Azure Trusted Signing when specifying signExts

[MikeJerred]

• Electron-Builder Version: 26.0.0-beta.6

• Node Version: 20.11.0

• Electron Version: 29.1.4
• Electron Type (current, beta, nightly): current

• Target: win x64

I'm having more issues with the azure trusted signing. It is working well on one project, but on another it fails every time and I cannot get it to work. There are multiple issues I am encountering:

1. If I have a beforePack script that runs npm ci, then the signing fails due to a concurrency problem when signing the final setup exe.
2. When building on GitHub actions, I get concurrency errors (does not happen when building locally):

Install-Package: Package 'Microsoft.Windows.SDK.BuildTools' failed to be installed because: The process cannot access the file
'C:\Users\runneradmin\AppData\Local\TrustedSigning\Microsoft.Windows.SDK.BuildTools\Microsoft.Windows.SDK.BuildTools.10.
0.22621.3233\bin\10.0.22621.0\arm\AccChecker\Microsoft.Diagnostics.Tracing.EventSource.dll' because it is being used by
another process.

3. The signing tool doesn't seem to pick up that the trusted signing module is installed (which is possibly why there are concurrency errors, every file being signed keeps trying to install the trusted signing module). I have tried running Install-Module -Name TrustedSigning -RequiredVersion 0.4.1 -Force -Repository PSGallery -Scope CurrentUser or Install-PSResource -Name TrustedSigning -TrustRepository -Version 0.4.1 -Reinstall before running electron-builder, and confirmed that the package is definitely installed, but when trying to sign it always says the trusted signing package is not installed.

Checking for required dependencies.
	Build tools package installed: False
	Trusted signing package installed: False
	Sign CLI package installed: False
	Installing required dependencies.
		Found existing package source: https://www.nuget.org/api/v2/
		Installing package: Microsoft.Windows.SDK.BuildTools 10.0.22621.3233
WARNING: Source Location 'https://www.nuget.org/api/v2/package/Microsoft.Windows.SDK.BuildTools/10.0.22621.3233' is not valid.
		Installing package: Microsoft.Trusted.Signing.Client 1.0.53
		Installing package: sign 0.9.1-beta.24469.1
                        Unhandled exception: System.IO.IOException: Cannot create 'C:\Users\runneradmin\AppData\Local\TrustedSigning\sign\.store\sign\0.9.1-beta.24469.1' because a file or directory with the same name already exists.

I also can see that the URL in this error message (https://www.nuget.org/api/v2/) is incorrect - it should be https://api.nuget.org/v3/index.json, but when I look at the output of Get-PackageSource the URL there is correct so I have no clue where the v2 URL is coming from.

Also to note, the latest version of the TrustedSigning package is 0.5.0, not 0.4.1, but electron-builder is forcing to install that old version. I'm not sure if this is causing the problems or not.

[MikeJerred]

Related to 8615

[MikeJerred]

I investigated a bit further and this is a problem only when specifying signExts

[mmaietta]

Can you elaborate on what you mean signExts? Is it that the concurrency issues only occur with signExts is provided?

[MikeJerred]

Yeah, if I specify the signExts option under win e.g. signExts: ['.dll', '.node'] then I am seeing the concurrency errors. It looks like when signing these files the shell that is spawned cannot see the already installed TrustedSigningModule.