"Check for Updates" always fails in Windows
eagletmt opened this issue · comments
In Windows, updating Bdash from v1.11.1 is failing due to signature error.
PS C:\Users\eagletmt\AppData\Local\Programs\Bdash> .\Bdash.exe
PS C:\Users\eagletmt\AppData\Local\Programs\Bdash>
(node:11184) electron: The default of contextIsolation is deprecated and will be changing from false to true in a future release of Electron. See https://github.com/electron/electron/issues/23506 for more information
20:59:05.717 > Checking for update
20:59:07.098 > Found version 1.12.1 (url: Bdash-Setup-1.12.1.exe)
20:59:07.098 > Downloading update from Bdash-Setup-1.12.1.exe
20:59:07.100 > updater cache dir: C:\Users\eagletmt\AppData\Local\bdash-updater
20:59:07.102 > Download block maps (old: "https://github.com/bdash-app/bdash/releases/download/v1.11.1/Bdash-Setup-1.11.1.exe.blockmap", new: https://github.com/bdash-app/bdash/releases/download/v1.12.1/Bdash-Setup-1.12.1.exe.blockmap)
20:59:07.310 > File has 3196 changed blocks
20:59:07.310 > [
{
"kind": 1,
"start": 0,
"end": 104870
},
{
"kind": 0,
"start": 95631,
"end": 142117
},
{
"kind": 1,
"start": 151356,
"end": 7832277
},
{
"kind": 0,
"start": 8118428,
"end": 8132186
},
{
"kind": 1,
"start": 7846035,
"end": 7879007
},
{
"kind": 0,
"start": 8165158,
"end": 8190600
},
{
"kind": 1,
"start": 7904449,
"end": 8231274
},
{
"kind": 0,
"start": 7383949,
"end": 7394746
},
{
"kind": 1,
"start": 8242071,
"end": 8315401
},
{
"kind": 0,
"start": 7340855,
"end": 7354538
},
{
"kind": 1,
"start": 8329084,
"end": 20356510
},
{
"kind": 0,
"start": 19973491,
"end": 20172094
},
{
"kind": 1,
"start": 20555113,
"end": 61255421
},
{
"kind": 0,
"start": 58406561,
"end": 59736616
},
{
"kind": 1,
"start": 62585476,
"end": 68109899
},
{
"kind": 0,
"start": 65129633,
"end": 65361065
},
{
"kind": 1,
"start": 68341331,
"end": 68490888
}
]
20:59:07.320 > Full: 66,885.63 KB, To download: 65,059.21 KB (97%)
20:59:07.333 > Differential download: https://github.com/bdash-app/bdash/releases/download/v1.12.1/Bdash-Setup-1.12.1.exe
20:59:07.334 > download range: bytes=0-104869
20:59:07.345 > Redirect to https://objects.githubusercontent.com/github-production-release-asset-2e65be/66364292/662e624e-d28d-40b7-99c8-64e86098e357
20:59:07.535 > download range: bytes=151356-7832276
20:59:07.868 > download range: bytes=7846035-7879006
20:59:08.046 > download range: bytes=7904449-8231273
20:59:08.230 > download range: bytes=8242071-8315400
20:59:08.409 > download range: bytes=8329084-20356509
20:59:09.169 > download range: bytes=20555113-61255420
20:59:10.420 > download range: bytes=62585476-68109898
20:59:10.805 > download range: bytes=68341331-68490887
20:59:12.600 > Sign verification failed, installer signed with incorrect certificate: publisherNames: Developer ID Application: Kazuhito Hokamura (CKAKJF9HV3), raw info: {
"SignerCertificate": {
"FriendlyName": "",
"IssuerName": {
"Name": "C=US, O=Apple Inc., OU=Apple Certification Authority, CN=Developer ID Certification Authority",
"Oid": "System.Security.Cryptography.Oid"
},
"NotAfter": "/Date(1800274713000)/",
"NotBefore": "/Date(1642421914000)/",
"PrivateKey": null,
"PublicKey": {
"Key": "System.Security.Cryptography.RSACryptoServiceProvider",
"Oid": "System.Security.Cryptography.Oid",
"EncodedKeyValue": "System.Security.Cryptography.AsnEncodedData",
"EncodedParameters": "System.Security.Cryptography.AsnEncodedData"
},
"SerialNumber": "618442B1DC244AC8",
"SignatureAlgorithm": {
"Value": "1.2.840.113549.1.1.11",
"FriendlyName": "sha256RSA"
},
"Thumbprint": "90A6EEEC3175B4634F0276A3EAF957E901DB9E65",
"Version": 3,
"Issuer": "C=US, O=Apple Inc., OU=Apple Certification Authority, CN=Developer ID Certification Authority",
"Subject": "C=JP, O=Kazuhito Hokamura, OU=CKAKJF9HV3, CN=Developer ID Application: Kazuhito Hokamura (CKAKJF9HV3), OID.0.9.2342.19200300.100.1.1=CKAKJF9HV3"
},
"TimeStamperCertificate": {
"Archived": false,
"Extensions": [
"System.Security.Cryptography.X509Certificates.X509KeyUsageExtension",
"System.Security.Cryptography.X509Certificates.X509BasicConstraintsExtension",
"System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension",
"System.Security.Cryptography.X509Certificates.X509Extension",
"System.Security.Cryptography.X509Certificates.X509Extension",
"System.Security.Cryptography.X509Certificates.X509SubjectKeyIdentifierExtension",
"System.Security.Cryptography.X509Certificates.X509Extension",
"System.Security.Cryptography.X509Certificates.X509Extension"
],
"FriendlyName": "",
"IssuerName": {
"Name": "CN=DigiCert SHA2 Assured ID Timestamping CA, OU=www.digicert.com, O=DigiCert Inc, C=US",
"Oid": "System.Security.Cryptography.Oid"
},
"NotAfter": "/Date(1925424000000)/",
"NotBefore": "/Date(1609459200000)/",
"HasPrivateKey": false,
"PrivateKey": null,
"PublicKey": {
"Key": "System.Security.Cryptography.RSACryptoServiceProvider",
"Oid": "System.Security.Cryptography.Oid",
"EncodedKeyValue": "System.Security.Cryptography.AsnEncodedData",
"EncodedParameters": "System.Security.Cryptography.AsnEncodedData"
},
"SerialNumber": "0D424AE0BE3A88FF604021CE1400F0DD",
"SubjectName": {
"Name": "CN=DigiCert Timestamp 2021, O=\"DigiCert, Inc.\", C=US",
"Oid": "System.Security.Cryptography.Oid"
},
"SignatureAlgorithm": {
"Value": "1.2.840.113549.1.1.11",
"FriendlyName": "sha256RSA"
},
"Thumbprint": "E1D782A8E191BEEF6BCA1691B5AAB494A6249BF3",
"Version": 3,
"Handle": 3002127932832,
"Issuer": "CN=DigiCert SHA2 Assured ID Timestamping CA, OU=www.digicert.com, O=DigiCert Inc, C=US",
"Subject": "CN=DigiCert Timestamp 2021, O=\"DigiCert, Inc.\", C=US"
},
"Status": 1,
"StatusMessage": "証明書チェーンを、信頼されたルート機関として構築できませんでした。"
}
20:59:12.607 > Error: Error: New version 1.12.1 is not signed by the application owner: publisherNames: Developer ID Application: Kazuhito Hokamura (CKAKJF9HV3), raw info: {
"SignerCertificate": {
"FriendlyName": "",
"IssuerName": {
"Name": "C=US, O=Apple Inc., OU=Apple Certification Authority, CN=Developer ID Certification Authority",
"Oid": "System.Security.Cryptography.Oid"
},
"NotAfter": "/Date(1800274713000)/",
"NotBefore": "/Date(1642421914000)/",
"PrivateKey": null,
"PublicKey": {
"Key": "System.Security.Cryptography.RSACryptoServiceProvider",
"Oid": "System.Security.Cryptography.Oid",
"EncodedKeyValue": "System.Security.Cryptography.AsnEncodedData",
"EncodedParameters": "System.Security.Cryptography.AsnEncodedData"
},
"SerialNumber": "618442B1DC244AC8",
"SignatureAlgorithm": {
"Value": "1.2.840.113549.1.1.11",
"FriendlyName": "sha256RSA"
},
"Thumbprint": "90A6EEEC3175B4634F0276A3EAF957E901DB9E65",
"Version": 3,
"Issuer": "C=US, O=Apple Inc., OU=Apple Certification Authority, CN=Developer ID Certification Authority",
"Subject": "C=JP, O=Kazuhito Hokamura, OU=CKAKJF9HV3, CN=Developer ID Application: Kazuhito Hokamura (CKAKJF9HV3), OID.0.9.2342.19200300.100.1.1=CKAKJF9HV3"
},
"TimeStamperCertificate": {
"Archived": false,
"Extensions": [
"System.Security.Cryptography.X509Certificates.X509KeyUsageExtension",
"System.Security.Cryptography.X509Certificates.X509BasicConstraintsExtension",
"System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension",
"System.Security.Cryptography.X509Certificates.X509Extension",
"System.Security.Cryptography.X509Certificates.X509Extension",
"System.Security.Cryptography.X509Certificates.X509SubjectKeyIdentifierExtension",
"System.Security.Cryptography.X509Certificates.X509Extension",
"System.Security.Cryptography.X509Certificates.X509Extension"
],
"FriendlyName": "",
"IssuerName": {
"Name": "CN=DigiCert SHA2 Assured ID Timestamping CA, OU=www.digicert.com, O=DigiCert Inc, C=US",
"Oid": "System.Security.Cryptography.Oid"
},
"NotAfter": "/Date(1925424000000)/",
"NotBefore": "/Date(1609459200000)/",
"HasPrivateKey": false,
"PrivateKey": null,
"PublicKey": {
"Key": "System.Security.Cryptography.RSACryptoServiceProvider",
"Oid": "System.Security.Cryptography.Oid",
"EncodedKeyValue": "System.Security.Cryptography.AsnEncodedData",
"EncodedParameters": "System.Security.Cryptography.AsnEncodedData"
},
"SerialNumber": "0D424AE0BE3A88FF604021CE1400F0DD",
"SubjectName": {
"Name": "CN=DigiCert Timestamp 2021, O=\"DigiCert, Inc.\", C=US",
"Oid": "System.Security.Cryptography.Oid"
},
"SignatureAlgorithm": {
"Value": "1.2.840.113549.1.1.11",
"FriendlyName": "sha256RSA"
},
"Thumbprint": "E1D782A8E191BEEF6BCA1691B5AAB494A6249BF3",
"Version": 3,
"Handle": 3002127932832,
"Issuer": "CN=DigiCert SHA2 Assured ID Timestamping CA, OU=www.digicert.com, O=DigiCert Inc, C=US",
"Subject": "CN=DigiCert Timestamp 2021, O=\"DigiCert, Inc.\", C=US"
},
"Status": 1,
"StatusMessage": "証明書チェーンを、信頼されたルート機関として構築できませんでした。"
}
at newError (C:\Users\eagletmt\AppData\Local\Programs\Bdash\resources\app.asar\node_modules\builder-util-runtime\out\index.js:212:17)
at Object.task (C:\Users\eagletmt\AppData\Local\Programs\Bdash\resources\app.asar\node_modules\electron-updater\out\NsisUpdater.js:151:52)
at async NsisUpdater.executeDownload (C:\Users\eagletmt\AppData\Local\Programs\Bdash\resources\app.asar\node_modules\electron-updater\out\AppUpdater.js:754:7)
(node:11184) UnhandledPromiseRejectionWarning: Error: New version 1.12.1 is not signed by the application owner: publisherNames: Developer ID Application: Kazuhito Hokamura (CKAKJF9HV3), raw info: {
"SignerCertificate": {
"FriendlyName": "",
"IssuerName": {
"Name": "C=US, O=Apple Inc., OU=Apple Certification Authority, CN=Developer ID Certification Authority",
"Oid": "System.Security.Cryptography.Oid"
},
"NotAfter": "/Date(1800274713000)/",
"NotBefore": "/Date(1642421914000)/",
"PrivateKey": null,
"PublicKey": {
"Key": "System.Security.Cryptography.RSACryptoServiceProvider",
"Oid": "System.Security.Cryptography.Oid",
"EncodedKeyValue": "System.Security.Cryptography.AsnEncodedData",
"EncodedParameters": "System.Security.Cryptography.AsnEncodedData"
},
"SerialNumber": "618442B1DC244AC8",
"SignatureAlgorithm": {
"Value": "1.2.840.113549.1.1.11",
"FriendlyName": "sha256RSA"
},
"Thumbprint": "90A6EEEC3175B4634F0276A3EAF957E901DB9E65",
"Version": 3,
"Issuer": "C=US, O=Apple Inc., OU=Apple Certification Authority, CN=Developer ID Certification Authority",
"Subject": "C=JP, O=Kazuhito Hokamura, OU=CKAKJF9HV3, CN=Developer ID Application: Kazuhito Hokamura (CKAKJF9HV3), OID.0.9.2342.19200300.100.1.1=CKAKJF9HV3"
},
"TimeStamperCertificate": {
"Archived": false,
"Extensions": [
"System.Security.Cryptography.X509Certificates.X509KeyUsageExtension",
"System.Security.Cryptography.X509Certificates.X509BasicConstraintsExtension",
"System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension",
"System.Security.Cryptography.X509Certificates.X509Extension",
"System.Security.Cryptography.X509Certificates.X509Extension",
"System.Security.Cryptography.X509Certificates.X509SubjectKeyIdentifierExtension",
"System.Security.Cryptography.X509Certificates.X509Extension",
"System.Security.Cryptography.X509Certificates.X509Extension"
],
"FriendlyName": "",
"IssuerName": {
"Name": "CN=DigiCert SHA2 Assured ID Timestamping CA, OU=www.digicert.com, O=DigiCert Inc, C=US",
"Oid": "System.Security.Cryptography.Oid"
},
"NotAfter": "/Date(1925424000000)/",
"NotBefore": "/Date(1609459200000)/",
"HasPrivateKey": false,
"PrivateKey": null,
"PublicKey": {
"Key": "System.Security.Cryptography.RSACryptoServiceProvider",
"Oid": "System.Security.Cryptography.Oid",
"EncodedKeyValue": "System.Security.Cryptography.AsnEncodedData",
"EncodedParameters": "System.Security.Cryptography.AsnEncodedData"
},
"SerialNumber": "0D424AE0BE3A88FF604021CE1400F0DD",
"SubjectName": {
"Name": "CN=DigiCert Timestamp 2021, O=\"DigiCert, Inc.\", C=US",
"Oid": "System.Security.Cryptography.Oid"
},
"SignatureAlgorithm": {
"Value": "1.2.840.113549.1.1.11",
"FriendlyName": "sha256RSA"
},
"Thumbprint": "E1D782A8E191BEEF6BCA1691B5AAB494A6249BF3",
"Version": 3,
"Handle": 3002127932832,
"Issuer": "CN=DigiCert SHA2 Assured ID Timestamping CA, OU=www.digicert.com, O=DigiCert Inc, C=US",
"Subject": "CN=DigiCert Timestamp 2021, O=\"DigiCert, Inc.\", C=US"
},
"Status": 1,
"StatusMessage": "証明書チェーンを、信頼されたルート機関として構築できませんでした。"
}
at newError (C:\Users\eagletmt\AppData\Local\Programs\Bdash\resources\app.asar\node_modules\builder-util-runtime\out\index.js:212:17)
at Object.task (C:\Users\eagletmt\AppData\Local\Programs\Bdash\resources\app.asar\node_modules\electron-updater\out\NsisUpdater.js:151:52)
at async NsisUpdater.executeDownload (C:\Users\eagletmt\AppData\Local\Programs\Bdash\resources\app.asar\node_modules\electron-updater\out\AppUpdater.js:754:7)
(node:11184) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 1)
(node:11184) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
At least in my environment, Bdash v1.9.3 is the first release that cannot be updated via "Check for Updates".
v1.9.2...v1.9.3
Bdash v1.9.2 can be updated to the latest but it logs signature validation error.
22:15:23.894 > Differential download: https://github.com/bdash-app/bdash/releases/download/v1.12.1/Bdash-Setup-1.12.1.exe
22:15:23.897 > download range: bytes=0-104869
22:15:24.114 > Redirect to https://objects.githubusercontent.com/github-production-release-asset-2e65be/66364292/662e624e-d28d-40b7-99c8-64e86098e357
22:15:24.517 > download range: bytes=151356-7832276
22:15:24.860 > download range: bytes=7846035-8231273
22:15:25.044 > download range: bytes=8264855-8315400
22:15:25.223 > download range: bytes=8342939-68109898
22:15:28.399 > download range: bytes=68341331-68490887
22:15:30.194 > Cannot execute Get-AuthenticodeSignature: null. Ignoring signature validation due to unknown error.
22:15:30.196 > New version 1.12.1 has been downloaded to C:\Users\eagletmt\AppData\Local\bdash-updater\pending\Bdash-Setup-1.12.1.exe
(electron) 'getName function' is deprecated and will be removed. Please use 'name property' instead.
So I think the timeline is:
- Bdash is not signed until v1.9.0 and electron-updater was working well
- Bdash started to be signed since v1.9.0. The signature was invalid but ignored by electron-updater
- Bdash updated electron-updater in v1.9.3 and electron-updater started to reject invalid signatures
Yeah, Bdash-Setup-1.12.2.exe shows warning 😇
I know the code signing certificate is expensive and I deeply agree with you.