fix: generate stubExecutableExe and sign it #8959
Conversation
|
packages/electron-builder-squirrel-windows/src/SquirrelWindowsTarget.ts
Outdated
Show resolved
Hide resolved
| @@ -19,6 +19,7 @@ | |||
| <file src="*.pak" target="lib\net45" /> | |||
| <file src="*.exe.config" target="lib\net45" /> | |||
| <file src="*.exe.sig" target="lib\net45" /> | |||
| <file src="*_ExecutionStub.exe" target="lib\net45" /> | |||
There was a problem hiding this comment.
Why is this now being added?
There was a problem hiding this comment.
Since electron-builder now generates and signs *_ExecutionStub.exe, adding this configuration will move the generated *_ExecutionStub.exe to the lib\net45 directory.
|
|
|
Looks like |
|
Looks like it works sans the package.json not including vendor in the package - good job @beyondkmp I also checked that the number of signings remained the same |
There was a problem hiding this comment.
Adding the vendor directory adds a few megabytes (quick maffs) to the repo, which is the antipattern from what electron-builder-binaries is supposed to be used for. IIRC though, the squirrel windows target/package must be installed separately and isn't part of the electron-builder dependency tree, right? In this case, I think it's safe to add the vendor files (albeit I'll still need to verify file origin). In general though, we should avoid adding vendor files directly to electron-builder unless absolutely necessary (which is the case with this fix)
| for (const file of files) { | ||
| if (path.extname(file.name) === ".exe" && path.basename(file.name, "exe") !== "Squirrel") { | ||
| const filePath = path.join(appOutDir, file.name) | ||
| log.debug({ file: filePath }, "generating stub executable for exe") |
There was a problem hiding this comment.
Can use log.filePath(filePath) here
| if (path.extname(file.name) === ".exe" && path.basename(file.name, "exe") !== "Squirrel") { | ||
| const filePath = path.join(appOutDir, file.name) | ||
| log.debug({ file: filePath }, "generating stub executable for exe") | ||
| const fileNameWithoutExt = file.name.slice(0, -4) |
There was a problem hiding this comment.
Can extract path.basename(file.name, "exe") from if-statement to a const and then reuse here instead of using slice since basename w/ ext supplied should get us the filenameWithoutExt
Yup, |
my bad. Added. |
|
These vendor files are copied from the GitHub Actions workflow at https://github.com/beyondkmp/Squirrel.Windows/actions/runs/13871759240/job/38819263248 and the other files(like 7zip,nuget) are copiled from https://github.com/electron/windows-installer/tree/main/vendor. https://github.com/Squirrel/Squirrel.Windows/pull/1903/files |
fix #8952
Root Cause
when createExecutableStubForExe is executed, WriteZipToSetup writes information to the file, essentially creating a new file, which invalidates the original signature.
https://github.com/Squirrel/Squirrel.Windows/blob/51f5e2cb01add79280a53d51e8d0cfa20f8c9f9f/src/Update/Program.cs#L633-L647
How to fix
Apply a patch to the Squirrel Windows source code(Squirrel/Squirrel.Windows#1903). For the existing stub exe files, don't generate them anymore. Then, a new stub exe can be generated in Electron Builder and signed.