Executables within app.asar.unpacked are not being signed correctly in OSX 10.14.5 #3940
Comments
dboakes
changed the title
|
I had the same problem, that was fixed by adding My electron builder configuration : My entitlements.mac.inherit.plist : |
|
Only just seen your comment. Updating the plist with your suggestions worked perfectly! Amazing cheers mate. |
|
I had the same issue (with native node extension Keytar). |
|
I can confirm the same as @julienma, I didn't need the |
|
Yes, |
|
@Kilian you might need to update your article to include this, I was having an issue with entitlements following the guide (this is not to say that your guide is unappreciated) |
electron-userland/electron-builder#3940 (comment) License: MIT Signed-off-by: Marcin Rataj <lidel@lidel.org>
electron-userland/electron-builder#3940 (comment) License: MIT Signed-off-by: Marcin Rataj <lidel@lidel.org>
* chore: macOS notarizing This adds scripts that run electron-notarize as additional manual or build steps on darvin runtime, loosly following https://kilianvalkhof.com/2019/electron/notarizing-your-electron-application/ Context: #1211 entitlements should enable us to pass process with go-ipfs binary electron-userland/electron-builder#3940 (comment) notarize-cli.js uses electron-notarize-dmg, works like electron-notarize but supports DMG without stapling (which is what we want for now) License: MIT Signed-off-by: Marcin Rataj <lidel@lidel.org>
|
Adding the entitlement worked for me as well. Thanks everyone! @Kilian I also came across this issue after following your excellent guide. Thanks for providing clear instructions on how to sign and notarize for Mac OS! (Weird that something like this is still not included in the official documentation.) Just wanted to remind you of @dannypaz's request - I think it would really prevent a lot of wasted time. |
|
I created my package using https://github.com/munki/munki-pkg. I signed and notarised my executables after which installer stopped working. I do not have any "entitlements.mac.inherit.plist". With munkipkg only build-info.plist is produced. I need to add it there? I am pretty new to all of this, figuring out how to fix this. |
|
Hey I think if you use BigSur, now you should not use So, I strongly recommend you to use asarUnpack option. |
|
@yuikoito Will this also work for native addons like sqlite3? |
|
@tobiasmuecksch Sorry I didn't try native addons.. |
|
@tobiasmuecksch Yes, it's works. only for MacOS (all node modules) "build": {
"mac": {
"asarUnpack": "node_modules/**/*.node"
}
} |
Version: 20.43.0
Electron Updater Version: 4.0.6
Target: Mac OSX 10.14.5
I have implemented the fix mentioned in issue #3828, also outlined here.
However, this isn't working for other binaries found within app.asar.unpacked. Before OSX 10.14.15, I had included a python binary which I had packed via pyinstaller, and this was then automatically signed by Electron Builder.
The error output states "Code signature found in [FILE_PATH]_ not valid for use in process using Library Validation: mapped file has no cdhash, completely unsigned? Code has to be at least ad-hoc signed."
I can see in the Contents folder of the app, that the CodeResources file contains keys for all the python binaries, but they don't seem to be recognised.
I have tried signing the files manually with codesign, which allowed the app to work on my mac, but when trying to open the app on another mac, it would get an error, as the package had been amended after being signed.
The text was updated successfully, but these errors were encountered: