Fix failing authenticode timestamping for Electron builds
One of my Electron applications suddenly started complaining during the code-signing step in our Travis build process. The error looked like this:
• signing file=dist/win-unpacked/vcruntime140.dll certificateFile=/tmp/temp-dir-ddP9es/7.p12 Error: Exit code: 255. Command failed: […]electron-builder/winCodeSign/winCodeSign-2.1.0/linux/osslsigncode […] (sha256 hash) failure: Failure when receiving data from the peer authenticode timestamping failed Failed CURL failure: Failure when receiving data from the peer authenticode timestamping failed
Strangely enough, this error only occurs after multiple successful calls to the
osslsigncode command. I was not able to confirm it, but my guess is that the timestamp server is rate limiting these requests.
The solution is rather easy: use another timestamp server! The timestampServer configuration option in electron-builder allows you to set a different one.
I’ve added the following to my
electron-builder.yml file to make it work:
win: timeStampServer: "http://timestamp.globalsign.com/scripts/timstamp.dll"
I’m building the Windows executable on Linux using Wine and this did the trick.
If you are building on Windows, you should be able to solve this by changing the
sha256 only, if possible.
Looking at the code in electron-builder’s packages/app-builder-lib/src/codeSign/windowsCodeSign.ts, this will use the default RFC 3161 timestamping server. That server points to
http://timestamp.comodoca.com/rfc3161 by default, which is different from the default
timeStampServer as well:
win: signingHashAlgorithms: - sha256
I found the following alternative
timeStampServer values to use (note: I have not tried all of them myself yet so YMMV):
Hope that helps!