Electron-builder: auto-update without paid certificate


#1

I’m using electron-builder to upload the binaries of my app to Github. As I understand from the electron-builder documentation automatic updates won’t work on macOS unless I get a certificate from Apple, while updates on Windows work without a certificate but prompt the user each time an update is pushed. Is that correct?
And what about updates for my Linux builds?


#2

I am drawing a blank on this. The only thing I can think of something else. When I see “autoupdates” this is what comes to mind.

Are you trying to push updates to another Mac automatically?


#3

I’m sorry the question was very poorly formulated and I can see that it doesn’t make any sense anyone. I was assuming that there was a standard way of pushing updates to the users of my electron app.

I’m using electron-builder to upload the binaries of my app to Github. As I understand from the electron-builder documentation automatic updates with squirrel won’t work on macOS unless I get a certificate from Apple, while updates on Windows work without a certificate but prompt the user each time an update is pushed. Is that correct?
And what about updates for my Linux builds?


#4

Atom updates via Squirrel and does not prompt me. I believe Slack also uses Squirrel and I’ve never seen a prompt from it, either.

And what about updates for my Linux builds?

Squirrel doesn’t support Linux, but you can add your program to community repositories and have people download it from there. Hell, you could have Linux users install from your GitHub repository using npm if you wanted to.


#5

They most likely pay for their certificates, which is something I’m trying to avoid.

I’ll look into that. Thanks!


#6

You’re putting words in my mouth. I haven’t said anything about Mac because I don’t have any knowledge about it. I specifically responded to your bringing up Windows and Linux.


#7

Well Atom updates on macOS via Squirrel as well doesn’t it? Therefore it wasn’t entirely clear from your answer that you excluded macOS.

But it most likely needs some not self generated certificate for Windows as well.


#8

The quote I extracted from your post is the section to which I responded. That doesn’t seem unclear to me.


#9

Well it obviously was.


#10

In order to not have Windows smartscreen popup and ask the user to specifically allow your app you will need to buy a Microsoft developer license in order to sign your app. It’s quite expensive, but required for production apps. However, this only seems to be the case on install, not update. I’ve never had Smartscreen block an update via Squirrel for an electron app.

I believe it’s basically the same for Mac. You will need a developer license, which I think you have to buy (for $99 or so), in order to get your app in the App Store. I don’t know about just downloading and installing from a website though. I have a developer license so I’ve not tested without.

As for distributing your app: the easiest method I’ve found is to use a self-hosted Squirrel Nuts Server. Easy to setup and ties in directly with your GitHub releases. The documentation for it isn’t too bad either. I use this with electron-builder and everything is groovy.

https://www.electron.build/code-signing this may also help.


#11

You still basically need to get a proper developer cert from Apple. You can self-sign, but it adds hoops the user has to go through to accept it and is less vetted and less secure from a user’s perspective, just like the Microsoft one. It’s important and nobody should shirk it. Just like SSL/TLS certs for web sites. Would you trust a web site with your info that fails to provide a cert because they’re unwilling to pay for it?


#12

It’s not necessary to pay for a TLS certificate. CertBot is free.


#13

But you generally don’t have to trust a website. And SSL certificates are usually included with most hosting providers.


#14

Thanks, then I won’t get the certificates as it’s a really small side project.