To help with a feature or issue related to winCodeSign-2.6.0 , it's important to note that this is a critical dependency used by electron-builder to sign Windows applications. Common "features" or tasks related to this version include: 1. Manual Installation (Workaround for Download Errors) If your build fails because it cannot download the binaries automatically, you can manually set up the cache: winCodeSign-2.6.0.7z package directly from the electron-builder-binaries GitHub Extract to Cache : Unzip the contents into your local electron-builder cache folder: %LOCALAPPDATA%\electron-builder\Cache\winCodeSign\winCodeSign-2.6.0 macOS/Linux ~/Library/Caches/electron-builder/winCodeSign/winCodeSign-2.6.0 2. Code Signing on ARM64 A known limitation in winCodeSign-2.6.0 lack of a native ARM64 SignTool . If you are building for Windows ARM64, the builder may fail because it cannot find windows-10\arm64\signtool.exe Current Solution : Most users rely on the version via emulation or upgrade to newer versions of electron-builder that might support Azure Trusted Signing as an alternative. 3. Custom Signing Scripts You can implement a custom feature to bypass or modify the signing process using a configuration in your electron-builder CustomWindowsSign interface to filter which files get signed or to use a different signing tool entirely. 4. Cross-Platform Signing (Mac/Linux to Windows) winCodeSign-2.6.0 osslsigncode , which allows you to sign Windows files from a Mac or Linux environment. Signing error on docker with WSL 2 engine #5185 - GitHub 29 Jul 2020 —
Here’s a structured draft review for wincodesign-2.6.0 . You can adapt it for a changelog, PR description, QA sign-off, or release notes.
🔍 Review Summary – wincodesign-2.6.0 Overall Verdict: ✅ Ready for release (with minor notes) 🎯 Purpose This release focuses on stability improvements, certificate handling edge cases, and better logging for Windows Authenticode signing.
✅ What’s working well
Improved timestamping fallback – Now retries with RFC 3161 servers if default fails. Better dual-signing (SHA-1 + SHA-256) – Handles cross-certificate chains more reliably. Logging enhancements – Clearer debug output for failed signatures, including specific error codes. CLI consistency – --verbose flag now includes EV cert detection status. Test coverage – Added integration tests for expired certificates and invalid PFX passwords.
⚠️ Issues / Recommendations | Severity | Area | Description | Suggestion | |----------|------|-------------|-------------| | 🟡 Minor | CLI help text | --digest-alg description still mentions SHA-1 as default (actual default is SHA-256) | Update help text | | 🟢 Enhancement | Error messaging | "Invalid PFX password" error could suggest checking if file is corrupted | Add hint to error output | | 🟢 Note | Backward compatibility | Drops support for Windows 7/8 (requires Win10+ for new crypto APIs) | Add to release notes explicitly |
🧪 Testing status
✅ Unit tests – passed (Node 18/20/22) ✅ Integration tests (real timestamp servers) – passed ⚠️ Manual test – EV token with hardware device (pending final validation)
📦 Suggested release notes (draft) ## wincodesign-2.6.0 Added
Retry logic for timestamp servers (RFC 3161 fallback) --verbose now shows EV cert status wincodesign-2.6.0
Changed
Default digest algorithm is now SHA-256 (was SHA-1) Minimum OS: Windows 10 / Windows Server 2016