search

electron-userland / electron-builder

A complete solution to package and build a ready for distribution Electron app with “auto update” support out of the box
https://www.electron.build
MIT License
13.64k stars 1.74k forks source link

Cannot sign AppX #8605

Open gabrik opened 1 week ago

gabrik commented 1 week ago

I get an error when trying to sign an Appx, following issue #7203 I've set the environment variable to use the windows-provided signtool.exe, and updated the electron-builder.json5 accordingly.

...
win: {
    icon: './<redacted>',
    target: ['appx'],
    artifactName: '<redacted>',
    signingHashAlgorithms: ["sha256"]
  },
  appx: {
    publisher: "CN=<redacted>",
    applicationId: "<redacted>"
  }
  ....

But the CI still fails with:

  [success] You can now deploy `.output/public` to any static hosting!
  • electron-builder  version=24.13.3 os=10.0.22621
  • loaded configuration  file=C:\Users\<Redacted>\actions-runner\_work\<Redacted>\<Redacted>\electron-builder.json5
  • packaging       platform=win32 arch=x64 electron=31.6.0 appOutDir=packages\win-unpacked
  • signing         file=packages\win-unpacked\<Redacted>.exe certificateFile=***\***
  • building        target=AppX arch=x64 file=packages\ <Redacted>.appx
  • signing         file=packages\ <Redacted>.appx certificateFile=***\***
  ⨯ Exit code: 1. Command failed: C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe sign /tr http://timestamp.digicert.com /f ***\*** /fd sha256 /td sha256 /d <Redacted> /du https://github.com/<Redacted> /p <Redacted> (sha256 hash) /debug C:\Users\<Redacted>\actions-runner\_work\<Redacted>\<Redacted>\packages\<Redacted>.appx
SignTool Error: An unexpected internal error has occurred.
The following certificates were considered:
    Issued to: <Redacted>
    Issued by: <Redacted>
    Expires:    <Redacted>
    SHA1 hash:  <Redacted>
    Issued to:  <Redacted>
    Issued by:  <Redacted>
    Expires:    <Redacted>
    SHA1 hash:  <Redacted>
After EKU filter, 2 certs were left.
After expiry filter, 2 certs were left.
After Private Key filter, 1 certs were left.
The following certificate was selected:
    Issued to: <Redacted>
    Issued by: <Redacted>
    Expires:   <Redacted>
    SHA1 hash: <Redacted>
The following additional certificates will be attached:
    Issued to: <Redacted>
    Issued by: <Redacted>
    Expires:   <Redacted>
    SHA1 hash: <Redacted>
    Issued to: <Redacted>
    Issued by: <Redacted>
    Expires:   <Redacted>
    SHA1 hash: <Redacted>
Done Adding Additional Store
Error information: "Error: SignerSign() failed." (-2147024885/0x8007000b)
SignTool Error: An unexpected internal error has occurred.
  failedTask=build stackTrace=Error: Exit code: 1. Command failed: C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe sign /tr http://timestamp.digicert.com /f ***\*** /fd sha256 /td sha256 /d <Redacted> /du https://github.com/<Redacted> /p <Redacted> (sha256 hash) /debug C:\Users\<Redacted>\actions-runner\_work\<Redacted>\<Redacted>\packages\<Redacted>.appx
SignTool Error: An unexpected internal error has occurred.

any suggestion?

with the same certificate I was able to sign NSIS and portables.

mmaietta commented 1 week ago

Exit code: 1. Command failed: C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe

If you're setting a custom signtool path, that really limits the support I can provide here as the error is cryptic. Does this occur for you when you use the electron-builder-binaries supplied signtool.exe?