electron builder fails to parse identityName of appx

[vasyl-shumskyi]

Hello,

Electron-builder (19.27.3) fails to parse identityName provided by Microsoft:

Using "release-builds\pre-appx-\appxmanifest.xml" as the manifest for the package.
MakeAppx : error: Error info: /*[local-name()="Package" and namespace-uri()="http://schemas.microsoft.com/appx/manifest/foundation/windows10"]/*[local-name()="Applications" and namespace-uri()="http://schemas.microsoft.com/appx/manifest/foundation/windows10"][1]/*[local-name()="Application" and namespace-uri()="http://schemas.microsoft.com/appx/manifest/foundation/windows10"][1]/@Id
'1234Company.MyAppName' violates pattern constraint of '([A-Za-z][A-Za-z0-9]*)(\.[A-Za-z][A-Za-z0-9]*)*'.
The attribute 'Id' with value '1234Company.MyAppName' failed to parse.
MakeAppx : error: Package creation failed.
MakeAppx : error: 0x80080204 - The specified package format is not valid: The package manifest is not valid.

My package.json electron-builder section looks like the following:

 "build": {
    "appId": "yourappid",
    "directories": {
      "output": "release-builds"
    },
    "appx" : { 
      "identityName" : "1234Company.MyAppName",
      "publisher" : "CN=123456789-1234567889",
      "publisherDisplayName" : "Company"
    },
    "win": {
      "target": [
        "appx"
        ],
      "certificateFile" : "cert.pfx"
    }
  }
}

Generated by electron-builder Identity section in appxmanifest.xml looks ok for me:

<?xml version="1.0" encoding="utf-8"?>
<Package
   xmlns="http://schemas.microsoft.com/appx/manifest/foundation/windows10"
   xmlns:uap="http://schemas.microsoft.com/appx/manifest/uap/windows10"
   xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities">
  <!-- use single quotes to avoid double quotes escaping in the publisher value  -->
  <Identity Name="1234Company.MyAppName"
    ProcessorArchitecture="x64"
    Publisher='CN=123456789-123456789'
    Version="2.1.1.0" />

Kindly help.

[vasyl-shumskyi]

As mentioned here: https://social.msdn.microsoft.com/Forums/windowsserver/en-US/0f0aa264-7ae9-4ed3-b253-3660c35839d2/app-build-issue-concerning-packageidentityname?forum=wpdevelop

The assigned product name begins with a digit and the build will not execute providing the following error. The build succeeds if the App Identity or Package/Identity/Name starts with a character. Unfortunately, in the Windows Developer Dashboard, the Package/Identity/Name must be 40174VendaettaSystems.NorthstartInfinite.

So it still not very clear how to overcome this... Is it bug in MakeAppx?

I tried to replace electron-builder's makeappx version with Windows Kit few days fresher version. But it didn't help.

Removed sensitive info

Updating electron-builder to the latest and greatest (19.30.1) didn't help and produced additional undefined error, so I had to rollback (19.27.3).

CSC_KEY_PASSWORD is not defined, empty password will be used
TypeError: Cannot read property 'mode' of undefined

[vasyl-shumskyi]

@black-snow @develar sorry for pinging you guys. But looks like i won't be able to go trough this alone :) Kindly ask you to assist.

Any ideas will be helpful.

[black-snow]

Looks like (despite the docs) identityName must start with a letter. Have you tried changing it to see if you get past the error? Also have you checked you're using the correct identityName?

Seems like an issue with makeappx - I think you should contact MS support (they've been pretty helpful).

[vasyl-shumskyi]

Thanks @black-snow. The identityName is correct - its the one issued by Windows Store (i modified it slightly in this issue for security reasons, but format was strictly preserved).

Yep I tried to start the identityName with a lowercase and uppercase letter in a turn - but got unexpected internal error

SignTool Error: An unexpected internal error has occurred.

Done Adding Additional Store
Error information: "Error: SignerSign() failed." (-2147024885/0x8007000b)

SignTool Error: An unexpected internal error has occurred.

    at C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\node_modules\builder-util\src\util.ts:86:16
    at ChildProcess.exithandler (child_process.js:277:5)
    at emitTwo (events.js:125:13)
    at ChildProcess.emit (events.js:213:7)
    at maybeClose (internal/child_process.js:927:16)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:211:5)
From previous event:
    at exec (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\node_modules\builder-util\src\util.ts:58:3)
    at C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\src\windowsCodeSign.ts:141:10
    at Generator.next (<anonymous>)
    at runCallback (timers.js:781:20)
    at tryOnImmediate (timers.js:743:5)
    at processImmediate [as _immediateCallback] (timers.js:714:5)
From previous event:
    at spawnSign (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\out\windowsCodeSign.js:115:22)
    at C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\src\windowsCodeSign.ts:60:11

[vasyl-shumskyi]

@black-snow I just contacted Matteo Pagani from MS and he kindly responded me with the following information regarding this issue:

I don’t think it’s a bug in MakeAppx, rather in the way how Electron Builder builds the package.
Here is a little bit of background. There are two kind of identities described in the manifest file:

One is the Name attribute of the Identity tag, which must match the one assigned by the Dev Center.

One is the Id attribute of the Application tag, which instead can be a free value, it doesn’t have any impact on defining the package identity. This value can’t start with numbers, otherwise it would violate the manifest schema definition.

The issue you see is very common with the Desktop App Converter (the conversion tool provided by Microsoft) because, by default, it assigns to the Application/Id element the same value specified for the Identity/Name one, causing a validation error since, most of the times, the identity assigned by the Dev Center starts instead with numbers (like 12345MatteoPagani.DesktopBridge).

My guess is that Electron builder is doing the same thing. However, the Desktop App Converter solves the issue by providing an optional parameter, called -AppId, so that you can set the Application/Id element with a different value than the one assigned to the Identity/Name element (which, instead, is set using the -PackageName parameter). Unfortunately, I’m not seeing such an option provided by Electron Builder in the documentation: https://www.electron.build/configuration/appx There’s only a generic “identityName” parameter which, probably, is setting the same value in both manifest elements.

I’m afraid that, if this is the case, your only option is to create the package manually as described in the document I have shared, at least until Electron Builder will add an option to manage the two values in a separate way.

I hope it helps!

[develar]

I started to think that no need to hate MS anymore but... God, save me. Well, at least MS support is very helpful. In any case I still think that AppX target (that cannot be used as default any time soon (5 years?), thanks to strange MS decision to not support it on Windows 7 and 8) will not became the same source of issues and nightmare of support as our current Windows target is.

Ok... fix will be soon, it is very cool that MS helps us and all critical bugs are fixed in a short term.

[black-snow]

Kudos to Matteo, always great support.

So there's two different fields that currently receive the same value but actually are different? Should be a quick fix then :)

[vasyl-shumskyi]

Wow commit is already here... Thanks @develar! That was fast!

[develar]

Wow commit is already here

As respect to clear and detailed answer from MS.

But because it is AppX and Windows is required to test, release will be only after approval from Windows CI server.

[vasyl-shumskyi]

Cool! Impatiently waiting...

[develar]

Please try 19.30.2 Set appx.applicationId to desired value.

[vasyl-shumskyi]

@develar with 19.30.2 SignTool Error occurs:

$ time electron-builder -w appx

electron-builder 19.30.2

No native production dependencies
Packaging for win32 x64 using electron 1.6.11 to release-builds\win-unpacked
CSC_KEY_PASSWORD is not defined, empty password will be used
Signing Organize My Files-2.1.1.appx (certificate file: "cert.pfx")
Error: Exit code: 1. Command failed: C:\Users\nameless\AppData\Local\electron-builder\cache\winCodeSign\winCodeSign-1.9.0\windows-10\x64\signtool.exe sign /tr http://timestamp.comodoca.com/rfc3161 /f cert.pfx /fd sha256 /td sha256 /d Organize My Files /du http://REMOVED-SENSITIVE-INFO C:\Users\nameless\code\hmm\photon\dist\template-app\release-builds\Organize My Files-2.1.1.appx
SignTool Error: An unexpected internal error has occurred.

Done Adding Additional Store
Error information: "Error: SignerSign() failed." (-2147024885/0x8007000b)

SignTool Error: An unexpected internal error has occurred.

    at C:\Users\nameless\AppData\Roaming\npm\node_modules\electron-builder\node_modules\builder-util\src\util.ts:91:16
    at ChildProcess.exithandler (child_process.js:277:5)
    at emitTwo (events.js:125:13)
    at ChildProcess.emit (events.js:213:7)
    at maybeClose (internal/child_process.js:927:16)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:211:5)
From previous event:
    at exec (C:\Users\nameless\AppData\Roaming\npm\node_modules\electron-builder\node_modules\builder-util\src\util.ts:63:3)
    at C:\Users\nameless\AppData\Roaming\npm\node_modules\electron-builder\src\windowsCodeSign.ts:84:3
    at Generator.next (<anonymous>)
    at runCallback (timers.js:781:20)
    at tryOnImmediate (timers.js:743:5)
    at processImmediate [as _immediateCallback] (timers.js:714:5)
From previous event:
    at doSign (C:\Users\nameless\AppData\Roaming\npm\node_modules\electron-builder\out\windowsCodeSign.js:57:22)
    at C:\Users\nameless\AppData\Roaming\npm\node_modules\electron-builder\src\windowsCodeSign.ts:71:11
    at Generator.next (<anonymous>)
From previous event:
    at sign (C:\Users\nameless\AppData\Roaming\npm\node_modules\electron-builder\out\windowsCodeSign.js:42:21)
    at C:\Users\nameless\AppData\Roaming\npm\node_modules\electron-builder\src\winPackager.ts:249:15
    at Generator.next (<anonymous>)
From previous event:
    at Function.doSign (C:\Users\nameless\AppData\Roaming\npm\node_modules\electron-builder\out\winPackager.js:371:11)
    at C:\Users\nameless\AppData\Roaming\npm\node_modules\electron-builder\src\winPackager.ts:234:23
From previous event:
    at WinPackager.sign (C:\Users\nameless\AppData\Roaming\npm\node_modules\electron-builder\out\winPackager.js:353:11)
    at C:\Users\nameless\AppData\Roaming\npm\node_modules\electron-builder\src\targets\appx.ts:103:20
    at Generator.next (<anonymous>)
From previous event:
    at AppXTarget.build (C:\Users\nameless\AppData\Roaming\npm\node_modules\electron-builder\out\targets\appx.js:164:11)
    at taskManager.addTask.default.map.it (C:\Users\nameless\AppData\Roaming\npm\node_modules\electron-builder\src\platformPackager.ts:110:85)
From previous event:
    at WinPackager.packageInDistributableFormat (C:\Users\nameless\AppData\Roaming\npm\node_modules\electron-builder\src\platformPackager.ts:110:41)
    at C:\Users\nameless\AppData\Roaming\npm\node_modules\electron-builder\src\platformPackager.ts:106:10
From previous event:
    at WinPackager.pack (C:\Users\nameless\AppData\Roaming\npm\node_modules\electron-builder\out\platformPackager.js:175:11)
    at C:\Users\nameless\AppData\Roaming\npm\node_modules\electron-builder\src\packager.ts:260:24
From previous event:
    at Packager.doBuild (C:\Users\nameless\AppData\Roaming\npm\node_modules\electron-builder\out\packager.js:344:11)
    at C:\Users\nameless\AppData\Roaming\npm\node_modules\electron-builder\src\packager.ts:186:52
    at Generator.next (<anonymous>)
From previous event:
    at Packager.build (C:\Users\nameless\AppData\Roaming\npm\node_modules\electron-builder\out\packager.js:263:11)
    at C:\Users\nameless\AppData\Roaming\npm\node_modules\electron-builder\src\builder.ts:286:40
    at Generator.next (<anonymous>)
    at build (C:\Users\nameless\AppData\Roaming\npm\node_modules\electron-builder\out\builder.js:69:21)
    at loadEnv.then (C:\Users\nameless\AppData\Roaming\npm\node_modules\electron-builder\src\cli\cli.ts:49:4)
From previous event:
    at build (C:\Users\nameless\AppData\Roaming\npm\node_modules\electron-builder\out\builder.js:69:21)
    at loadEnv.then (C:\Users\nameless\AppData\Roaming\npm\node_modules\electron-builder\out\cli\cli.js:155:79)
    at runCallback (timers.js:781:20)
    at tryOnImmediate (timers.js:743:5)
    at processImmediate [as _immediateCallback] (timers.js:714:5)
From previous event:
    at Object.args [as handler] (C:\Users\nameless\AppData\Roaming\npm\node_modules\electron-builder\out\cli\cli.js:155:68)
    at Object.runCommand (C:\Users\nameless\AppData\Roaming\npm\node_modules\electron-builder\node_modules\yargs\lib\command.js:226:22)
    at Object.parseArgs [as _parseArgs] (C:\Users\nameless\AppData\Roaming\npm\node_modules\electron-builder\node_modules\yargs\yargs.js:998:24)
    at Object.get [as argv] (C:\Users\nameless\AppData\Roaming\npm\node_modules\electron-builder\node_modules\yargs\yargs.js:912:21)
    at Object.<anonymous> (C:\Users\nameless\AppData\Roaming\npm\node_modules\electron-builder\out\cli\cli.js:151:418)
    at Module._compile (module.js:573:30)
    at Object.Module._extensions..js (module.js:584:10)
    at Module.load (module.js:507:32)
    at tryModuleLoad (module.js:470:12)
    at Function.Module._load (module.js:462:3)
    at Function.Module.runMain (module.js:609:10)
    at startup (bootstrap_node.js:158:16)
    at bootstrap_node.js:598:3

real    0m22.316s
user    0m0.015s
sys     0m0.045s

  "build": {
    "appId": "yourappid",
    "directories": {
      "output": "release-builds"
    },
    "appx" : {
       "applicationId":"OrganizeMyFiles",
      "identityName" : "1234REMOVED-SENSITIVE-INFO.OrganizeMyFiles",
      "publisher" : "CN=123456789-123456789",
      "publisherDisplayName" : "REMOVED-SENSITIVE-INFO"
    },
    "mac": {
      "target": [
        "dir"
      ]
    },
    "linux": {
      "target": [
        "AppImage"
      ]
    },
    "win": {
      "target": [
        "nsis",
        "portable",
        "appx"
        ],
      "certificateFile" : "cert.pfx",
      "icon": "build/icon.ico"
    }
  }
}

[develar]

Please set env DEBUG=electron-builder and attach log of the terminal output.

[vasyl-shumskyi]

See below:

$ time DEBUG=electron-builder electron-builder -w appx

electron-builder 19.30.2
2017-09-25T12:37:03.355Z electron-builder Effective config:
appId: yourappid
directories:
  output: release-builds
appx:
  applicationId: OrganizeMyFiles
  identityName: REMOVED-SENSITIVE-INFO
  publisher: CN=REMOVED-SENSITIVE-INFO
  publisherDisplayName: REMOVED-SENSITIVE-INFO
mac:
  target:
    - dir
linux:
  target:
    - AppImage
win:
  target:
    - nsis
    - portable
    - appx
  certificateFile: cert.pfx
  icon: build/icon.ico

No native production dependencies
Packaging for win32 x64 using electron 1.6.11 to release-builds\win-unpacked
2017-09-25T12:37:04.425Z electron-builder Spawning C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\node_modules\7zip-bin-win\x64\7za.exe x -bd C:\Users\Username\AppData\Local\electron\Cache\electron-v1.6.11-win32-x64.zip -aoa -oC:\Users\Username\code\hmm\photon\dist\template-app\release-builds\win-unpacked

7-Zip (a) 17.01 beta (x64) : Copyright (c) 1999-2017 Igor Pavlov : 2017-08-28

Scanning the drive for archives:
1 file, 52284035 bytes (50 MiB)

Extracting archive: C:\Users\Username\AppData\Local\electron\Cache\electron-v1.6.11-win32-x64.zip
--
Path = C:\Users\Username\AppData\Local\electron\Cache\electron-v1.6.11-win32-x64.zip
Type = zip
Physical Size = 52284035

Everything is Ok

Files: 74
Size:       134024085
Compressed: 52284035
2017-09-25T12:37:05.453Z electron-builder 7za.exe (5152) exited with exit code 0
CSC_KEY_PASSWORD is not defined, empty password will be used
2017-09-25T12:37:09.278Z electron-builder Copy cached C:\Users\Username\code\hmm\photon\dist\template-app\release-builds\.cache\x64\app.exe executable to C:\Users\Username\code\hmm\photon\dist\template-app\release-builds\win-unpacked\Organize My Files.exe
executable cache: 0s 163ms
2017-09-25T12:37:09.487Z electron-builder Copying C:\Users\Username\code\hmm\photon\dist\template-app\release-builds\win-unpacked to C:\Users\Username\code\hmm\photon\dist\template-app\release-builds\pre-appx-\app
2017-09-25T12:37:10.315Z electron-builder Spawning C:\Users\Username\AppData\Local\electron-builder\cache\winCodeSign\winCodeSign-1.9.0\windows-10\x64\makeappx.exe pack /o /d C:\Users\Username\code\hmm\photon\dist\template-app\release-builds\pre-appx- /p 9ecc2069c82f6cd86932cdd89c383c8bfbcfbb14aa2d1344a3cc8084bd8ba5e9 (sha256 hash) My Files-2.1.1.appx
2017-09-25T12:37:19.040Z electron-builder makeappx.exe (1876) exited with exit code 0
Signing Organize My Files-2.1.1.appx (certificate file: "cert.pfx")
2017-09-25T12:37:19.050Z electron-builder Executing C:\Users\Username\AppData\Local\electron-builder\cache\winCodeSign\winCodeSign-1.9.0\windows-10\x64\signtool.exe sign /tr http://timestamp.comodoca.com/rfc3161 /f cert.pfx /fd sha256 /td sha256 /d Organize My Files /du http://cert.com C:\Users\Username\code\hmm\photon\dist\template-app\release-builds\Organize My Files-2.1.1.appx
2017-09-25T12:37:19.051Z electron-builder env: {}
2017-09-25T12:37:25.231Z electron-builder Async task error: Error: Exit code: 1. Command failed: C:\Users\Username\AppData\Local\electron-builder\cache\winCodeSign\winCodeSign-1.9.0\windows-10\x64\signtool.exe sign /tr http://timestamp.comodoca.com/rfc3161 /f cert.pfx /fd sha256 /td sha256 /d Organize My Files /du http://cert.com C:\Users\Username\code\hmm\photon\dist\template-app\release-builds\Organize My Files-2.1.1.appx
SignTool Error: An unexpected internal error has occurred.

Done Adding Additional Store
Error information: "Error: SignerSign() failed." (-2147024885/0x8007000b)

SignTool Error: An unexpected internal error has occurred.

    at C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\node_modules\builder-util\src\util.ts:91:16
    at ChildProcess.exithandler (child_process.js:277:5)
    at emitTwo (events.js:125:13)
    at ChildProcess.emit (events.js:213:7)
    at maybeClose (internal/child_process.js:927:16)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:211:5)
From previous event:
    at exec (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\node_modules\builder-util\src\util.ts:63:3)
    at C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\src\windowsCodeSign.ts:84:3
    at Generator.next (<anonymous>)
    at runCallback (timers.js:781:20)
    at tryOnImmediate (timers.js:743:5)
    at processImmediate [as _immediateCallback] (timers.js:714:5)
From previous event:
    at doSign (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\out\windowsCodeSign.js:57:22)
    at C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\src\windowsCodeSign.ts:71:11
    at Generator.next (<anonymous>)
From previous event:
    at sign (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\out\windowsCodeSign.js:42:21)
    at C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\src\winPackager.ts:249:15
    at Generator.next (<anonymous>)
From previous event:
    at Function.doSign (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\out\winPackager.js:371:11)
    at C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\src\winPackager.ts:234:23
From previous event:
    at WinPackager.sign (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\out\winPackager.js:353:11)
    at C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\src\targets\appx.ts:103:20
    at Generator.next (<anonymous>)
From previous event:
    at AppXTarget.build (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\out\targets\appx.js:164:11)
    at taskManager.addTask.default.map.it (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\src\platformPackager.ts:110:85)
From previous event:
    at WinPackager.packageInDistributableFormat (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\src\platformPackager.ts:110:41)
    at C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\src\platformPackager.ts:106:10
From previous event:
    at WinPackager.pack (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\out\platformPackager.js:175:11)
    at C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\src\packager.ts:260:24
From previous event:
    at Packager.doBuild (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\out\packager.js:344:11)
    at C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\src\packager.ts:186:52
    at Generator.next (<anonymous>)
From previous event:
    at Packager.build (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\out\packager.js:263:11)
    at C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\src\builder.ts:286:40
    at Generator.next (<anonymous>)
    at build (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\out\builder.js:69:21)
    at loadEnv.then (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\src\cli\cli.ts:49:4)
From previous event:
    at build (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\out\builder.js:69:21)
    at loadEnv.then (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\out\cli\cli.js:155:79)
    at runCallback (timers.js:781:20)
    at tryOnImmediate (timers.js:743:5)
    at processImmediate [as _immediateCallback] (timers.js:714:5)
From previous event:
    at Object.args [as handler] (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\out\cli\cli.js:155:68)
    at Object.runCommand (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\node_modules\yargs\lib\command.js:226:22)
    at Object.parseArgs [as _parseArgs] (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\node_modules\yargs\yargs.js:998:24)
    at Object.get [as argv] (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\node_modules\yargs\yargs.js:912:21)
    at Object.<anonymous> (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\out\cli\cli.js:151:418)
    at Module._compile (module.js:573:30)
    at Object.Module._extensions..js (module.js:584:10)
    at Module.load (module.js:507:32)
    at tryModuleLoad (module.js:470:12)
    at Function.Module._load (module.js:462:3)
    at Function.Module.runMain (module.js:609:10)
    at startup (bootstrap_node.js:158:16)
    at bootstrap_node.js:598:3
Error: Exit code: 1. Command failed: C:\Users\Username\AppData\Local\electron-builder\cache\winCodeSign\winCodeSign-1.9.0\windows-10\x64\signtool.exe sign /tr http://timestamp.comodoca.com/rfc3161 /f cert.pfx /fd sha256 /td sha256 /d Organize My Files /du http://cert.com C:\Users\Username\code\hmm\photon\dist\template-app\release-builds\Organize My Files-2.1.1.appx
SignTool Error: An unexpected internal error has occurred.

Done Adding Additional Store
Error information: "Error: SignerSign() failed." (-2147024885/0x8007000b)

SignTool Error: An unexpected internal error has occurred.

    at C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\node_modules\builder-util\src\util.ts:91:16
    at ChildProcess.exithandler (child_process.js:277:5)
    at emitTwo (events.js:125:13)
    at ChildProcess.emit (events.js:213:7)
    at maybeClose (internal/child_process.js:927:16)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:211:5)
From previous event:
    at exec (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\node_modules\builder-util\src\util.ts:63:3)
    at C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\src\windowsCodeSign.ts:84:3
    at Generator.next (<anonymous>)
    at runCallback (timers.js:781:20)
    at tryOnImmediate (timers.js:743:5)
    at processImmediate [as _immediateCallback] (timers.js:714:5)
From previous event:
    at doSign (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\out\windowsCodeSign.js:57:22)
    at C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\src\windowsCodeSign.ts:71:11
    at Generator.next (<anonymous>)
From previous event:
    at sign (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\out\windowsCodeSign.js:42:21)
    at C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\src\winPackager.ts:249:15
    at Generator.next (<anonymous>)
From previous event:
    at Function.doSign (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\out\winPackager.js:371:11)
    at C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\src\winPackager.ts:234:23
From previous event:
    at WinPackager.sign (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\out\winPackager.js:353:11)
    at C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\src\targets\appx.ts:103:20
    at Generator.next (<anonymous>)
From previous event:
    at AppXTarget.build (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\out\targets\appx.js:164:11)
    at taskManager.addTask.default.map.it (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\src\platformPackager.ts:110:85)
From previous event:
    at WinPackager.packageInDistributableFormat (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\src\platformPackager.ts:110:41)
    at C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\src\platformPackager.ts:106:10
From previous event:
    at WinPackager.pack (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\out\platformPackager.js:175:11)
    at C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\src\packager.ts:260:24
From previous event:
    at Packager.doBuild (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\out\packager.js:344:11)
    at C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\src\packager.ts:186:52
    at Generator.next (<anonymous>)
From previous event:
    at Packager.build (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\out\packager.js:263:11)
    at C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\src\builder.ts:286:40
    at Generator.next (<anonymous>)
    at build (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\out\builder.js:69:21)
    at loadEnv.then (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\src\cli\cli.ts:49:4)
From previous event:
    at build (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\out\builder.js:69:21)
    at loadEnv.then (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\out\cli\cli.js:155:79)
    at runCallback (timers.js:781:20)
    at tryOnImmediate (timers.js:743:5)
    at processImmediate [as _immediateCallback] (timers.js:714:5)
From previous event:
    at Object.args [as handler] (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\out\cli\cli.js:155:68)
    at Object.runCommand (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\node_modules\yargs\lib\command.js:226:22)
    at Object.parseArgs [as _parseArgs] (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\node_modules\yargs\yargs.js:998:24)
    at Object.get [as argv] (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\node_modules\yargs\yargs.js:912:21)
    at Object.<anonymous> (C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\out\cli\cli.js:151:418)
    at Module._compile (module.js:573:30)
    at Object.Module._extensions..js (module.js:584:10)
    at Module.load (module.js:507:32)
    at tryModuleLoad (module.js:470:12)
    at Function.Module._load (module.js:462:3)
    at Function.Module.runMain (module.js:609:10)
    at startup (bootstrap_node.js:158:16)
    at bootstrap_node.js:598:3

real    0m22.766s
user    0m0.000s
sys     0m0.075s

[vasyl-shumskyi]

@develar I am using self-signed certificate - maybe this is the case?

[develar]

No clue. Why is your CN is so strange (CN=<private>)?

I am using self-signed certificate - maybe this is the case?

Is cert added to local cert store as trusted?

[vasyl-shumskyi]

The CN is the one MS provided app with.

Removed sensitive info

Regarding self-signed cert - I was able to build the appx earlier with it without issues. I just thought that added MS App Identity values to package.json, may not work well with the self-signed cert?

[develar]

Bloooody Windows... Please check what is the CN in your cert.

[vasyl-shumskyi]

CN differs for sure :) Cert was created before MS generated App Identity values for me..

$ certutil -dump cert.pfx
Enter PFX password:

================ Certificate 0 ================
================ Begin Nesting Level 1 ================
Element 0:
Serial Number: REMOVED-SENSITIVE-INFO
Issuer: CN=Qiplex
 NotBefore: 9/2/2017 13:54
 NotAfter: 1/1/2040 2:59
Subject: CN=REMOVED-SENSITIVE-INFO
Signature matches Public Key
Root Certificate: Subject matches Issuer
Cert Hash(sha1): REMOVED-SENSITIVE-INFO
----------------  End Nesting Level 1  ----------------
  Provider = Microsoft Strong Cryptographic Provider
Signature test passed
CertUtil: -dump command completed successfully.

[develar]

So, or do not set publisher at all (electron-builder will compute for you), or set to cert CN. Not to what MS recommends in the attached tool screenshot.

[develar]

And yes — I don't know for what MS requires this *** *** CN and why cannot simply compute from cert as electron-builder does. And of course signtool is a product from MS and so clear error reports will be not generated.

[vasyl-shumskyi]

Recreating cert with correct CN solved the issue.

Last step left - verification by MS appx package build with electron-builder. Hope, it will go smoothly. Will update you guys soon.

$ electron-builder create-self-signed-cert -p REMOVED-SENSITIVE-INFO

$ certutil -dump REMOVED-SENSITIVE-INFO.pfx
Enter PFX password:

================ Certificate 0 ================
================ Begin Nesting Level 1 ================
Element 0:
Serial Number: REMOVED-SENSITIVE-INFO
Issuer: CN=REMOVED-SENSITIVE-INFO
 NotBefore: 9/25/2017 16:03
 NotAfter: 1/1/2040 2:59
Subject: CN=REMOVED-SENSITIVE-INFO
Signature matches Public Key
Root Certificate: Subject matches Issuer
Cert Hash(sha1): REMOVED-SENSITIVE-INFO
----------------  End Nesting Level 1  ----------------
  Provider = Microsoft Strong Cryptographic Provider
Signature test passed
CertUtil: -dump command completed successfully.

Successfully signed: C:\Users\Username\code\hmm\photon\dist\template-app\release-builds\Organize My Files-2.1.1.appx

$ time DEBUG=electron-builder electron-builder -w appx
electron-builder 19.30.2
2017-09-25T13:04:58.911Z electron-builder Effective config:
appId: yourappid
directories:
  output: release-builds
appx:
  applicationId: OrganizeMyFiles
  identityName: 1234.REMOVED-SENSITIVE-INFO
  publisher: CN=REMOVED-SENSITIVE-INFO
  publisherDisplayName: REMOVED-SENSITIVE-INFO
mac:
  target:
    - dir
linux:
  target:
    - AppImage
win:
  target:
    - nsis
    - portable
    - appx
  certificateFile: q.pfx
  icon: build/icon.ico

No native production dependencies
Packaging for win32 x64 using electron 1.6.11 to release-builds\win-unpacked
2017-09-25T13:04:59.986Z electron-builder Spawning C:\Users\Username\AppData\Roaming\npm\node_modules\electron-builder\node_modules\7zip-bin-win\x64\7za.exe x -bd C:\Users\Username\AppData\Local\electron\Cache\electron-v1.6.11-win32-x64.zip -aoa -oC:\Users\Username\code\hmm\photon\dist\template-app\release-builds\win-unpacked

7-Zip (a) 17.01 beta (x64) : Copyright (c) 1999-2017 Igor Pavlov : 2017-08-28

Scanning the drive for archives:
1 file, 52284035 bytes (50 MiB)

Extracting archive: C:\Users\Username\AppData\Local\electron\Cache\electron-v1.6.11-win32-x64.zip
--
Path = C:\Users\Username\AppData\Local\electron\Cache\electron-v1.6.11-win32-x64.zip
Type = zip
Physical Size = 52284035

Everything is Ok

Files: 74
Size:       134024085
Compressed: 52284035
2017-09-25T13:05:01.012Z electron-builder 7za.exe (5448) exited with exit code 0
CSC_KEY_PASSWORD is not defined, empty password will be used
2017-09-25T13:05:04.843Z electron-builder No valid cached executable found, old digest: HM7VnBucl9LXMaJtEfhkYGQzA97lg85kxWBq4ACwysdTQyCxlfTBNWzEXHHAnZNQQHnilN5QZzvWeZ3oTL7zgw==, new digest: ufLlNmlf/4f3o1K8wlgIph1VaNTFlMnZZsIDviokwOF4XpmH5NzqAi5m2hijLi6EKnh4gOe6T1FMvQe8o1mWuw==
executable cache: 0s 10ms
2017-09-25T13:05:04.851Z electron-builder Executing C:\Users\Username\AppData\Local\electron-builder\cache\winCodeSign\winCodeSign-1.9.0\rcedit.exe C:\Users\Username\code\hmm\photon\dist\template-app\release-builds\win-unpacked\Organize My Files.exe --set-version-string FileDescription Organize My Files --set-version-string ProductName Organize My Files --set-version-string LegalCopyright Copyright © 2017 REMOVED-SENSITIVE-INFO --set-file-version 2.1.1 --set-product-version 2.1.1.0 --set-version-string InternalName Organize My Files --set-version-string OriginalFilename  --set-version-string CompanyName REMOVED-SENSITIVE-INFO --set-icon C:\Users\Username\code\hmm\photon\dist\template-app\build\icon.ico
Signing Organize My Files.exe (certificate file: "q.pfx")
2017-09-25T13:05:05.208Z electron-builder Executing C:\Users\Username\AppData\Local\electron-builder\cache\winCodeSign\winCodeSign-1.9.0\windows-10\x64\signtool.exe sign /t http://timestamp.verisign.com/scripts/timstamp.dll /f q.pfx /d Organize My Files /du http://REMOVED-SENSITIVE-INFO C:\Users\Username\code\hmm\photon\dist\template-app\release-builds\win-unpacked\Organize My Files.exe
2017-09-25T13:05:05.209Z electron-builder env: {}
2017-09-25T13:05:05.934Z electron-builder Done Adding Additional Store
Successfully signed: C:\Users\Username\code\hmm\photon\dist\template-app\release-builds\win-unpacked\Organize My Files.exe

2017-09-25T13:05:05.935Z electron-builder Executing C:\Users\Username\AppData\Local\electron-builder\cache\winCodeSign\winCodeSign-1.9.0\windows-10\x64\signtool.exe sign /tr http://timestamp.comodoca.com/rfc3161 /f q.pfx /fd sha256 /td sha256 /d Organize My Files /du http://REMOVED-SENSITIVE-INFO /as C:\Users\Username\code\hmm\photon\dist\template-app\release-builds\win-unpacked\Organize My Files.exe
2017-09-25T13:05:05.935Z electron-builder env: {}
2017-09-25T13:05:06.620Z electron-builder Done Adding Additional Store
Successfully signed: C:\Users\Username\code\hmm\photon\dist\template-app\release-builds\win-unpacked\Organize My Files.exe

wine&sign: 1s 777ms
2017-09-25T13:05:06.892Z electron-builder Copying C:\Users\Username\code\hmm\photon\dist\template-app\release-builds\win-unpacked to C:\Users\Username\code\hmm\photon\dist\template-app\release-builds\pre-appx-\app
2017-09-25T13:05:07.800Z electron-builder Spawning C:\Users\Username\AppData\Local\electron-builder\cache\winCodeSign\winCodeSign-1.9.0\windows-10\x64\makeappx.exe pack /o /d C:\Users\Username\code\hmm\photon\dist\template-app\release-builds\pre-appx- /p 9ecc2069c82f6cd86932cdd89c383c8bfbcfbb14aa2d1344a3cc8084bd8ba5e9 (sha256 hash) My Files-2.1.1.appx
2017-09-25T13:05:16.197Z electron-builder makeappx.exe (1176) exited with exit code 0
Signing Organize My Files-2.1.1.appx (certificate file: "q.pfx")
2017-09-25T13:05:16.203Z electron-builder Executing C:\Users\Username\AppData\Local\electron-builder\cache\winCodeSign\winCodeSign-1.9.0\windows-10\x64\signtool.exe sign /tr http://timestamp.comodoca.com/rfc3161 /f q.pfx /fd sha256 /td sha256 /d Organize My Files /du http://REMOVED-SENSITIVE-INFO C:\Users\Username\code\hmm\photon\dist\template-app\release-builds\Organize My Files-2.1.1.appx
2017-09-25T13:05:16.204Z electron-builder env: {}
2017-09-25T13:05:23.279Z electron-builder Done Adding Additional Store
Successfully signed: C:\Users\Username\code\hmm\photon\dist\template-app\release-builds\Organize My Files-2.1.1.appx


real    0m25.254s
user    0m0.030s
sys     0m0.061s

[develar]

I hate MS again :( I will add note that "Specify publisher ONLY if electron-builder cannot compute correct one".

[qmatteoq]

Hello everyone,
here is a bit more of background of how the "Publisher" value in the manifest works:

1. If the AppX package is meant for enterprise or self-made distribution, you can put any value you want in the form of "CN=xyz". However, the subject of the certificate used to sign the package must match this value.
2. If the AppX package is meant for Store distribution, it must match the publisher value that the Dev Center has assigned to you when you opened the developer account. This value can be found in the "App Identity" page of the Dev Center. In this case, there's no need to sign the package with any certificate. The Store will take care of signing it with a Microsoft certificate during the submission process.

I hope it helps!

[develar]

@qmatteoq Wait... Do you want to say that electron-builder MUST not sign AppX by default or somehow else allows you to not sign it? And just produce unsigned AppX?

[vasyl-shumskyi]

I remember that read earlier on MS resources same info as Matteo mention above - that store takes care of signing the app with its cert. So was curious if the certificate was obligated. That's pretty cool that its not.

Without certificate pre-generation, Electron builder will be one step closer to its super-simplicity!

[develar]

Guys, please confirm that and option/by default will be introduced/fixed. I guess we can simply do not require code signing of AppX. If it is true — god, I love MS!

[develar]

Guys, I can do not require code signing of AppX without confirmation that it is really true, but I ask you in this case contribute to our docs (https://www.electron.build/configuration/appx). e.g. "No need to sign AppX if it will be submitted to Windows Store".

[qmatteoq]

Hello @develar,
I confirm that the package uploaded on the Store doesn't have to be signed. Even if you sign it, the certificate is removed and the package resigned with a Microsoft one during the certification process. However, if I can share my humble opinion, I think you should offer a parameter to opt-in for signing or not, like the Desktop App Converter does. By default, our tool doesn't sign the package, but if you add the -Sign parameter it will generate a test certificate and sign the package using it. The reason is that if the developer needs to manually install the app without using the Store (for testing it on its own machine or to share with external testers; for enterprise distribution; etc.), in this case the AppX needs to be signed.

Let me know if you have additional questions, I'll be happy to help :-)

[develar]

@qmatteoq Thanks for detailed information. No more questions, now I'm sure how to fix the documentation.

Upcoming 19.33.0:

• Building AppX on macOS now also supports scaled assets (makepri calls were not fixed in the initial release).
• Now you are not forced to specify publisher even if you use certificateSubjectName or certificateSha1 It works also if you build AppX on macOS.
• If code signing info is provided, computed subject WILL override specified publisher. It contradicts to our general approach, but it is exactly what we should do. As far I see, electron-builder cannot compute publisher as it should be for Windows Store (only user is aware about it), so, specified publisher intended ONLY for Windows Store and will be not used if code signing info is provided. This behaviour allows you to set publisher as it should be according to Windows Store and do not break dev builds.

So, will be no way to help electron-builder and set publisher for dev builds. It will break functionality if your subject contains chinese symbols (due to powershell issue — powershell doesn't report correct name using UTF-8 encoding and we need to investigate how do we can fix it) but... for now it will be ok (I hope I will fix it before 19.33.x will be marked as stable latest release).

[develar]

Even if you sign it, the certificate is removed and the package resigned with a Microsoft one during the certification process.

@qmatteoq So, if I understand correctly, developer can send signed package with different publisher name (because signtool cannot sign if publisher differs from) and as part of "the certificate is removed and the package resigned", correct publisher will be set? So, user don't need to set publisher at all (I mean — no need for developer to use real MS Store publisher name during build)?

[develar]

@qmatteoq To make clear why I ask: I want to understand, should we introduce special appx-dev target or not. Because if Windows Store requires correct publisher name it means that developer cannot send signed (dev cert) appx. And need to build yet another special unsigned AppX with a correct publisher value.

[develar]

19.33.0 released as latest stable. Please try. After question above will be cleared up, other changes will be maybe done.

I consider our AppX target as amazing :) Thanks to Matteo Pagani.

[develar]

I hope @qmatteoq will find time to answer to questions above to avoid #2150 (thanks that MS support is so amazing (not irony :))).

[vasyl-shumskyi]

As I promised in #2027, just writing in that appx package which was completely build with electron-builder passed MS certification and was approved by Windows Store successfully.

There were few errors and trials first, which were not related to electron-builder, but rather to my lack of knowledge of WS submission rules. Such as missing Privacy Policy and updating the app not internally, but only via Store platform. I made a separate issue for this #2165. But all of the issues with the help of @qmatteoq were resolved successfully.

So in the end everything went smoothly.

Thanks again @black-snow @develar and @qmatteoq for your amazing support!

--
P/S I removed sensitive info from all of my previous posts just in case.

[black-snow]

Glad to hear that :) 👍

[mahnunchik]

What about appx-dev ?