.60.2.1.2=�㽭ʡ, OID.1.3.6.1.4.1.311.60.2.1.3=CN"
  },
  "TimeStamperCertificate": {
    "Archived": false,
    "Extensions": [
      "System.Security.Cryptography.X509Certificates.X509KeyUsageExtension",
      "System.Security.Cryptography.X509Certificates.X509BasicConstraintsExtension",
      "System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension",
      "System.Security.Cryptography.X509Certificates.X509Extension",
      "System.Security.Cryptography.X509Certificates.X509Extension",
      "System.Security.Cryptography.X509Certificates.X509SubjectKeyIdentifierExtension",
      "System.Security.Cryptography.X509Certificates.X509Extension",
      "System.Security.Cryptography.X509Certificates.X509Extension"
    ],
    "FriendlyName": "",
    "IssuerName": {
      "Name": "CN=DigiCert Assured ID CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US",
      "Oid": "System.Security.Cryptography.Oid"
    },
    "NotAfter": "/Date(1729555200000)/",
    "NotBefore": "/Date(1413936000000)/",
    "HasPrivateKey": false,
    "PrivateKey": null,
    "PublicKey": {
      "Key": "System.Security.Cryptography.RSACryptoServiceProvider",
      "Oid": "System.Security.Cryptography.Oid",
      "EncodedKeyValue": "System.Security.Cryptography.AsnEncodedData",
      "EncodedParameters": "System.Security.Cryptography.AsnEncodedData"
    },
    "SerialNumber": "03019A023AFF58B16BD6D5EAE617F066",
    "SubjectName": {
      "Name": "CN=DigiCert Timestamp Responder, O=DigiCert, C=US",
      "Oid": "System.Security.Cryptography.Oid"
    },
    "SignatureAlgorithm": {
      "Value": "1.2.840.113549.1.1.5",
      "FriendlyName": "sha1RSA"
    },
    "Thumbprint": "614D271D9102E30169822487FDE5DE00A352B01D",
    "Version": 3,
    "Handle": 2730008432176,
    "Issuer": "CN=DigiCert Assured ID CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US",
    "Subject": "CN=DigiCert Timestamp Responder, O=DigiCert, C=US"
  },
  "Status": 0,
  "StatusMessage": "ǩ����ͨ����֤��"
}
[2018-12-14 16:28:13.950] [error] Error: Error: New version 1.3.9 is not signed by the application owner: publisherNames: ????????????, raw info: {
  "SignerCertificate": {
    "FriendlyName": "",
    "IssuerName": {
      "Name": "CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US",
      "Oid": "System.Security.Cryptography.Oid"
    },
    "NotAfter": "/Date(1571227200000)/",
    "NotBefore": "/Date(1539043200000)/",
    "PrivateKey": null,
    "PublicKey": {
      "Key": "System.Security.Cryptography.RSACryptoServiceProvider",
      "Oid": "System.Security.Cryptography.Oid",
      "EncodedKeyValue": "System.Security.Cryptography.AsnEncodedData",
      "EncodedParameters": "System.Security.Cryptography.AsnEncodedData"
    },
    "SerialNumber": "076930A9A2AAC87FF89185F2981F9E19",
    "SignatureAlgorithm": {
      "Value": "1.2.840.113549.1.1.11",
      "FriendlyName": "sha256RSA"
    },
    "Thumbprint": "1E9CFB308269A03100DA31319E2562C2F7429130",
    "Version": 3,
    "Issuer": "CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US",
    "Subject": "CN=̨����������Ƽ����޹�˾, O=̨����������Ƽ����޹�˾, L=̨����, S=�㽭ʡ, C=CN, SERIALNUMBER=91331000MA28GER80U, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=̨�ݾ��ÿ�����, OID.1.3.6.1.4.1.311.60.2.1.2=�㽭ʡ, OID.1.3.6.1.4.1.311.60.2.1.3=CN"
  },
  "TimeStamperCertificate": {
    "Archived": false,
    "Extensions": [
      "System.Security.Cryptography.X509Certificates.X509KeyUsageExtension",
      "System.Security.Cryptography.X509Certificates.X509BasicConstraintsExtension",
      "System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension",
      "System.Security.Cryptography.X509Certificates.X509Extension",
      "System.Security.Cryptography.X509Certificates.X509Extension",
      "System.Security.Cryptography.X509Certificates.X509SubjectKeyIdentifierExtension",
      "System.Security.Cryptography.X509Certificates.X509Extension",
      "System.Security.Cryptography.X509Certificates.X509Extension"
    ],
    "FriendlyName": "",
    "IssuerName": {
      "Name": "CN=DigiCert Assured ID CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US",
      "Oid": "System.Security.Cryptography.Oid"
    },
    "NotAfter": "/Date(1729555200000)/",
    "NotBefore": "/Date(1413936000000)/",
    "HasPrivateKey": false,
    "PrivateKey": null,
    "PublicKey": {
      "Key": "System.Security.Cryptography.RSACryptoServiceProvider",
      "Oid": "System.Security.Cryptography.Oid",
      "EncodedKeyValue": "System.Security.Cryptography.AsnEncodedData",
      "EncodedParameters": "System.Security.Cryptography.AsnEncodedData"
    },
    "SerialNumber": "03019A023AFF58B16BD6D5EAE617F066",
    "SubjectName": {
      "Name": "CN=DigiCert Timestamp Responder, O=DigiCert, C=US",
      "Oid": "System.Security.Cryptography.Oid"
    },
    "SignatureAlgorithm": {
      "Value": "1.2.840.113549.1.1.5",
      "FriendlyName": "sha1RSA"
    },
    "Thumbprint": "614D271D9102E30169822487FDE5DE00A352B01D",
    "Version": 3,
    "Handle": 2730008432176,
    "Issuer": "CN=DigiCert Assured ID CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US",
    "Subject": "CN=DigiCert Timestamp Responder, O=DigiCert, C=US"
  },
  "Status": 0,
  "StatusMessage": "ǩ����ͨ����֤��"
}
    at t.newError (<hidden>\resources\app.asar\dist_electron\bundled\background.js:1:17281)
    at Object.<anonymous> (<hidden>\resources\app.asar\dist_electron\bundled\background.js:215:448915)
    at Generator.next (<anonymous>)
    at Generator.u (<hidden>\resources\app.asar\dist_electron\bundled\background.js:1:5526)
    at h._promiseFulfilled (<hidden>\resources\app.asar\dist_electron\bundled\background.js:215:175164)
    at S._settlePromise (<hidden>\resources\app.asar\dist_electron\bundled\background.js:215:125673)
    at S._settlePromise0 (<hidden>\resources\app.asar\dist_electron\bundled\background.js:215:126271)
    at S._settlePromises (<hidden>\resources\app.asar\dist_electron\bundled\background.js:215:127598)
    at s._drainQueue (<hidden>\resources\app.asar\dist_electron\bundled\background.js:215:130601)
    at s._drainQueues (<hidden>\resources\app.asar\dist_electron\bundled\background.js:215:130662)
    at Immediate.drainQueues (<hidden>\resources\app.asar\dist_electron\bundled\background.js:215:128873)
From previous event:
    at S.I [as _captureStackTrace] (<hidden>\resources\app.asar\dist_electron\bundled\background.js:215:144360)
    at new h (<hidden>\resources\app.asar\dist_electron\bundled\background.js:215:174039)
    at <hidden>\resources\app.asar\dist_electron\bundled\background.js:215:177128
    at t.NsisUpdater.downloadUpdate (<hidden>\resources\app.asar\dist_electron\bundled\background.js:11:78602)
    at EventEmitter.r.ipcMain.on (<hidden>\resources\app.asar\dist_electron\bundled\background.js:410:242914)
    at emitOne (events.js:116:13)
    at EventEmitter.emit (events.js:211:7)
    at WebContents.<anonymous> (<hidden>\resources\electron.asar\browser\api\web-contents.js:286:13)
    at emitTwo (events.js:126:13)
    at WebContents.emit (events.js:214:7)

I think this is because "windowsExecutableCodeSignatureVerifier" does not support Chinese encoding.

Note: My certificate Subject is Chinese.

Related issue:

3396

xiaoping6688 commented 5 years ago

modify windowsExecutableCodeSignatureVerifier.js:

execFile("powershell.exe", ["-NoProfile", "-NonInteractive", "-InputFormat", "None", "-Command", Get-AuthenticodeSignature '${tempUpdateFile}' | ConvertTo-Json -Compress, "-encoding utf8"]

stale[bot] commented 5 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.