在构建过程中运行Windows / NSIS的电子构建器之后,我们的开发团队设置了一个构建脚本,该脚本在部署之前运行以对exe进行代码签名。到达服务器后,电子更新程序因sha512校验和不匹配而失败(安装过程中出现错误,完全下载后)。我还尝试从服务器中提取exe文件并从Visual Studio CMD运行codesign util,然后重新上传。自动更新程序也会因同样的错误而失败。
生成后,是否无法对exe 进行签名,并且仍允许自动更新程序正常工作?
签名:
signtool.exe sign /tr http://timestamp.digicert.com /td sha256 /fd sha256 /sha1 value "path"
日志:
Error: sha512 checksum mismatch, expected [value], got [different value]
package.json中的配置:
"build": {
"appId": "com.stripped.stripped.stripped",
"directories": {
"output": "dist-exe",
"app": "dist"
},
"win": {
"target": "nsis",
"icon": "dist/assets/favicon/favicon-256x256.ico",
"verifyUpdateCodeSignature": false,
"publish": {
"provider": "generic",
"url": "##{ElecronAppUpdaterLocation}##"
}
},
"nsis": {
"artifactName": "Setup_${version}.${ext}",
"installerIcon": "dist/assets/favicon/favicon-256x256.ico",
"installerHeaderIcon": "dist/assets/favicon/favicon-256x256.ico"
}
}
答案 0 :(得分:3)
如果仍在寻找手动生成电子校验和的人,则可以使用此处https://github.com/electron-userland/electron-builder/issues/3913#issuecomment-504698845
提到的脚本我已经对其进行了测试,并且工作正常,Electron能够使用手动生成的校验和将应用程序更新为版本。
const path = require('path');
const fs = require('fs');
const crypto = require('crypto');
const YOUR_FILE_PATH = ''; // POPULATE THIS
function hashFile(file, algorithm = 'sha512', encoding = 'base64', options) {
return new Promise((resolve, reject) => {
const hash = crypto.createHash(algorithm);
hash.on('error', reject).setEncoding(encoding);
fs.createReadStream(
file,
Object.assign({}, options, {
highWaterMark: 1024 * 1024,
/* better to use more memory but hash faster */
})
)
.on('error', reject)
.on('end', () => {
hash.end();
console.log('hash done');
console.log(hash.read());
resolve(hash.read());
})
.pipe(
hash,
{
end: false,
}
);
});
}
const installerPath = path.resolve(
__dirname,
YOUR_FILE_PATH
);
hashFile(installerPath);
答案 1 :(得分:0)
根据response to the issue on electron-builder in GH,生成后不允许对其进行签名,这很可能会改变我们的构建过程。