Open PascalPixel opened 4 months ago
Here's mine that works for SSL.com;
const forgeConfig: ForgeConfig = {
packagerConfig: {
// invalid according to typescript,
// but this is the only place it works,
// all the other places you can put this key will *not* pick it up
// during the build process and use the built-in signTool
// @ts-ignore
signToolPath: path.resolve(
"C:\\Users\\circleci\\project\\CodeSignTool.bat",
),
signWithParams: [
`-override="true"`,
`-credential_id="${process.env.WINDOWS_CERT_CREDENTIAL_ID}"`,
`-username="${process.env.WINDOWS_CERT_USER_NAME}"`,
`-password="${process.env.WINDOWS_CERT_PASSWORD}"`,
`-totp_secret="${process.env.WINDOWS_CERT_USER_TOTP}"`,
],
},
};
export default forgeConfig;
I've been trying to use the WindowsSign
options with MakerWix
. According to the code, the config is just passed directly into MSICreator
(https://github.com/electron/forge/blob/main/packages/maker/wix/src/MakerWix.ts#L40) which supports the option (https://github.com/electron-userland/electron-wix-msi/blob/master/src/creator.ts#L74) so maybe it's as simple as updating the MakerWixConfig
interface (https://github.com/electron/forge/blob/main/packages/maker/wix/src/Config.ts#L3)?
as my last code snippet said, even though typescript reports it as invalid, i found this the only place to put the signing config that actually picks up the options; packagerConfig
give that a try?
I am also running into a similar situation using an SSL EV certificate and the @electron-forge/maker-squirrel. I set up the SSL eSigner CKA using the SSL guide to automate with signtool.exe and got it working on its own outside of Forge. Unfortunately, I need to use the SSL CodeSignTool pre-signing malware scan as well, but I'm not sure how to use it within the Forge build config.
I've also been trying all day to get Squirrel to actually use the windowsSign config that is described in the docs, with no luck. I'm definitely misunderstanding something here.
Running in the package step is going to cause squirrel's various generated binaries to go unsigned, which isn't going to work for us.
Pre-flight checklist
Problem description
The docs haven't been updated for a year now regarding windows code signing, electron's own docs have however and make reference to
windowsSign
in forge, but I would love to have examples of how to usewindowsSign
on forge in combination withMakerSquirrel
, as I seem unable to get it working with ssl.com's cloud signing after several months of stumbling in and out of trying 🤡Proposed solution
Update the docs with examples for;
Alternatives considered
I tried Electron Forge SSL Code Sign Plugin but it runs too late and doesn't update the RELEASES file, meaning no updates are installed on Windows due to a checksum mismatch.
Additional information
No response