Unable to make with certificate signed

alishah730 commented 7 months ago

Pre-flight checklist

[X] I have read the contribution documentation for this project.
[X] I agree to follow the code of conduct that this project uses.
[X] I have searched the issue tracker for a bug that matches the one I want to file, without success.

Electron Forge version

✔ Checking your system 7.3.0

Electron version

v29.0.1

Operating system

Windows 10 Version 10.0.19045 Build 19045

Last known working Electron Forge version

None

Expected behavior

Expected behavior is after running npm run make it should produce a signed executable

Actual behavior

its not creating any signed build and throwing error

An unhandled rejection has occurred inside Forge:
Error: Failed with exit code: 4294967295
Output:
System.AggregateException: One or more errors occurred. ---> System.Exception: Failed to sign, command invoked was: 'C:\Users\ali\Downloads\my-app\node_modules\electron-winstaller\vendor\signtool.exe sign /a /f "C:\Users\ali\Downloads\my-app\cert.p12" /p "********" C:\Users\ali\AppData\Local\SquirrelTemp\tempa\lib\net45\ffmpeg.dll'
   at Squirrel.Update.Program.<signPEFile>d__17.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Squirrel.Update.Program.<>c__DisplayClass10_0.<<Releasify>b__14>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at Squirrel.Utility.<>c__DisplayClass13_1`1.<<ForEachAsync>b__1>d.MoveNext()
   --- End of inner exception stack trace ---
   at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
   at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
   at Squirrel.Update.Program.<>c__DisplayClass10_0.<Releasify>b__7(String pkgPath)
   at Squirrel.ReleasePackage.CreateReleasePackage(String outputFile, String packagesRootDir, Func`2 releaseNotesProcessor, Action`1 contentsPostProcessHook)
   at Squirrel.Update.Program.Releasify(String package, String targetDir, String packagesDir, String bootstrapperExe, String backgroundGif, String signingOpts, String baseUrl, String setupIcon, Boolean generateMsi, Boolean packageAs64Bit, String frameworkVersion, Boolean generateDeltas)
   at Squirrel.Update.Program.executeCommandLine(String[] args)
   at Squirrel.Update.Program.main(String[] args)
   at Squirrel.Update.Program.Main(String[] args)
---> (Inner Exception #0) System.Exception: Failed to sign, command invoked was: 'C:\Users\ali\Downloads\my-app\node_modules\electron-winstaller\vendor\signtool.exe sign /a /f "C:\Users\ali\Downloads\my-app\cert.p12" /p "********" C:\Users\ali\AppData\Local\SquirrelTemp\tempa\lib\net45\ffmpeg.dll'
   at Squirrel.Update.Program.<signPEFile>d__17.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Squirrel.Update.Program.<>c__DisplayClass10_0.<<Releasify>b__14>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at Squirrel.Utility.<>c__DisplayClass13_1`1.<<ForEachAsync>b__1>d.MoveNext()<---
at ChildProcess.<anonymous> (C:\Users\ali\Downloads\my-app\node_modules\electron-winstaller\lib\spawn-promise.js:48:24)
    at ChildProcess.emit (node:events:519:28)
    at ChildProcess.emit (node:domain:488:12)
    at maybeClose (node:internal/child_process:1105:16)
    at ChildProcess._handle.onexit (node:internal/child_process:305:5)

Steps to reproduce

create new electron app
update makers config with certificate details as per documentation
execute npm run make

Additional information

why its trying to sign C:\Users\ali\AppData\Local\SquirrelTemp\tempa\lib\net45\ffmpeg.dll

which does not exist in my system

here is forge.config.js

const { FusesPlugin } = require('@electron-forge/plugin-fuses');
const { FuseV1Options, FuseVersion } = require('@electron/fuses');

module.exports = {
  packagerConfig: {
    asar: true
  },
  rebuildConfig: {},
  makers: [
    {
      name: '@electron-forge/maker-squirrel',
      config: {
        certificateFile: "./cert.p12",
        certificatePassword: "****"
      },
    },
    {
      name: '@electron-forge/maker-zip',
      platforms: ['darwin'],
    },
    {
      name: '@electron-forge/maker-deb',
      config: {},
    },
    {
      name: '@electron-forge/maker-rpm',
      config: {},
    },
  ],
  plugins: [
    {
      name: '@electron-forge/plugin-auto-unpack-natives',
      config: {},
    },
    // Fuses are used to enable/disable various Electron functionality
    // at package time, before code signing the application
    new FusesPlugin({
      version: FuseVersion.V1,
      [FuseV1Options.RunAsNode]: false,
      [FuseV1Options.EnableCookieEncryption]: true,
      [FuseV1Options.EnableNodeOptionsEnvironmentVariable]: false,
      [FuseV1Options.EnableNodeCliInspectArguments]: false,
      [FuseV1Options.EnableEmbeddedAsarIntegrityValidation]: true,
      [FuseV1Options.OnlyLoadAppFromAsar]: true,
    }),
  ],
};

jbouduin commented 3 months ago

I have the same issue with:

electron 30.0.1
@electron-forge/client 7.4.0
on Windows 11

It all worked fine, right from the beginning. And all of a sudden, without updating electron or any related package, it refuses to sign with the same error. The stupid thing about it is that it does not even give any indication why it fails to sign.

@alishah730 The file it tries to sign does exist. But after the failure, it is immediately removed.

jbouduin commented 3 months ago

@alishah730 I did try to run the signtool manually, on some other executalbe file and it showed me the following

C:\data\GitHub\collection_manager>C:\data\GitHub\collection_manager\node_modules\electron-winstaller\vendor\signtool.exe sign /a /f "C:\data\GitHub\collection_manager\.cm\collection_manager.pfx" /p "<here comes the password>" C:\data\github\collection_manager\out\collection.manager-win32-x64\collection.manager.exe Done Adding Additional Store SignTool Error: The signer's certificate is not valid for signing. SignTool Error: An error occurred while attempting to sign: C:\data\github\collection_manager\out\collection.manager-win32-x64\collection.manager.exe

So the issue with signing was that the certificate was not valid. I refreshed it and now the signing succeeded.

As mentioned before: the real issue with forge resp. electron-build is that the reason why signing fails is not displayed at all. It would have saved me a few hours of investigation.

liu-jin-yi commented 3 months ago

@alishah730我确实尝试在其他可执行文件上手动运行 signtool，它显示了以下内容

C:\data\GitHub\collection_manager>C:\data\GitHub\collection_manager\node_modules\electron-winstaller\vendor\signtool.exe sign /a /f "C:\data\GitHub\collection_manager\.cm\collection_manager.pfx" /p "<here comes the password>" C:\data\github\collection_manager\out\collection.manager-win32-x64\collection.manager.exe Done Adding Additional Store SignTool Error: The signer's certificate is not valid for signing. SignTool Error: An error occurred while attempting to sign: C:\data\github\collection_manager\out\collection.manager-win32-x64\collection.manager.exe

因此签名的问题是证书无效。我刷新了它，现在签名成功了。

如前所述：forge 和 electron-build 的真正问题是签名失败的原因根本没有显示。这可以节省我几个小时的调查时间。

Hi, how can I solve this problem?

jbouduin commented 3 months ago

@liu-jin-yi get a valid certificate. Mine was invalid because it was expired.

liu-jin-yi commented 3 months ago

我的无效，因为它已经过期了。

I got this error in the jenkins build, but my local build was normal

🤔

liu-jin-yi commented 3 months ago

This problem is solved

electron / forge