Reputation: 3014
Electron app crashes when I sign it on mac
I am trying to package an Electron app with electron-builder, the most popular library for releasing electron apps. I am on a Mac and I have a Developer Account. When running the build process with the command electron-builder build --mac zip, Electron-builder will automatically search for a developer certificate in my Mac's keychain Access, and apply it to the app. When I build the app for mac it seems to build it fine including signing it. The log in the terminal related to signing is:
signing file=dist/mac/*appname*.app identityName=Developer ID Application: *MyDeveloperName*
(*myDeveloperNumber*) identityHash=*someLongHashString* provisioningProfile=none
But when I try to open the app, it immediately crashes and the error report indicates an invalid signature code:
Exception Type: EXC_BAD_ACCESS (Code Signature Invalid)
Exception Codes: 0x0000000000000032, 0x000039e9b3542040
Exception Note: EXC_CORPSE_NOTIFY
Termination Reason: Namespace CODESIGNING, Code 0x2
Yet the Developer account is valid. If I leave it unsigned (setting identity to null) when I build it, it will execute fine.
// package.json
"build": {
"appId": "com.example.appname"
"mac": {
"identity": null
}
}
I get the same error result when I build and try to execute any Electron App including the HelloWorld app on Electron's getting started page so it's universal.
Electron-builder has a boilerplate they recommend that uses Webpacker, which I don't need for my app. If I just download that boilerplate and build an app it does sign it and it does work without the error. So that confirms that it's not an issue with my Developer ID. I'd rather not use their boilerplate because it adds another layer of complexity and I'm not sure how I would make my already-built app integrate with their boilerplate. I just want my app signature to work on a regular app. Am I missing some basic step? What could be causing this issue?
Upvotes: 3
Views: 2359
Answers (1)
Reputation: 3014
I got this working. I had to enable Apple's Hardened Runtime (https://developer.apple.com/documentation/security/hardened_runtime_entitlements) before signing it. Hardened runtime adds limitations to your app that give users added security against potential exploits like code injection, dynamically linked library (DLL) hijacking, and process memory space tampering.
Essentially follow the steps in this blog that Electron-builder also linked to https://kilianvalkhof.com/2019/electron/notarizing-your-electron-application/. This didn't work for me the first few times I tried it (prior to posting this question) for some reason but it does now. These instructions are for notarizing the app, but if you only want to sign it just follow the first two steps. The takeaway is without adding the hardened runtime, the signing would fail on app launch.
Upvotes: 1
Related Questions
- `electron-builder` failed with code signing error in mac
- Signing Electron build for M1 macs causes renderer to crash
- Getting Code Signature Invalid when opening signed electron app
- Electron-forge & osx sign app result in "Binary is improperly signed."
- Electron osx systemPreferences.askForMediaAccess crashes app
- "Unnotarized Developer ID" error occurred while building for mac with Electron Builder
- Signed electron app does not start with robotjs on OSX (Unhandled Errpr: no suitable image found)
- Why does my electron app doesn't launch after packaging?
- signed electron app shell.openItem() fails
- Electron builder code signing: bundle format unrecognized, invalid, or unsuitable