成功检查更新并下载最新后,更新程序显示错误New version 1.0.12 is not signed by the application owner: publisherNames: Cryptostamped LLC,。
该错误仅存在于生产中(当通过.exe安装程序安装应用程序时)。“预览模式”没有错误。
该应用程序使用 electron-builder 自动签名,pack脚本将其打包并签名:
"pack": "yarn run build && yarn run rebuild && cross-env CSC_IDENTITY_AUTO_DISCOVERY=false electron-builder -c ./electron-builder.json --win"
我在我的electron-builder.json配置中提供了 publisherName,并且(以防万一)写了“发布”部分。
"win": {
"publisherName": "Cryptostamped LLC",
"certificatePassword": "5947",
"certificateFile": "./sign/certificate.pfx",
"icon": "build/icons/icon.ico",
"target": [
{
"target": "nsis",
"arch": ["x64"]
}
]
},
"publish": [
{
"provider": "generic",
"url": "https://diana.crp.st/auto_updates/dev/",
"publishAutoUpdate" : true
}
],
每个版本都使用相同的证书签名,certificate.pfx. 证书是通过自签名的openssl,其中key.pem和cert.pem使用以下命令生成:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -subj "//C=RU\L=Moscow\ST=Moscow\O=Cryptostamped\OU=Cryptostamped Moscow\emailAddress=office@cryptostamped.com\CN=Cryptostamped LLC"
并且证书文件本身是通过以下方式生成的:
openssl pkcs12 -export -out certificate.pfx -inkey key.pem -in cert.pem
但无论如何,更新程序显示错误。此外,更新过程在“预览”模式下运行良好(名为 npm 脚本preview):
"preview": "yarn build && cross-env NODE_ENV=production electron ./app/",
在安装程序属性中,我看到正确的(我认为)数字签名:
以下是详细信息:
完整的错误日志在这里:
Error: New version 1.0.12 is not signed by the application owner: publisherNames: Cryptostamped LLC, raw info: {
"SignerCertificate": {
"FriendlyName": "",
"IssuerName": {
"Name": "CN=Cryptostamped LLC, E=office@cryptostamped.com, OU=Cryptostamped Moscow, O=Cryptostamped, S=Moscow, L=Moscow, C=RU",
"Oid": "System.Security.Cryptography.Oid"
},
"NotAfter": "/Date(1668700809000)/",
"NotBefore": "/Date(1637164809000)/",
"PrivateKey": null,
"PublicKey": {
"Key": "System.Security.Cryptography.RSACryptoServiceProvider",
"Oid": "System.Security.Cryptography.Oid",
"EncodedKeyValue": "System.Security.Cryptography.AsnEncodedData",
"EncodedParameters": "System.Security.Cryptography.AsnEncodedData"
},
"SerialNumber": "234EE4A08FDCD1DBD8FBD434413D1B7D26FBE1B0",
"SignatureAlgorithm": {
"Value": "1.2.840.113549.1.1.11",
"FriendlyName": "sha256RSA"
},
"Thumbprint": "1E7D49946DFF1C1B1430400178BBA5232F9B401B",
"Version": 3,
"Issuer": "CN=Cryptostamped LLC, E=office@cryptostamped.com, OU=Cryptostamped Moscow, O=Cryptostamped, S=Moscow, L=Moscow, C=RU",
"Subject": "CN=Cryptostamped LLC, E=office@cryptostamped.com, OU=Cryptostamped Moscow, O=Cryptostamped, S=Moscow, L=Moscow, C=RU"
},
"TimeStamperCertificate": {
"Archived": false,
"Extensions": [
"System.Security.Cryptography.X509Certificates.X509KeyUsageExtension",
"System.Security.Cryptography.X509Certificates.X509BasicConstraintsExtension",
"System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension",
"System.Security.Cryptography.X509Certificates.X509Extension",
"System.Security.Cryptography.X509Certificates.X509Extension",
"System.Security.Cryptography.X509Certificates.X509SubjectKeyIdentifierExtension",
"System.Security.Cryptography.X509Certificates.X509Extension",
"System.Security.Cryptography.X509Certificates.X509Extension"
],
"FriendlyName": "",
"IssuerName": {
"Name": "CN=DigiCert SHA2 Assured ID Timestamping CA, OU=www.digicert.com, O=DigiCert Inc, C=US",
"Oid": "System.Security.Cryptography.Oid"
},
"NotAfter": "/Date(1925424000000)/",
"NotBefore": "/Date(1609459200000)/",
"HasPrivateKey": false,
"PrivateKey": null,
"PublicKey": {
"Key": "System.Security.Cryptography.RSACryptoServiceProvider",
"Oid": "System.Security.Cryptography.Oid",
"EncodedKeyValue": "System.Security.Cryptography.AsnEncodedData",
"EncodedParameters": "System.Security.Cryptography.AsnEncodedData"
},
"SerialNumber": "0D424AE0BE3A88FF604021CE1400F0DD",
"SubjectName": {
"Name": "CN=DigiCert Timestamp 2021, O=\"DigiCert, Inc.\", C=US",
"Oid": "System.Security.Cryptography.Oid"
},
"SignatureAlgorithm": {
"Value": "1.2.840.113549.1.1.11",
"FriendlyName": "sha256RSA"
},
"Thumbprint": "E1D782A8E191BEEF6BCA1691B5AAB494A6249BF3",
"Version": 3,
"Handle": 2005593979568,
"Issuer": "CN=DigiCert SHA2 Assured ID Timestamping CA, OU=www.digicert.com, O=DigiCert Inc, C=US",
"Subject": "CN=DigiCert Timestamp 2021, O=\"DigiCert, Inc.\", C=US"
},
"Status": 1,
"StatusMessage": "A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider"
}