kidsonfilms-python-rules
Reputation: 9
Electron App Notarized but not opening. [electron-builder] [macOS Big Sur]
I successfully notarized the app and it gives the following error
I checked the signing and notarizing and it gives me the following:
> pkgutil --check-signature ./path/to/app/XXXX.app
Package "XXX":
Status: signed by a certificate trusted by macOS
Certificate Chain:
1. Developer ID Application: ...
and
> spctl -a -t exec -vvv ./path/to/app/XXXX.app
./path/to/app/XXXX.app: accepted
source=Notarized Developer ID
origin=Developer ID Application: XXXXXX (XXXXXX)
electron-notarize version is ^1.0.0
This shows it is successfully notarized, here are my config files (and signing js file if that helps):
package.json
"build": {
"asar": true,
"appId": "redacted",
"files": [
...
],
"afterSign": "./build/afterSignHook.js",
"directories": {
"buildResources": "./build/resources"
},
"publish": [
{
"provider": "github",
"owner": "redacted",
"repo": "redacted"
}
],
"mac": {
"category": "public.app-category.music",
"icon": "assets/appIcons/DJFlame Logo.icns",
"hardenedRuntime": true,
"entitlements": "./build/resources/entitlements.mac.plist",
"asarUnpack": "**/*.node"
},
"dmg": {
"background": null,
"icon": "assets/appIcons/DJFlame Logo.icns",
"backgroundColor": "#202020",
"window": {
...
},
"contents": [
...
]
},
"nsis": {
"oneClick": false,
"perMachine": false,
"installerIcon": "assets/appIcons/DJFlame Logo.ico",
"license": "license.txt"
},
"linux": {
"target": "AppImage",
"icon": "assets/DJFlame Logo.png"
}
}
entitlements.mac.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.application-groups</key>
<array>
<string>XXYYZZ112233.com.redacted.redacted</string>
</array>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
</dict>
</plist>
afterSignHook.js (notarizing file)
const fs = require('fs');
const path = require('path');
var electron_notarize = require('electron-notarize');
const config = require('../package.json')
require('dotenv').config();
module.exports = async function (params) {
// Only notarize the app on Mac OS only.
if (process.platform !== 'darwin' || path.join(params.appOutDir, `${params.packager.appInfo.productFilename}.app`) == '/Users/siddharth/dev/DJTorsten/dist/win-unpacked/DJFlame.app') {
return;
}
// Same appId in electron-builder.
let appId = config.build.appId
let appPath = path.join(params.appOutDir, `${params.packager.appInfo.productFilename}.app`);
if (!fs.existsSync(appPath)) {
throw new Error(`Cannot find application at: ${appPath}`);
}
const startNoteTime = new Date()
console.log(`Notarizing ${appId} found at ${appPath}. Started Notarizing at ${new Date().toLocaleTimeString()}, expected max finish time ${new Date(new Date().getTime() + 300000).toLocaleTimeString()}`);
try {
await electron_notarize.notarize({
appBundleId: appId,
appPath: appPath,
appleId: process.env.APPLE_ID, // this is your apple ID it should be stored in an .env file
appleIdPassword: process.env.APPLE_ID_PASSWORD, // this is NOT your apple ID password. You need to
//create an application specific password from https://appleid.apple.com under "security" you can generate
//such a password
// ascProvider: process.env.appleIdProvider // this is only needed if you have multiple developer
// profiles linked to your apple ID.
});
} catch (error) {
console.error(error);
throw error;
}
console.log(`Done notarizing ${appId}! Time Finished: ${new Date().toLocaleTimeString()}, Time Elasped: ${Math.floor(new Date() / 1000) - Math.floor(startNoteTime / 1000)}s`);
};
EDIT I narrowed it down to the following lines:
"afterSign": "./build/afterSignHook.js",
"directories": {
"buildResources": "./build/resources"
},
...
"mac": {
...
"hardenedRuntime": true,
"entitlements": "./build/resources/entitlements.mac.plist",
"asarUnpack": "**/*.node"
}
When I'm not getting that error, its also not notarized. I will edit the above snippet until I can find the exact cause of the error.
Upvotes: 0
Views: 1564
Answers (1)
kidsonfilms-python-rules
Reputation: 9
I tried a bunch of things to fix this, but I think that the following are the answer:
#1 Add a value to package.json
When you add "entitlements": "./build/resources/entitlements.mac.plist", add an inherit that points to the same file. Also add gatekeeperAsses to false. The code would look like
"mac": {
...
"hardenedRuntime": true,
"gatekeeperAssess": false,
"entitlements": "./build/resources/entitlements.mac.plist",
"entitlementsInherit": "./build/resources/entitlements.mac.plist",
"asarUnpack": "**/*.node"
}
#2 Strip entitlements.mac.plist to bare-minimum
Apparently having too many entitlements may cause this error, so strip it to the entitlements you need. Mine would look like this:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.device.audio-input</key>
<true/>
<key>com.apple.security.files.user-selected.read-only</key>
<true/>
</dict>
</plist>
Upvotes: 0
Related Questions
- Electron-notarize problem not signing all binaries
- Notarize issue: altool not in PATH?
- Getting Code Signature Invalid when opening signed electron app
- Notarizing Electron apps throws - "You must first sign the relevant contracts online. (1048)" error
- Electron-forge & osx sign app result in "Binary is improperly signed."
- Electron app notorizing. Notorized electron app cannot be opened on other machines
- The username is not a member of the provider
- Electron app crashes when I sign it on mac
- Why electron-osx-sign fails to produce a signed app recognised by Gatekeeper?
- Electron app not showing anything