Invalid code signing for MAS build (version 23.3.3)

[thomasdao]

• Electron-Builder Version: 23.3.3

• Node Version: 16

• Electron Version: 19.0.10

• Target: MAS

From version 23.3.0 and later, signing MAS build will use 3rd Party Mac Developer Application certificate by default, and this causes invalid build for my app. When upload to the Mac App Store, I see the below error:

Asset validation failed (90284) Invalid Code Signing. The executable 'com.app.name.pkg/Payload/AppName.app/Contents/Library/LoginItems/AppName Login Helper.app/Contents/MacOS/AppName Login Helper' must be signed with the certificate that is contained in the provisioning profile. (ID: c3f46e59-cbb9-4b15-841d-04ffb05cb2b7)

I believe when the certificate doesn’t match the one embedded in provisioning profile, the build will show this error. However, when I set identity in mas key to Apple Distribution, I get the below error:

⨯ Cannot find valid "3rd Party Mac Developer Installer" identity to sign MAS installer, please see https://electron.build/code-signing

I believe this PR #6970 is related. When I manually patch macPackager.js to change ["3rd Party Mac Developer Application", "Apple Distribution"] to ["Apple Distribution", "3rd Party Mac Developer Application"], the app can be signed and uploaded to the Mac App Store successfully.

Should we use Apple Distribution by default and move 3rd Party Mac Developer Application to fallback? This should work for issue #6621 where Apple Distribution cannot be found so electron-builder will use 3rd Party Mac Developer Application certificate.

[mmaietta]

I believe this PR #6970 is related. When I manually patch macPackager.js to change ["3rd Party Mac Developer Application", "Apple Distribution"] to ["Apple Distribution", "3rd Party Mac Developer Application"], the app can be signed and uploaded to the Mac App Store successfully.
Should we use Apple Distribution by default and move 3rd Party Mac Developer Application to fallback? This should work for issue #6621 where Apple Distribution cannot be found so electron-builder will use 3rd Party Mac Developer Application certificate.

Can you open a PR for swapping the two values? :)

[jeanfbrito]

I had the same problem, validated the suggestion of swapping it, and it worked.
Created the PR for this.
Thank you @thomasdao

[ubair-j]

@thomasdao i still am getting the same error (around 13 for different files) Asset validation failed (90284). Am i missing some step here?

[thomasdao]

@jeanfbrito thanks for the PR, I somehow forgot about this ticket!
@enunmuz I don't get the error after swapping the two values. Did you manually swap the values for macPackager.js on your computer?

[ubair-j]

@thomasdao yes i manually swapped the values for macPackager.js for electron-builder version 23.3.3. Do i need to follow some extra steps after manually changing the values?

[mmaietta]

Merged and released.

[jeanfbrito]

Already used in production and worked 100%. Thank you very much @mmaietta

[pachulo]

When will this be available in a 23.x version that is not a pre-release @mmaietta ?
Thanks!

[mmaietta]

Updated electron-builder tag section to show 23.6.0 as latest. 23.6.0 was already latest tag on npm