Invalid Identity.Publisher in AppxManifest.xml #3501
Comments
|
I'm also experiencing this issue when trying to sign an appX for self distribution. When signing an appX using the certificate environment variables it seems like electron-builder is setting the publisher to the certificate publisher which then fails the regular expression check in Microsoft's MakeAppx tool. This also happens when specifying the certificate outside of the environment variables and in the JSON configuration file. So when the certificate is set the AppxManifest shows the following and the build fails due to the MakeAppx regular expression not passing. When no certificate is set it shows the following which builds fine, however the appX is unsigned. It looks like it is pulling the publisher name from the code signing certificate incorrectly and this is causing issues. |
That seems like exactly what's happening still in |
|
Using @elronalds's method I got the Appx to build and managed to sign it, but it can't be run because: This occurs even with all the Windows 10 development features enabled. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
|
This remains an issue. Being unable to test an AppX makes submission to the app store virtually impossible. I'm told my AppX doesn't run and how to test it by Microsoft and get it approved. In theory, great. In practice, it's been a year and we're still not on the Windows Store. Any update would be really great. @JoSe086 - updating you to let you know I';m alive and still having this issue myself. |
|
Please Re-open this issue, Apparently the Regex for electron-builder doesn't recognize ST value that some certificates provide. Can we update the Regex to allow for ST? I am having the same issue as this person is and it seems to be connected to the "ST" value that is being used for State in the USA. |
|
@Chrisbright10 Could you please send pull request? |
|
I truly wish i could but i cant seem to find where the Regex is that is listed below. I would just be adding the ST option to the list. I have contacted my Code signing cert issuer to see if i could get State listed as a different field in the meantime, but fixing it this way would be better. I have listed my error and stacktrace below, hopefully it will help in finding the regex pattern and being able to change it. I searched for about 2 hours through the package and couldn't seem to find where the pattern is stored. Using "D:\Projects\trueadherenceapp\release__appx-x64\AppxManifest.xml" as the manifest for the package. MakeAppx : error: Package creation failed. at D:\Projects\trueadherenceapp\node_modules\builder-util\src\util.ts:125:16 |
|
Here is a way that you could verify the failing test.... in test\src\windows\winCodeSignTest.ts alter the first test to the following. test("parseDn", () => { expect(safeLoad("publisherName:\n - 7digital Limited")).toMatchObject({publisherName: ["7digital Limited"]}) this should cause that test to fail and should help you trace where to fix it. |
|
Hello, I am encountering the same problem with Sectigo Certificate. MakeAppx : error: Error info: /[local-name()="Package" and namespace-uri()="http://schemas.microsoft.com/appx/manifest/foundation/windows10"]/[local-name()="Identity" and namespace-uri()="http://schemas.microsoft.com/appx/manifest/foundation/windows10"][1]/@publisher Any idea on how to fix it? |
|
I don't know if might be related or not, but if you try to navigate directly to you get a 404 Error Response.
|
|
And if you go here
|
That is not parsing correctly as you can see the first item parses, it has blue highlighting on CN= but the ST is not highlighted, showing it does not correctly identify that as a valid option. I have been in contact with Ksoftware and they say they run into this problem commonly for the windows store and there is a way they can remove the fields and reissue the cert to get around this issue. But the Regex still needs to be updated to fix this issue, this additional data is unfortunately irrelevant. |
|
Can confirm this is an issue when testing AppX locally with my Sectigo code signing cert. |
|
So I just discovered this issue after describing it in detail here: #4931 |
|
I don't understand why people here are describing the issue as specific to Sectigo. My certificate is also from Sectigo, but I don't think that's my issue. electron-builder sets the |
|
Maybe it would be possible to work around this issue if I could just pass a custom |
…erland#3501, electron-userland#4931) honor publisher in `package.json`, for example: ```JSON "build": { "appx": { "publisher": "CN=\"Bob Doe\", O=\"Bob Doe\", STREET=123 Fake St., L=London, S=London, PostalCode=A1042, C=GB", } } ```
|
Hi, I'm trying to build APPX distributable for internal enterprise use (no Windows Store). Unfortunately our certificate contains Is there some workaround for this? Thanks, |
|
I faced this problem and was able to sign my appx by setting appx.publisher in my electron-builder config to the certificate subject (which has S= instead of ST=). Not sure if it can help anyone in this thread. |
|
I can confirm that changing ST to S in the
|
|
same problem here :/ |
|
I finally solved it, I had to use the entire certificate "subject" line and not only the CN part (thanks for hint: https://techcommunity.microsoft.com/t5/msix/msix-packageing-tool-signtool-certificate-issues/m-p/2133583/highlight/true#M78) I used the command from here https://community.qlik.com/t5/Official-Support-Articles/How-to-find-certificates-by-thumbprint-or-name-with-powershell/ta-p/1711332 to get the subject line I also had to replace double quotes with their xml escape value (https://stackoverflow.com/a/3961530/8094047) subject_line = 'CN="Open Source Developer, Eyad Ahmed", O=Open Source Developer, L=Alexandria, S=Alexandria, C=EG'
publisher = subject_line.replace('"', """) |
and others
Build fails with error as below:
package.json:
AppxManifest.xml:
Manually editing and changing line:
to:
and running:
fixes the issue, but not sure how to make this work withing electron-builder packaging flow.
Any suggestions greatly appreciated.
Regards,
Chris
The text was updated successfully, but these errors were encountered: