search

shabados / presenter

Desktop app for presenting the Shabad OS Database on projectors, TVs, and live streams
https://shabados.com
MIT License
19 stars 15 forks source link

CI Windows Code Signing #265

Closed Harjot1Singh closed 5 years ago

Harjot1Singh commented 5 years ago

Unable to get codesigning to work on CI, supplying the same params on local machine works fine.

Might be related: https://travis-ci.community/t/codesigning-on-windows/1385

#!powershell.exe
npm run dist -- -${PLATFORM_FLAG}
> @shabados/desktop@0.0.1 dist C:\Users\circleci\shabad-os
> electron-builder "-"
  • electron-builder  version=21.2.0 os=10.0.17763
  • artifacts will be published if draft release exists  reason=CI detected
  • loaded configuration  file=package.json ("build" field)
  • rebuilding native dependencies  dependencies=sqlite3@4.1.0 platform=win32 arch=x64
  • packaging       platform=win32 arch=x64 electron=7.0.0-beta.5 appOutDir=dist\win-unpacked
  • downloading     url=https://github.com/electron/electron/releases/download/v7.0.0-beta.5/electron-v7.0.0-beta.5-win32-x64.zip size=63 MB parts=8
  • downloaded      url=https://github.com/electron/electron/releases/download/v7.0.0-beta.5/electron-v7.0.0-beta.5-win32-x64.zip duration=880ms
  • asar using is disabled — it is strongly not recommended  solution=enable asar and use asarUnpack to unpack files that must be externally available
  • signing         file=dist\win-unpacked\resources\app\node_modules\node-notifier\vendor\notifu\notifu.exe certificateFile=C:\Users\circleci\AppData\Local\Temp\t-6e7Hhf\0.p12
  • signing         file=dist\win-unpacked\resources\app\node_modules\node-notifier\vendor\notifu\notifu64.exe certificateFile=C:\Users\circleci\AppData\Local\Temp\t-6e7Hhf\0.p12
  • signing         file=dist\win-unpacked\resources\app\node_modules\node-notifier\vendor\snoreToast\snoretoast-x86.exe certificateFile=C:\Users\circleci\AppData\Local\Temp\t-6e7Hhf\0.p12
  • signing         file=dist\win-unpacked\resources\app\node_modules\node-notifier\vendor\snoreToast\snoretoast-x64.exe certificateFile=C:\Users\circleci\AppData\Local\Temp\t-6e7Hhf\0.p12
  • downloading     url=https://github.com/electron-userland/electron-builder-binaries/releases/download/winCodeSign-2.5.0/winCodeSign-2.5.0.7z size=5.6 MB parts=1
  • downloaded      url=https://github.com/electron-userland/electron-builder-binaries/releases/download/winCodeSign-2.5.0/winCodeSign-2.5.0.7z duration=561ms
  ⨯ Cannot cleanup: 
Error #1 --------------------------------------------------------------------------------
Error: Exit code: 1. Command failed: C:\Users\circleci\AppData\Local\electron-builder\Cache\winCodeSign\winCodeSign-2.5.0\windows-10\x64\signtool.exe sign /t http://timestamp.digicert.com /f C:\Users\circleci\AppData\Local\Temp\t-6e7Hhf\0.p12 /d Shabad OS /du https://github.com/ShabadOS/desktop#readme /p 96b2a819e8d0359e1f231cb2d928e2c011ea82fb6c7f2405382c39be05abab8d (sha256 hash) /debug C:\Users\circleci\shabad-os\dist\win-unpacked\resources\app\node_modules\node-notifier\vendor\snoreToast\snoretoast-x86.exe
SignTool Error: An unexpected internal error has occurred.
Error information: "Error: Store::ImportCertObject() failed." (-2146893808/0x80090010)
SignTool Error: An unexpected internal error has occurred.
    at C:\Users\circleci\shabad-os\node_modules\builder-util\src\util.ts:125:16
    at ChildProcess.exithandler (child_process.js:311:5)
    at ChildProcess.emit (events.js:196:13)
    at maybeClose (internal/child_process.js:1000:16)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:267:5)
Error #2 --------------------------------------------------------------------------------
Error: Exit code: 1. Command failed: C:\Users\circleci\AppData\Local\electron-builder\Cache\winCodeSign\winCodeSign-2.5.0\windows-10\x64\signtool.exe sign /t http://timestamp.digicert.com /f C:\Users\circleci\AppData\Local\Temp\t-6e7Hhf\0.p12 /d Shabad OS /du https://github.com/ShabadOS/desktop#readme /p 96b2a819e8d0359e1f231cb2d928e2c011ea82fb6c7f2405382c39be05abab8d (sha256 hash) /debug C:\Users\circleci\shabad-os\dist\win-unpacked\resources\app\node_modules\node-notifier\vendor\notifu\notifu.exe
SignTool Error: An unexpected internal error has occurred.
Error information: "Error: Store::ImportCertObject() failed." (-2146893808/0x80090010)
SignTool Error: An unexpected internal error has occurred.
    at C:\Users\circleci\shabad-os\node_modules\builder-util\src\util.ts:125:16
    at ChildProcess.exithandler (child_process.js:311:5)
    at ChildProcess.emit (events.js:196:13)
    at maybeClose (internal/child_process.js:1000:16)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:267:5)
Harjot1Singh commented 5 years ago

Effectively, CircleCI Windows is running off a non-standard user account which cannot import the certificate into the right place due to permissions?

Harjot1Singh commented 5 years ago

Solved. For further reference, see #266.

CircleCI's Windows user account does not give access to importing certificates into the Current User store. Thus, they must be imported to Local Machine (which ironically, requires elevated priviledges, but still works).