Any Windows Target
The top-level win key contains set of options instructing electron-builder on how it should build Windows targets. These options applicable for any Windows target.
Common Questions¶
How do delegate code signing?¶
Use sign option. Please also see why sign.js is called 8 times.
"win": {
"sign": "./customSign.js"
}
File customSign.js
in the project root directory:
exports.default = async function(configuration) {
// your custom code
}
How do use a custom verify function to enable nsis signature verification alternatives instead of powershell?¶
Use the verifyUpdateCodeSignature
interface:
/**
* return null if verify signature succeed
* return error message if verify signature failed
*/
export type verifyUpdateCodeSignature = (publisherName: string[], path: string) => Promise<string | null>
Pass a custom verify function to the nsis updater. For example, if you want to use a native verify function, you can use win-verify-signature.
import { NsisUpdater } from "electron-updater"
import { verifySignatureByPublishName } from "win-verify-signature"
// Or MacUpdater, AppImageUpdater
export default class AppUpdater {
constructor() {
const options = {
requestHeaders: {
// Any request headers to include here
},
provider: 'generic',
url: 'https://example.com/auto-updates'
}
const autoUpdater = new NsisUpdater(options)
autoUpdater.verifyUpdateCodeSignature = (publisherName: string[], path: string) => {
const result = verifySignatureByPublishName(path, publisherName);
if(result.signed) return Promise.resolve(null);
return Promise.resolve(result.message);
}
autoUpdater.addAuthHeader(`Bearer ${token}`)
autoUpdater.checkForUpdatesAndNotify()
}
}
How do create Parallels Windows 10 Virtual Machine?¶
Disable “Share Mac user folders with Windows”
If you use Parallels, you must not use “Share Mac user folders with Windows” feature and must not run installers from such folders.
You don’t need to have Windows 10 license. Free is provided (expire after 90 days, but it is not a problem because no additional setup is required).
- Open Parallels Desktop.
- File -> New.
- Select “Modern.IE” in the “Free Systems”.
- Continue, Continue, Accept software license agreement.
- Select “Microsoft Edge on Windows 10”.
- The next steps are general, see Installing Windows on your Mac using Parallels Desktop from “Step 6: Specify a name and location”.
Parallels Windows 10 VM will be used automatically to build AppX on macOS. No need even start VM — it will be started automatically on demand and suspended after build. No need to specify VM — it will be detected automatically (first Windows 10 VM will be used).
How do create VirtualBox Windows 10 Virtual Machine?¶
If you are not on macOS or don’t want to buy Parallels Desktop, you can use free VirtualBox.
- Open Download virtual machines.
- Select “MSEdge on Win10 (x64) Stable”.
- Select “VirtualBox” platform.
- Download. See installation instructions.
The password to your VM is Passw0rd!
.
VirtualBox is not supported by electron-builder for now, so, you need to setup build environment on Windows if you want to use VirtualBox to build AppX (and other Windows-only tasks).
Configuration¶
Electron-Builder / app-builder-lib / WindowsConfiguration
Extends¶
Properties¶
additionalCertificateFile?¶
readonly
optional
additionalCertificateFile:null
|string
The path to an additional certificate file you want to add to the signature block.
Deprecated¶
Please use signtoolOptions: WindowsSigntoolConfiguration.additionalCertificateFile
appId?¶
readonly
optional
appId:null
|string
The application id. Used as CFBundleIdentifier for MacOS and as Application User Model ID for Windows (NSIS target only, Squirrel.Windows not supported). It is strongly recommended that an explicit ID is set.
Default¶
com.electron.${name}
Inherited from¶
PlatformSpecificBuildOptions
.appId
artifactName?¶
readonly
optional
artifactName:null
|string
The artifact file name template. Defaults to ${productName}-${version}.${ext}
(some target can have other defaults, see corresponding options).
Inherited from¶
PlatformSpecificBuildOptions
.artifactName
asar?¶
readonly
optional
asar:null
|boolean
|AsarOptions
Whether to package the application’s source code into an archive, using Electron’s archive format.
Node modules, that must be unpacked, will be detected automatically, you don’t need to explicitly set asarUnpack - please file an issue if this doesn’t work.
Default¶
true
Inherited from¶
PlatformSpecificBuildOptions
.asar
asarUnpack?¶
readonly
optional
asarUnpack:null
|string
|string
[]
A glob patterns relative to the app directory, which specifies which files to unpack when creating the asar archive.
Inherited from¶
PlatformSpecificBuildOptions
.asarUnpack
azureSignOptions?¶
readonly
optional
azureSignOptions:null
|WindowsAzureSigningConfiguration
Options for usage of Azure Trusted Signing (beta)
certificateFile?¶
readonly
optional
certificateFile:null
|string
The path to the *.pfx certificate you want to sign with. Please use it only if you cannot use env variable CSC_LINK
(WIN_CSC_LINK
) for some reason.
Please see Code Signing.
Deprecated¶
Please use signtoolOptions: WindowsSigntoolConfiguration.certificateFile
certificatePassword?¶
readonly
optional
certificatePassword:null
|string
The password to the certificate provided in certificateFile
. Please use it only if you cannot use env variable CSC_KEY_PASSWORD
(WIN_CSC_KEY_PASSWORD
) for some reason.
Please see Code Signing.
Deprecated¶
Please use signtoolOptions: WindowsSigntoolConfiguration.certificatePassword
certificateSha1?¶
readonly
optional
certificateSha1:null
|string
The SHA1 hash of the signing certificate. The SHA1 hash is commonly specified when multiple certificates satisfy the criteria specified by the remaining switches. Works only on Windows (or on macOS if Parallels Desktop Windows 10 virtual machines exits).
Deprecated¶
Please use signtoolOptions: WindowsSigntoolConfiguration.certificateSha1
certificateSubjectName?¶
readonly
optional
certificateSubjectName:null
|string
The name of the subject of the signing certificate, which is often labeled with the field name issued to
. Required only for EV Code Signing and works only on Windows (or on macOS if Parallels Desktop Windows 10 virtual machines exits).
Deprecated¶
Please use signtoolOptions: WindowsSigntoolConfiguration.certificateSubjectName
compression?¶
readonly
optional
compression:null
|CompressionLevel
The compression level. If you want to rapidly test build, store
can reduce build time significantly. maximum
doesn’t lead to noticeable size difference, but increase build time.
Default¶
normal
Inherited from¶
PlatformSpecificBuildOptions
.compression
cscKeyPassword?¶
optional
cscKeyPassword:null
|string
Inherited from¶
PlatformSpecificBuildOptions
.cscKeyPassword
cscLink?¶
optional
cscLink:null
|string
Inherited from¶
PlatformSpecificBuildOptions
.cscLink
defaultArch?¶
readonly
optional
defaultArch:string
Inherited from¶
PlatformSpecificBuildOptions
.defaultArch
detectUpdateChannel?¶
readonly
optional
detectUpdateChannel:boolean
Whether to infer update channel from application version pre-release components. e.g. if version 0.12.1-alpha.1
, channel will be set to alpha
. Otherwise to latest
.
Default¶
true
Inherited from¶
PlatformSpecificBuildOptions
.detectUpdateChannel
disableDefaultIgnoredFiles?¶
optional
disableDefaultIgnoredFiles:null
|boolean
Whether to exclude all default ignored files(https://www.electron.build/contents#files) and options. Defaults to false
.
Default¶
false
Inherited from¶
PlatformSpecificBuildOptions
.disableDefaultIgnoredFiles
electronLanguages?¶
readonly
optional
electronLanguages:string
|string
[]
The electron locales to keep. By default, all Electron locales used as-is.
Inherited from¶
PlatformSpecificBuildOptions
.electronLanguages
electronUpdaterCompatibility?¶
readonly
optional
electronUpdaterCompatibility:null
|string
The electron-updater compatibility semver range.
Inherited from¶
PlatformSpecificBuildOptions
.electronUpdaterCompatibility
executableName?¶
readonly
optional
executableName:null
|string
The executable name. Defaults to productName
.
Inherited from¶
PlatformSpecificBuildOptions
.executableName
extraFiles?¶
optional
extraFiles:null
|string
|FileSet
| (string
|FileSet
)[]
The same as extraResources but copy into the app’s content directory (Contents
for MacOS, root directory for Linux and Windows).
Inherited from¶
PlatformSpecificBuildOptions
.extraFiles
extraResources?¶
optional
extraResources:null
|string
|FileSet
| (string
|FileSet
)[]
A glob patterns relative to the project directory, when specified, copy the file or directory with matching names directly into the app’s resources directory (Contents/Resources
for MacOS, resources
for Linux and Windows).
File patterns (and support for from
and to
fields) the same as for files.
Inherited from¶
PlatformSpecificBuildOptions
.extraResources
fileAssociations?¶
readonly
optional
fileAssociations:FileAssociation
|FileAssociation
[]
The file associations.
Inherited from¶
PlatformSpecificBuildOptions
.fileAssociations
files?¶
optional
files:null
|string
|FileSet
| (string
|FileSet
)[]
A glob patterns relative to the app directory, which specifies which files to include when copying files to create the package.
Defaults to:
[
"**/*",
"!**/node_modules/*/{CHANGELOG.md,README.md,README,readme.md,readme}",
"!**/node_modules/*/{test,__tests__,tests,powered-test,example,examples}",
"!**/node_modules/*.d.ts",
"!**/node_modules/.bin",
"!**/*.{iml,o,hprof,orig,pyc,pyo,rbc,swp,csproj,sln,xproj}",
"!.editorconfig",
"!**/._*",
"!**/{.DS_Store,.git,.hg,.svn,CVS,RCS,SCCS,.gitignore,.gitattributes}",
"!**/{__pycache__,thumbs.db,.flowconfig,.idea,.vs,.nyc_output}",
"!**/{appveyor.yml,.travis.yml,circle.yml}",
"!**/{npm-debug.log,yarn.lock,.yarn-integrity,.yarn-metadata.json}"
]
Development dependencies are never copied in any case. You don’t need to ignore it explicitly. Hidden files are not ignored by default, but all files that should be ignored, are ignored by default.
Default pattern **/*
is not added to your custom if some of your patterns is not ignore (i.e. not starts with !
). package.json
and **/node_modules/**/*
(only production dependencies will be copied) is added to your custom in any case. All default ignores are added in any case — you don’t need to repeat it if you configure own patterns.
May be specified in the platform options (e.g. in the mac).
You may also specify custom source and destination directories by using FileSet
objects instead of simple glob patterns.
[
{
"from": "path/to/source",
"to": "path/to/destination",
"filter": ["**/*", "!foo/*.js"]
}
]
You can use file macros in the from
and to
fields as well. from
and to
can be files and you can use this to rename a file while packaging.
Inherited from¶
PlatformSpecificBuildOptions
.files
forceCodeSigning?¶
readonly
optional
forceCodeSigning:boolean
Whether to fail if app will be not code signed.
Inherited from¶
PlatformSpecificBuildOptions
.forceCodeSigning
generateUpdatesFilesForAllChannels?¶
readonly
optional
generateUpdatesFilesForAllChannels:boolean
Please see Building and Releasing using Channels.
Default¶
false
Inherited from¶
PlatformSpecificBuildOptions
.generateUpdatesFilesForAllChannels
icon?¶
readonly
optional
icon:null
|string
The path to application icon.
Default¶
build/icon.ico
Overrides¶
PlatformSpecificBuildOptions
.icon
legalTrademarks?¶
readonly
optional
legalTrademarks:null
|string
The trademarks and registered trademarks.
protocols?¶
The URL protocol schemes.
Inherited from¶
PlatformSpecificBuildOptions
.protocols
publish?¶
optional
publish:Publish
Publisher configuration. See Auto Update for more information.
Inherited from¶
PlatformSpecificBuildOptions
.publish
publisherName?¶
readonly
optional
publisherName:null
|string
|string
[]
The publisher name, exactly as in your code signed certificate. Several names can be provided. Defaults to common name from your code signing certificate.
Deprecated¶
Please use signtoolOptions: WindowsSigntoolConfiguration.publisherName
releaseInfo?¶
readonly
optional
releaseInfo:ReleaseInfo
The release info. Intended for command line usage:
-c.releaseInfo.releaseNotes="new features"
Inherited from¶
PlatformSpecificBuildOptions
.releaseInfo
requestedExecutionLevel?¶
readonly
optional
requestedExecutionLevel:null
|RequestedExecutionLevel
The security level at which the application requests to be executed.
Cannot be specified per target, allowed only in the win
.
Default¶
asInvoker
rfc3161TimeStampServer?¶
readonly
optional
rfc3161TimeStampServer:null
|string
The URL of the RFC 3161 time stamp server.
Default¶
http://timestamp.digicert.com
Deprecated¶
Please use signtoolOptions: WindowsSigntoolConfiguration.rfc3161TimeStampServer
sign?¶
readonly
optional
sign:null
|string
|CustomWindowsSign
The custom function (or path to file or module id) to sign Windows executables
Deprecated¶
Please use signtoolOptions: WindowsSigntoolConfiguration.sign
signAndEditExecutable?¶
readonly
optional
signAndEditExecutable:boolean
Whether to sign and add metadata to executable. Advanced option.
Default¶
true
signDlls?¶
readonly
optional
signDlls:boolean
Whether to sign DLL files. Advanced option.
See¶
https://github.com/electron-userland/electron-builder/issues/3101#issuecomment-404212384
Default¶
false
Deprecated¶
Use signExts instead for more explicit control
signExts?¶
readonly
optional
signExts:null
|string
[]
Explicit file extensions to also sign. Advanced option.
See¶
https://github.com/electron-userland/electron-builder/issues/7329
Default¶
null
signingHashAlgorithms?¶
readonly
optional
signingHashAlgorithms:null
| ("sha256"
|"sha1"
)[]
Array of signing algorithms used. For AppX sha256
is always used.
Deprecated¶
Please use signtoolOptions: WindowsSigntoolConfiguration.signingHashAlgorithms
signtoolOptions?¶
readonly
optional
signtoolOptions:null
|WindowsSigntoolConfiguration
Options for usage with signtool.exe
target?¶
readonly
optional
target:TargetConfigType
The target package type: list of nsis
, nsis-web
(Web installer), portable
([portable]./nsis.md#portable) app without installation), appx
, msi
, msi-wrapped
, squirrel
, 7z
, zip
, tar.xz
, tar.lz
, tar.gz
, tar.bz2
, dir
.
AppX package can be built only on Windows 10.
To use Squirrel.Windows please install electron-builder-squirrel-windows
dependency.
Default¶
nsis
Overrides¶
PlatformSpecificBuildOptions
.target
timeStampServer?¶
readonly
optional
timeStampServer:null
|string
The URL of the time stamp server.
Default¶
http://timestamp.digicert.com
Deprecated¶
Please use signtoolOptions: WindowsSigntoolConfiguration.timeStampServer
verifyUpdateCodeSignature?¶
readonly
optional
verifyUpdateCodeSignature:boolean
Whether to verify the signature of an available update before installation. The publisher name will be used for the signature verification.
Default¶
true