Do we need to sign the code for the autoUpdater api to work in windows?


#1

To put it simply this is my first electron app. I am developing it for windows and is almost ready(sort of beta version). The one last thing which is left is to get auto updates feature running for the app.

My confusion is whether is it necessary to sign the code(with authenticode code signing certificate) in order to autoUpdater api to work.

If yes then are there options other than a paid certificate as I don’t have enough funds to buy one.


#2

You don’t need to sign while you are testing but I would definitely sign it before releasing your app.

I tested and debugged updating our Electron app without signing it. If you want general users to download and install your app I strongly suggest signing it. I’m not familiar with free options for certificates but that’s also never went looking.


#3

First of all thanks for the clarification.
Regarding autoUpdater:
I observed that after the app gets updated on clients PC the previous version also exists along with the latest version. I tried deleting the folder of previous version using rimraf module by putting rimraf command in ‘–squirrel-updated’ case but it didn’t workout. Is there anyway that we can get rid of those files as they are taking twice the space on client PC or it is just how the Squirrel update works.
I made my installer using ‘electron-winstaller’ and packaged it using ‘electron-packager’.


#4

The (squirrel) autoUpdater keeps at most 2 versions on disk: the latest version and the previous version. Let’s stay you install SomeApp version 0.0.1. Then update to 0.0.2. Both will be on disk. Later the client updates to 0.0.3. As part of the update to 0.0.3 the 0.0.1 version will be removed. I’m not exactly sure when this happens (after download? after relaunch?).

I don’t know where I originally read that but it was definitely in the Squirrel Docs. There’s a git discussion here that confirms it though.


#5

Well I figured that out when I deployed my updates.
In the squirrel log file one can observe the chain of commands.
I am rather interested in deleting the version 0.0.2 when the app is updated to 0.0.3.


#6

I believe Squirrel does this in case there are any errors with the install of the latest version. It can quickly and easily roll back to the previous version. If you think about it, it kinda makes sense to always keep the old version but you could manually delete it from your app.

Because Electron has access to Node and normalises directories you could use something like:
app.getAppPath()
and then do something with the versioning to get the old app path from this (that returns to currently install app). However, if you have to do this I would make sure you do it after your app has restarted and there are no new updates.


#7

Thanks for clarification.
As I mentioned in my previous comments I tried to work around using rimraf but failed. The concern is just the extra space taken by the app. Anyway the reason seems valid.