7.0 Code signing
In order for auto updates to be downloaded, and applications to run without security warnings, Monterey is signed with a code signing certificate. Travis and Appveyor are configured to create installers and codesign them using this certificate.
Electron-builder creates the installers and starts the code signing process. This happens only when the CSC_LINK
and CSC_KEY_PASSWORD
environment variables are available. CSC_LINK
is a URL to Dropbox where electron-builder can download the .p12
or .pfx
(same thing) certificate from. Dropbox is used as dropbox has SSL enabled and provides a direct download link to files. CSC_KEY_PASSWORD
is the password that belongs to the .p12
or .pfx
file.
The CSC_LINK
and CSC_KEY_PASSWORD
environment variables are set in the settings of the CI's:
Image 1
Image 2