我想使用 sectigo EV USB 对我的电子应用程序进行代码签名,它使用 electron forge 来打包应用程序和 wix-msi 制造商。
参考wix-msi 配置选项后,我能够使用 signWithParams 选项来签署创建的 msi,但由于打包程序本身没有签署 exe 和 dll,wix 制造商只是制作这些进入 MSI 安装程序。
安装 msi 后,应用程序仍未签名,因为 forge 未对应用程序进行签名,我该如何解决此问题?我尝试过以下方法:
const sign = require('electron-windows-sign');
const appPath = 'sample/Path';
const certificateSubjectName = 'certificateSubjectName';
// Sign all .exe and .dll files in the packaged app
await sign({
appPath,
certificateSubjectName, /
});
win: {
// The subject name of the certificate
certificateSubjectName: 'Name of certificate',
signWithParams: '/v /td sha256 /fd sha256 /n "Name of certificate"',
},
附注我不想使用电子构建器。
post 包钩子,因为 Forge 本质上没有签名配置/选项/功能。 在我的 forge.config.js:
const { execSync } = require('child_process');
const config = {
// other configs
packagerConfig : {
// packager Configs
),
makers: [
{
"name": "@electron-forge/maker-wix",
"config": {
"ui": {
"chooseDirectory": true,
},
appUserModelId: 'com.company.app',
language: 1033, // English (US)
signWithParams: '/tr http://timestamp.digicert.com /td sha256 /fd sha256 /a', // EV Signing Parameters
}
},
],
hooks: {
postPackage: async (forgeConfig, options) => {
// signing files post package
const appPath = path.join(options.outputPaths[0]); // you may use your relevatant options path
console.log("appPath:", appPath);
// Set up the executables or DLLs to be signed
const executables = [
path.join(appPath, 'app.exe'),
path.join(appPath, 'd3dcompiler_47.dll'),
path.join(appPath, 'ffmpeg.dll'),
path.join(appPath, 'libEGL.dll'),
path.join(appPath, 'libGLESv2.dll'),
path.join(appPath, 'vk_swiftshader.dll'),
path.join(appPath, 'vulkan-1.dll'),
];
// Iterate over the files and sign them
executables.forEach((file) => {
console.log(`Signing file: ${file}`);
// For Windows: Use signtool to sign the file
execSync(`signtool sign /n "cert subject name" /tr http://timestamp.digicert.com /td sha256 /fd sha256 "${file}"`);
});
}
}
}
注意:您需要配置windows SDK提供的signtool,在cmd中输入“signtool”进行检查,如果不存在请安装signtool并设置环境变量的路径。