Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Electron MacOS app 'Not Available for Testing' in Testflight #6856

Open
hisnameisjimmy opened this issue May 11, 2022 · 11 comments
Open

Electron MacOS app 'Not Available for Testing' in Testflight #6856

hisnameisjimmy opened this issue May 11, 2022 · 11 comments
Labels
mac readme

Comments

@hisnameisjimmy
Copy link

  • Electron-Builder Version: 23.0.8
  • Node Version: v16.9.1
  • Electron Version: 17.4.3
  • Electron Type (current, beta, nightly): Current
  • Electron Updater Version: 5.0.1
  • Target: MAS (Mac Appstore)
  • Build Platform: M1 Air, Monterey 12.3.1

I'm working on a universal MacOS app in Electron, and while I've gotten pretty far, I can't seem to figure out how to enable it for testing in Testflight.

I keep running into the following error in App Store Connect no matter what I do:

Testflight Not Available for Testing

Varying useful stuff I've found:

Why does this issue happen? What can I do to help debug?

My setup

package.json relevant build section

	"build": {
        "appId": "com.xxxxx.xxxxxx",
        "afterSign": "electron-builder-notarize",
        "mac": {
            "category": "public.app-category.entertainment",
            "darkModeSupport": true,
            "hardenedRuntime": true,
            "gatekeeperAssess": false,
            "entitlements": "build/entitlements.mac.plist",
            "entitlementsInherit": "build/entitlements.mac.plist",
            "icon": "build/icon.icns",
            "target": [
                {
                    "target": "mas",
                    "arch": "universal"
                },
                "dmg"
            ]
        },
        "mas": {
            "type": "distribution",
            "hardenedRuntime": false,
            "provisioningProfile": "embedded.provisionprofile",
            "entitlements": "build/entitlements.mas.plist",
            "entitlementsInherit": "build/entitlements.mas.inherit.plist"
        }
    }

entitlements.mas.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>com.apple.security.app-sandbox</key>
        <true/>
        <key>com.apple.security.application-groups</key>
        <string>TEAMID.com.app.appname</string>
        <key>com.apple.application-identifier</key>
		<string>TEAMID.com.app.appname</string>
        <key>com.apple.developer.team-identifier</key>
		<string>TEAMID</string>
        <key>com.apple.security.cs.allow-jit</key>
        <true/>
        <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
        <true/>
        <key>com.apple.security.cs.allow-dyld-environment-variables</key>
        <true/>
    </dict>
</plist>

entitlements.mas.inherit.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>com.apple.security.app-sandbox</key>
        <true/>
        <key>com.apple.security.inherit</key>
        <true/>
    </dict>
</plist>
@mmaietta
Copy link
Collaborator

I thought hardenedRuntime was required to be true for all modern versions of macOS, regardless of mac or mas target.

@hisnameisjimmy
Copy link
Author

hisnameisjimmy commented May 11, 2022
edited
Loading

Not sure, but changing it to true didn't solve the issue unfortunately 🫤

Multiple places where people have disabled hardenedRuntime, apparently successfully:

@hisnameisjimmy
Copy link
Author

After looking through all these, and just playing around with adding different entitlements, it was resolved with the following settings. I honestly have no idea which of these is relevant at this point, and after days of debugging I am beyond the point of caring haha. But for future internet travelers who find themselves stuck, here is what I have that got me through:

Successful electron macos appstore submission

package.json relevant section (added loginhelper!)

"build": {
    "appId": "com.xxxxxx.xxxxxx",
    "afterSign": "electron-builder-notarize",
    "mac": {
        "category": "public.app-category.entertainment",
        "darkModeSupport": true,
        "hardenedRuntime": true,
        "gatekeeperAssess": false,
        "entitlements": "build/entitlements.mac.plist",
        "entitlementsInherit": "build/entitlements.mac.plist",
        "icon": "build/icon.icns",
        "target": [
            {
                "target": "mas",
                "arch": "universal"
            },
            "dmg"
        ]
    },
    "mas": {
        "type": "distribution",
        "hardenedRuntime": false,
        "provisioningProfile": "embedded.provisionprofile",
        "entitlements": "build/entitlements.mas.plist",
        "entitlementsInherit": "build/entitlements.mas.inherit.plist",
        "entitlementsLoginHelper": "build/entitlements.mas.loginhelper.plist"
    }
}

entitlements.mas.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>com.apple.security.app-sandbox</key>
        <true/>
        <key>com.apple.security.application-groups</key>
        <string>TEAMID.com.app.appname</string>
        <key>com.apple.application-identifier</key>
		<string>TEAMID.com.app.appname</string>
        <key>com.apple.developer.team-identifier</key>
		<string>TEAMID</string>
        <key>com.apple.security.cs.allow-jit</key>
        <true/>
        <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
        <true/>
        <key>com.apple.security.cs.allow-dyld-environment-variables</key>
        <true/>
        <key>com.apple.security.network.client</key>
        <true/>
        <key>com.apple.security.files.user-selected.read-only</key>
        <true/>
        <key>com.apple.security.files.user-selected.read-write</key>
        <true/>
    </dict>
</plist>

entitlements.mas.inherit.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>com.apple.security.app-sandbox</key>
        <true/>
        <key>com.apple.security.inherit</key>
        <true/>
        <key>com.apple.security.cs.allow-jit</key>
        <true/>
        <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
        <true/>
    </dict>
</plist>

entitlements.mas.loginhelper.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>com.apple.security.app-sandbox</key>
        <true/>
    </dict>
</plist>

@hisnameisjimmy
Copy link
Author

lol, then I immediately run into this: electron/electron#33054

So close, yet so far.

@stephan-fischer
Copy link

After looking through all these, and just playing around with adding different entitlements, it was resolved with the following settings. I honestly have no idea which of these is relevant at this point, and after days of debugging I am beyond the point of caring haha. But for future internet travelers who find themselves stuck, here is what I have that got me through:

Successful electron macos appstore submission

package.json relevant section (added loginhelper!)

"build": {
    "appId": "com.xxxxxx.xxxxxx",
    "afterSign": "electron-builder-notarize",
    "mac": {
        "category": "public.app-category.entertainment",
        "darkModeSupport": true,
        "hardenedRuntime": true,
        "gatekeeperAssess": false,
        "entitlements": "build/entitlements.mac.plist",
        "entitlementsInherit": "build/entitlements.mac.plist",
        "icon": "build/icon.icns",
        "target": [
            {
                "target": "mas",
                "arch": "universal"
            },
            "dmg"
        ]
    },
    "mas": {
        "type": "distribution",
        "hardenedRuntime": false,
        "provisioningProfile": "embedded.provisionprofile",
        "entitlements": "build/entitlements.mas.plist",
        "entitlementsInherit": "build/entitlements.mas.inherit.plist",
        "entitlementsLoginHelper": "build/entitlements.mas.loginhelper.plist"
    }
}

entitlements.mas.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>com.apple.security.app-sandbox</key>
        <true/>
        <key>com.apple.security.application-groups</key>
        <string>TEAMID.com.app.appname</string>
        <key>com.apple.application-identifier</key>
		<string>TEAMID.com.app.appname</string>
        <key>com.apple.developer.team-identifier</key>
		<string>TEAMID</string>
        <key>com.apple.security.cs.allow-jit</key>
        <true/>
        <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
        <true/>
        <key>com.apple.security.cs.allow-dyld-environment-variables</key>
        <true/>
        <key>com.apple.security.network.client</key>
        <true/>
        <key>com.apple.security.files.user-selected.read-only</key>
        <true/>
        <key>com.apple.security.files.user-selected.read-write</key>
        <true/>
    </dict>
</plist>

entitlements.mas.inherit.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>com.apple.security.app-sandbox</key>
        <true/>
        <key>com.apple.security.inherit</key>
        <true/>
        <key>com.apple.security.cs.allow-jit</key>
        <true/>
        <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
        <true/>
    </dict>
</plist>

entitlements.mas.loginhelper.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>com.apple.security.app-sandbox</key>
        <true/>
    </dict>
</plist>

finally this works 😉 Thank you very much!!!

@hisnameisjimmy hisnameisjimmy mentioned this issue Aug 2, 2022
Closed
@mikekreeki
Copy link

In case anyone bumps into this in the future, it issue for me was also missing entitlements entry for loginhelper. Adding those resolved the issue 🎉

@hayr-hotoca
Copy link

@hisnameisjimmy Where can I download the build/entitlements.mac.plist file?

@qjhe qjhe mentioned this issue Jun 16, 2023
Closed
@swyxio swyxio mentioned this issue Jun 21, 2023
Closed
@BlackHole1
Copy link
Contributor

Fix PR: electron/osx-sign#292

@mmaietta mmaietta reopened this Aug 18, 2023
@pauljonescodes
Copy link

Another thing to consider is I believe I've determined that on my particular configuration, com.apple.security.application-groups must be an array of strings.

https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_application-groups

Related thread:

electron/osx-sign#281 (comment)

@pauljonescodes pauljonescodes mentioned this issue Feb 27, 2024
Closed
@bkervaski
Copy link

This resolved it for me:

"entitlementsLoginHelper": "build/entitlements.mas.loginhelper.plist"

@justinhaubrich
Copy link

I can confirm that your solution is still valid in 2024. I was having the same problem but your fix worked for me. Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
mac readme
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@bkervaski @hisnameisjimmy @mikekreeki @pauljonescodes @stephan-fischer @mmaietta @BlackHole1 @hayr-hotoca @justinhaubrich