Windows packaging basic configuration:
"build": {
...
"win": {
"icon": "{path}/xxx.ico", // ico图标地址
"artifactName": "{appName}-win-${version}.${ext}", // 打包后的app名称 "名称-类型-版本.后缀"
"target": [ // 打包类型
"msi",
"zip"
],
"extraResources": [ //从本地复制的文件
{
"from": "resources/xxx",
"to": "xxx"
}
],
"requestedExecutionLevel": "highestAvailable", // 权限
"verifyUpdateCodeSignature": false,
"signingHashAlgorithms": [ // 代表加密的方式,一般分为'sha256'与'sha1'两种方式,都进行加密即可
"sha256"
],
"signDlls": true, // dll文件是否签名
"rfc3161TimeStampServer":"http://timestamp.comodoca.com/rfc3161", // 时间戳
"certificateFile": "xxx.pfx", // 证书的地址,必须位pfx格式
"certificatePassword": "xxxxx" // 证书的私钥密码
},
...
}
When signing, when the time stamp service request timeout or error is prompted, it can be replaced with the following time stamp service address:
"rfc3161TimeStampServer":
"http://timestamp.globalsign.com/scripts/timestamp.dll"
"http://timestamp.digicert.com"
"http://timestamp.comodoca.com/rfc3161"
"http://sha256timestamp.ws.symantec.com/sha256/timestamp"
When the pfx certificate cannot be exported, only the certificate without the private key in cer format can be exported, which is not acceptable for electron. If you want to sign the packaged exe, you need to type in the certificate when packaging.
Solution:
Change the suffix name of the exported cer format certificate to pfx, put the certificate in the project directory, and modify "certificateFile" to the saved pfx file
At this time, you can start packaging. Since we exported the pfx certificate without a private key, a pop-up window will pop up during the packaging process to prompt you to enter a password. Enter the password you set in the second step "certificatePassword". . Do not unplug your signature dog during the whole process, otherwise the signature will be disconnected.