electron / osx-sign Goto Github PK

Codesign Electron macOS apps

License: BSD 2-Clause "Simplified" License

JavaScript 10.87% Shell 1.50% TypeScript 87.63%

electron-osx-sign macos entitlements provisioning-profiles electron codesigning sandbox mac-app-store itunes-connect developer-tools

osx-sign's People

Contributors

Stargazers

Watchers

Forkers

seanchas116 sethlu pombredanne develar mcfedr amilajack savanain skellock cucygh charliehess salomvary emorikawa fredguth joseph-hurtado dinneo javimosch resilientred maurice-schuppe cacheflow vischub relsqui ngartisanmd chinmoy-globalids rajivshah3 cacherapp freeyourmusic agalwood nasty007007 nicktikhonov hhy5277 malept ngnguyen1 shiqi harikvpy netop johntendik outofambit toshi-saito satorumpen kieuthang telefuel ccrocc chokeslam46 ccszwg msgpo lcheunglci isabella232 thibaut-adx axfelix tomdixon standardgalactic hackape xszh russ93 motrixapp samowolabi helojo acidburn0zzz mehdikazi whxleemdddd txbrown workduck-io classicvalues capesepias ajunlonglive abuhtoyarov thatkiddslash soundar-m tobspr-games zimkaru i-obraztsov jyd519 armbiant chasestubblefield skirsdeda wilf312 baro77 rvetere alex-paterson rickymohk amiller-gh mwakizaka magic-pod quanglam2807 new-carrot ethicalsecurity-agency madtechservices pbk-b cliftonh qz1543706741 140277 ayie99969 threema-danilo erickzhao akjus

osx-sign's Issues

Mention working capability in macOS Sierra

We will retain the name electron-osx-sign; however, macOS is as well supported by this module.

Expand wiki

Use binaries option to sign compiled node addons

How can the binaries option be used to sign compiled node addons? Right now, I have the option specified like this:

{
  binaries: "My App.app/Contents/Resources/app/node_modules/screen-recorder/build/Release/addon.node"
}

The signing and packaging process completes without errors, and can be uploaded to iTunes Connect, but it is later rejected because the addon.node is not signed.

Providing control over which files are signed

My OS X app includes an iOS .app inside of it (the OS X app is a developer tool that lets people install the iOS app on the iOS simulator for development). I sign the OS X app using electron-packager by passing in 'osx-sign': { identity: 'Developer ID Application: Organization (AAAAAAAAAA)' }, which seems to work fine until electron-osx-sign discovers the iOS .app in my app's resources and tries to sign it.

I looked through the code and didn't see a way to control if a file gets signed or not. What kind of API do you think would be good to provide this feature?

opts.ingore is not acknowledged

opt 'ignore', logic err?

index.js line:291

if (typeof opts.ignore !== 'function' || typeof opts.ignore !== 'string') return cb(new Error('Ignore filter should be either a function or a string.'))

Usage of sync methods

electron-builder tests executed in parallel And build can be in parallel (e.g. build mas and osx builds).

Don't you mind if I will fix it and will use Bluebird?

Next major v0.3.0 release covering recent updates

Code sign failed; please retry manually. Error: No identity found for signing.

Hi,

Not sure if this is the correct place for this issue, however I'm getting the following error when attempting to build electron.

Is this a configuration issue, or perhaps a bug?

Installing production dependencies into Electron Build Package
[email protected] tmp/electron-build-tmp/node_modules/electron-debug
├── [email protected]
└── [email protected]
Installed and bundled electron-debug@^1.0.0
Installing Electron headers for version 1.1.2
Recompiling native dependencies
The cache parameter is deprecated, use download.cache instead
Packaging app for platform darwin x64 using electron v0.37.5
Code sign failed; please retry manually. Error: No identity found for signing.
    at /Users/mateodelnorte/development/cardstack-desktop/node_modules/electron-osx-sign/index.js:49:28
    at ChildProcess.exithandler (child_process.js:193:7)
    at emitTwo (events.js:106:13)
    at ChildProcess.emit (events.js:191:7)
    at maybeClose (internal/child_process.js:852:16)
    at Socket.<anonymous> (internal/child_process.js:323:11)
    at emitOne (events.js:96:13)
    at Socket.emit (events.js:188:7)
    at Pipe._handle.close [as _onclose] (net.js:492:12)

I'm on El Capitan version 10.11.5 (15F34)
node --version: v6.3.0
electron --version: v1.3.1

Check com.apple.security.app-sandbox in user provided entitlements file

OSX flat packages dont install app to /Applications

When I create a package with electron-packager (or electron-osx-flat + signing), the installer pkg will run fine and contain all of the app's data—but it will not get installed to the /Applications folder. Why is this, and how can I make sure to produce working (Non-MAS) installer bundles?

Automate com.apple.security.application-groups according to app bundle Info.plist?

Refer to: electron/electron#5584, electron/packager#371

Not Effect After Sign

I set config below and passed well.

const sign = require('electron-osx-sign');
sign({
      app: path.join(cwd, './release/xxx.app'),
      entitlements: path.join(__dirname, './parent.plist'),
      'entitlements-inherit': path.join(__dirname, './child.plist'),
      'identity': 'Mac Developer: Xiaofeng Mao (52D7B5F3L7)',
      'platform': 'darwin',
      'version': config.version,
    }, (error) => {
      if (!error) {
        console.log('signed success');
    }
});

print signed success until i checked my app by spctl -a -v xxx.app
result is xxx.app: rejected

tried many times and exhausted. please give me some tips~

iTunes: Files Only Readable By The Root User

After submitting my package to iTunes, I got this message back:

Files Only Readable By The Root User - The installer package includes files that are only readable by the root user. This will prevent verification of the application's code signature when your app is run. Ensure that non-root users can read the files in your app.

How to fix?

Wiki: Clarification on codesign acceptance

Only targets (signed) are accepted by signature check:

Developer ID Application/Installer: These targets are for distribution outside the Mac App Store only and are paired with Electron darwin builds.
Mac App Store: These targets are obtained from the Mac App Store; it's worth noting that these are not equivalent to apps signed with 3rd Party Mac Developer Application/Installer. The signature minded to an app changes somewhere at Apple. In other words, targets signed with 3rd Party Mac Developer Application/Installer will not be accepted by Gatekeeper, which case is different from those with Developer ID Application/Installer.

The check-signature tool from Apple (ref: https://developer.apple.com/downloads/?=SignatureCheck) works in a same way.

More: https://developer.apple.com/library/mac/technotes/tn2206/_index.html#//apple_ref/doc/uid/DTS40007919-CH1-TNTAG400

Windows Signing

This is somewhat off-topic for OSX utility, but do you have any plans to work on a similar tool for Windows? I've written up a tutorial on how to do it here http://verysimple.com/2016/02/19/code-signing-applications-for-microsoft-windows/

I think the process could be automated similarly to how osx-sign and osx-flat have automated the process for OSX. (Although a flatten tool might not be necessary since that functionality is already available via windows-builder.)

Command Line Won't Accept Provisioning Profile Argument

Greetings,
I hope this isn't a duplicate, I searched the issues and nothing jumped out.

I'm trying to run electron-osx-sign via cli after building my electron app with electron-packager. I'm doing this because it doesn't seem like electron-packager is properly assigning the provisioning profile when signing the app (this may be a separate issue so just focusing on cli usage for now).

Issue:
However I try to pass the --provisioning-profile argument the CLI outputs: Path to provisioning profile should be a string or a ProvisioningProfile object. I tried wrapping the path in single quotes, double quotes, no quotes, escaping command characters that need escaping (/,.,-,(,),), and pretty much every variation of quoting, escaping, etc but still just get Path to provisioning profile should be a string or a ProvisioningProfile object.. The only way I was able to not get that output was to pass empty quotes but then the command runs without using the provisioning profile.

Background:
I'm trying to release an alpha version of my app to my company, I'd prefer to have it signed so that no one has to turn off their security preferences when installing applications. If I choose not to sign the app when running electron-packager everything works great and the app opens as expected. When I do sign the application, upon opening it nothing load (white screen) and you get a spinning beachball of death.

I've tried passing passing the identity and provisioning-profile option to electron-packager but I never see any output that the provisioning-profile is being used when signing the app by passing DEBUG=electron-osx-sign or DEBUG=electron-packager but do that the identity is being used.

Versions:
[email protected]
[email protected]
[email protected]
[email protected]

electron-package config

/**
 * Packages the application into executable .app and .exe files.
 * For more info, see https://github.com/electron-userland/electron-packager.
 */
var argv = require('minimist')(process.argv.slice(2))
var packager = require('electron-packager')
var appManifest = require('../app/package.json')
var devManifest = require('../package.json')
var config = require('../config')

function getElectronVersion () {
  var v = config.release.electronVersion ||
    (devManifest.devDependencies || {})['electron-prebuilt'] ||
    (devManifest.dependencies || {})['electron-prebuilt']

  if (v) {
    return v.replace(/^\D+/, '')
  } else {
    console.log(
      'No electron version was found in config.js or package.json.'
    )
  }
}

var packagerConfig = {
  dir: config.build.outputRoot,
  out: config.build.releasesRoot,
  name: appManifest.productName,
  'app-version': appManifest.version,
  version: getElectronVersion(),
  platform: argv.platform || config.release.platform,
  arch: argv.arch || 'all',
  prune: true,
  overwrite: true,
  ignore: Object.keys((appManifest.devDependencies || {})).map(function (name) {
    return '/node_modules/' + name + '($|/)'
  }),
  'osx-sign': {
    identity: 'Developer ID Application: New Media Solutions Inc (A456A838HF)',
    'provisioning-profile': '/Users/dbondy/Library/MobileDevice/Provisioning Profiles/472d4411-dc27-4f8e-bc2f-cd11d75d380b.provisionprofile'
  }
}

packager(packagerConfig, function (err, appPath) {
  if (err) {
    console.error(err)
    process.exit(1)
  }

  console.log('packaged to ' + appPath)
})

I also tried moving provisioning-profile out of the osx-sign object

/**
 * Packages the application into executable .app and .exe files.
 * For more info, see https://github.com/electron-userland/electron-packager.
 */
var argv = require('minimist')(process.argv.slice(2))
var packager = require('electron-packager')
var appManifest = require('../app/package.json')
var devManifest = require('../package.json')
var config = require('../config')

function getElectronVersion () {
  var v = config.release.electronVersion ||
    (devManifest.devDependencies || {})['electron-prebuilt'] ||
    (devManifest.dependencies || {})['electron-prebuilt']

  if (v) {
    return v.replace(/^\D+/, '')
  } else {
    console.log(
      'No electron version was found in config.js or package.json.'
    )
  }
}

var packagerConfig = {
  dir: config.build.outputRoot,
  out: config.build.releasesRoot,
  name: appManifest.productName,
  'app-version': appManifest.version,
  version: getElectronVersion(),
  platform: argv.platform || config.release.platform,
  arch: argv.arch || 'all',
  prune: true,
  overwrite: true,
  ignore: Object.keys((appManifest.devDependencies || {})).map(function (name) {
    return '/node_modules/' + name + '($|/)'
  }),
  'osx-sign': {
    identity: 'Developer ID Application: New Media Solutions Inc (A456A838HF)'
  }
  'provisioning-profile': '/Users/dbondy/Library/MobileDevice/Provisioning Profiles/472d4411-dc27-4f8e-bc2f-cd11d75d380b.provisionprofile'
}

packager(packagerConfig, function (err, appPath) {
  if (err) {
    console.error(err)
    process.exit(1)
  }

  console.log('packaged to ' + appPath)
})

neither create an app that will open, just produces a spinning beachball of death.

Various Console Outputs from Different Commands
with DEBUG=electron-osx-sign

node build/package.js

Packaging app for platform linux ia32 using electron v1.1.0
Packaging app for platform win32 ia32 using electron v1.1.0
Packaging app for platform darwin x64 using electron v1.1.0
  electron-osx-sign Signing application... +0ms
  electron-osx-sign > application         /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/darwin-x64/Drud Secrets-darwin-x64/Drud Secrets.app +1ms
  electron-osx-sign > platform            darwin +1ms
  electron-osx-sign > entitlements        undefined +0ms
  electron-osx-sign > child-entitlements  undefined +0ms
  electron-osx-sign > additional-binaries undefined +0ms
  electron-osx-sign > identity            Developer ID Application: New Media Solutions Inc (A456A838HF) +0ms
  electron-osx-sign Signing... /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/darwin-x64/Drud Secrets-darwin-x64/Drud Secrets.app/Contents/Frameworks/Drud Secrets Helper EH.app/Contents/MacOS/Drud Secrets Helper EH +66ms
  electron-osx-sign Signing... /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/darwin-x64/Drud Secrets-darwin-x64/Drud Secrets.app/Contents/Frameworks/Drud Secrets Helper EH.app +409ms
  electron-osx-sign Signing... /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/darwin-x64/Drud Secrets-darwin-x64/Drud Secrets.app/Contents/Frameworks/Drud Secrets Helper NP.app/Contents/MacOS/Drud Secrets Helper NP +291ms
  electron-osx-sign Signing... /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/darwin-x64/Drud Secrets-darwin-x64/Drud Secrets.app/Contents/Frameworks/Drud Secrets Helper NP.app +247ms
  electron-osx-sign Signing... /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/darwin-x64/Drud Secrets-darwin-x64/Drud Secrets.app/Contents/Frameworks/Drud Secrets Helper.app/Contents/MacOS/Drud Secrets Helper +295ms
  electron-osx-sign Signing... /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/darwin-x64/Drud Secrets-darwin-x64/Drud Secrets.app/Contents/Frameworks/Drud Secrets Helper.app +251ms
  electron-osx-sign Signing... /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/darwin-x64/Drud Secrets-darwin-x64/Drud Secrets.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework +249ms
  electron-osx-sign Signing... /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/darwin-x64/Drud Secrets-darwin-x64/Drud Secrets.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libffmpeg.dylib +1s
  electron-osx-sign Signing... /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/darwin-x64/Drud Secrets-darwin-x64/Drud Secrets.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libnode.dylib +272ms
  electron-osx-sign Signing... /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/darwin-x64/Drud Secrets-darwin-x64/Drud Secrets.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Resources/crashpad_handler +448ms
  electron-osx-sign Signing... /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/darwin-x64/Drud Secrets-darwin-x64/Drud Secrets.app/Contents/Frameworks/Electron Framework.framework +262ms
  electron-osx-sign Signing... /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/darwin-x64/Drud Secrets-darwin-x64/Drud Secrets.app/Contents/Frameworks/Mantle.framework/Versions/A/Mantle +1s
  electron-osx-sign Signing... /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/darwin-x64/Drud Secrets-darwin-x64/Drud Secrets.app/Contents/Frameworks/Mantle.framework +248ms
  electron-osx-sign Signing... /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/darwin-x64/Drud Secrets-darwin-x64/Drud Secrets.app/Contents/Frameworks/ReactiveCocoa.framework/Versions/A/ReactiveCocoa +499ms
  electron-osx-sign Signing... /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/darwin-x64/Drud Secrets-darwin-x64/Drud Secrets.app/Contents/Frameworks/ReactiveCocoa.framework +301ms
  electron-osx-sign Signing... /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/darwin-x64/Drud Secrets-darwin-x64/Drud Secrets.app/Contents/Frameworks/Squirrel.framework/Versions/A/Resources/ShipIt +291ms
  electron-osx-sign Signing... /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/darwin-x64/Drud Secrets-darwin-x64/Drud Secrets.app/Contents/Frameworks/Squirrel.framework/Versions/A/Squirrel +254ms
  electron-osx-sign Signing... /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/darwin-x64/Drud Secrets-darwin-x64/Drud Secrets.app/Contents/Frameworks/Squirrel.framework +251ms
  electron-osx-sign Signing... /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/darwin-x64/Drud Secrets-darwin-x64/Drud Secrets.app/Contents/MacOS/Drud Secrets +258ms
  electron-osx-sign Signing... /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/darwin-x64/Drud Secrets-darwin-x64/Drud Secrets.app +283ms
  electron-osx-sign Verifying sign... +283ms
Packaging app for platform linux x64 using electron v1.1.0
Packaging app for platform mas x64 using electron v1.1.0
  electron-osx-sign Signing application... +4s
  electron-osx-sign > application         /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/mas-x64/Drud Secrets-mas-x64/Drud Secrets.app +0ms
  electron-osx-sign > platform            mas +0ms
  electron-osx-sign > entitlements        /Users/dbondy/sites/secrets-electron/node_modules/electron-osx-sign/default.mas.entitlements +0ms
  electron-osx-sign > child-entitlements  /Users/dbondy/sites/secrets-electron/node_modules/electron-osx-sign/default.mas.inherit.entitlements +0ms
  electron-osx-sign > additional-binaries undefined +0ms
  electron-osx-sign > identity            Developer ID Application: New Media Solutions Inc (A456A838HF) +0ms
  electron-osx-sign Signing... /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/mas-x64/Drud Secrets-mas-x64/Drud Secrets.app/Contents/Frameworks/Drud Secrets Helper EH.app/Contents/MacOS/Drud Secrets Helper EH +59ms
  electron-osx-sign Signing... /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/mas-x64/Drud Secrets-mas-x64/Drud Secrets.app/Contents/Frameworks/Drud Secrets Helper EH.app +265ms
  electron-osx-sign Signing... /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/mas-x64/Drud Secrets-mas-x64/Drud Secrets.app/Contents/Frameworks/Drud Secrets Helper NP.app/Contents/MacOS/Drud Secrets Helper NP +276ms
  electron-osx-sign Signing... /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/mas-x64/Drud Secrets-mas-x64/Drud Secrets.app/Contents/Frameworks/Drud Secrets Helper NP.app +249ms
  electron-osx-sign Signing... /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/mas-x64/Drud Secrets-mas-x64/Drud Secrets.app/Contents/Frameworks/Drud Secrets Helper.app/Contents/MacOS/Drud Secrets Helper +256ms
  electron-osx-sign Signing... /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/mas-x64/Drud Secrets-mas-x64/Drud Secrets.app/Contents/Frameworks/Drud Secrets Helper.app +290ms
  electron-osx-sign Signing... /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/mas-x64/Drud Secrets-mas-x64/Drud Secrets.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework +261ms
  electron-osx-sign Signing... /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/mas-x64/Drud Secrets-mas-x64/Drud Secrets.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libffmpeg.dylib +1s
  electron-osx-sign Signing... /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/mas-x64/Drud Secrets-mas-x64/Drud Secrets.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libnode.dylib +276ms
  electron-osx-sign Signing... /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/mas-x64/Drud Secrets-mas-x64/Drud Secrets.app/Contents/Frameworks/Electron Framework.framework +475ms
  electron-osx-sign Signing... /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/mas-x64/Drud Secrets-mas-x64/Drud Secrets.app/Contents/MacOS/Drud Secrets +1s
  electron-osx-sign Signing... /var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/mas-x64/Drud Secrets-mas-x64/Drud Secrets.app +260ms
  electron-osx-sign Verifying sign... +290ms
  electron-osx-sign Verifying entitlements... +89ms
Packaging app for platform win32 x64 using electron v1.1.0
packaged to /Users/dbondy/sites/secrets-electron/releases/Drud Secrets-linux-ia32,/Users/dbondy/sites/secrets-electron/releases/Drud Secrets-win32-ia32,/Users/dbondy/sites/secrets-electron/releases/Drud Secrets-darwin-x64,/Users/dbondy/sites/secrets-electron/releases/Drud Secrets-linux-x64,/Users/dbondy/sites/secrets-electron/releases/Drud Secrets-mas-x64,/Users/dbondy/sites/secrets-electron/releases/Drud Secrets-win32-x64

with DEBUG=electron-packager

> node build/package.js

  electron-packager Electron Packager 7.7.0 +0ms
  electron-packager Node v6.6.0 +3ms
  electron-packager Host Operating system: darwin (x64) +1ms
  electron-packager Target Platforms: darwin, linux, mas, win32 +0ms
  electron-packager Target Architectures: ia32, x64 +0ms
  electron-packager Application name: Drud Secrets +0ms
  electron-packager Target Electron version: 1.1.0 +0ms
  electron-packager Ignored path regular expressions:
* /node_modules/electron($|/)
* /node_modules/electron-prebuilt($|/)
* /node_modules/electron-packager($|/)
* /\.git($|/)
* /node_modules/\.bin($|/) +0ms
Packaging app for platform linux ia32 using electron v1.1.0
Packaging app for platform win32 ia32 using electron v1.1.0
  electron-packager Running rcedit with the options {"version-string":{},"product-version":"1.0.0"} +3s
Packaging app for platform darwin x64 using electron v1.1.0
  electron-packager Running electron-osx-sign with the options {"identity":"Developer ID Application: New Media Solutions Inc (A456A838HF)","provisioning-profile":"/Users/dbondy/Library/MobileDevice/Provisioning Profiles/472d4411-dc27-4f8e-bc2f-cd11d75d380b.provisionprofile","platform":"darwin","app":"/var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/darwin-x64/Drud Secrets-darwin-x64/Drud Secrets.app"} +7s
Packaging app for platform linux x64 using electron v1.1.0
Packaging app for platform mas x64 using electron v1.1.0
  electron-packager Running electron-osx-sign with the options {"identity":"Developer ID Application: New Media Solutions Inc (A456A838HF)","provisioning-profile":"/Users/dbondy/Library/MobileDevice/Provisioning Profiles/472d4411-dc27-4f8e-bc2f-cd11d75d380b.provisionprofile","platform":"mas","app":"/var/folders/h0/v4jqhd0x713gyc3w91_y3g5r0000gn/T/electron-packager/mas-x64/Drud Secrets-mas-x64/Drud Secrets.app"} +11s
Packaging app for platform win32 x64 using electron v1.1.0
  electron-packager Running rcedit with the options {"version-string":{},"product-version":"1.0.0"} +7s
packaged to /Users/dbondy/sites/secrets-electron/releases/Drud Secrets-linux-ia32,/Users/dbondy/sites/secrets-electron/releases/Drud Secrets-win32-ia32,/Users/dbondy/sites/secrets-electron/releases/Drud Secrets-darwin-x64,/Users/dbondy/sites/secrets-electron/releases/Drud Secrets-linux-x64,/Users/dbondy/sites/secrets-electron/releases/Drud Secrets-mas-x64,/Users/dbondy/sites/secrets-electron/releases/Drud Secrets-win32-x64

I did also run a few of the codesign and security commands to verify the signing of the app and everything looks verified there but if you need me to provide some of those outputs as well let me know.

Any help would be greatly appreciated!

the identity of the developer cannot be confirmed

hi, all

i need codesign app with 'Develop ID Application' certificate. first i set the the Certificate's Trust to 'Use System Defaults' codesign will fine pass, and i verifying it with 'spctl -a -vvvv' and it's also fine, but when i download the app from my local test webserver and the os's gatekeeper promote the error 'the identity of the developer cannot be confirmed'

later i set the Certificate's Trust of Item 'Code Signing' to 'Always Trust' and it's will in cli with ' nested code is modified or invalid'.

anyone can help me, thks.

Description in package.json yet to be updated

Major bump next release after v0.3.1 or not

As Promise is now introduced, with all APIs and commands hopefully remaining the same, need to think if the numbering continues to v0.3.1 or v0.4.

no application identifier provided error on boot up

I'm stumped. I package the app with electron-packager, sign with electron-osx-sign. There are no errors, debug is enabled and I can see everything is being signed properly, and all the verifications pass - in fact I can even upload it to iTunes Connect. The thing is, actually loading the app provides the following errors which appear to me to look like the entitlements haven't been applied:

2016-06-08 11:20:59.446 AM taskgated[112]: no application identifier provided, can't use provisioning profiles [pid=73634]

2016-06-08 11:21:04.370 AM sandboxd[122]: ([73634]) MyApp(73634) deny file-read-data /

2016-06-08 11:21:05.139 AM MyApp Helper[73635]: <<<< VTVideoEncoderSelection >>>> VTSelectAndCreateVideoEncoderInstanceInternal: no video encoder found for 'avc1'

(a few more video encoder type errors, which really make no sense)

2016-06-08 11:21:05.368 AM sandboxd[122]: ([73634]) MyApp(73634) deny mach-lookup com.apple.networkd

The entitlements are all there, including the com.apple.security.application-groups.

I've tried reinstalling everything, rerunning electron-rebuild, and I can't get anywhere with this. The one odd thing is is I've noticed a few odd unicode characters preceding the entitlements string dump when debug=electron-osx-sign is set.

The oddest thing - the app was working fine, but I couldn't upload it to iTunes as it was failing the codesign checks in the application loader. Now it passes those codesign checks, but I can't actually run the packaged app on my test system (with the darwin build, rather than the MAS build).

TypeError: undefined is not a function

Every time I try and sign my packaged app, I get this error. Does anyone know how I can fix it??
I'm using all of the latest updates and standard build settings and get this whether I try it with electron-packager or by itself with electron-sox-sign from CLI.

Error message:

/usr/local/lib/node_modules/electron-packager/node_modules/electron-osx-sign/index.js:111
if (path.extname(filePath).includes(' ')) {
^
TypeError: undefined is not a function
at /usr/local/lib/node_modules/electron-packager/node_modules/electron-osx-sign/index.js:111:40
at Array.forEach (native)
at walkSync (/usr/local/lib/node_modules/electron-packager/node_modules/electron-osx-sign/index.js:88:29)
at /usr/local/lib/node_modules/electron-packager/node_modules/electron-osx-sign/index.js:122:9
at Array.forEach (native)
at walkSync (/usr/local/lib/node_modules/electron-packager/node_modules/electron-osx-sign/index.js:88:29)
at /usr/local/lib/node_modules/electron-packager/node_modules/electron-osx-sign/index.js:122:9
at Array.forEach (native)
at walkSync (/usr/local/lib/node_modules/electron-packager/node_modules/electron-osx-sign/index.js:88:29)
at /usr/local/lib/node_modules/electron-packager/node_modules/electron-osx-sign/index.js:122:9
at Array.forEach (native)
at walkSync (/usr/local/lib/node_modules/electron-packager/node_modules/electron-osx-sign/index.js:88:29)
at /usr/local/lib/node_modules/electron-packager/node_modules/electron-osx-sign/index.js:122:9
at Array.forEach (native)
at walkSync (/usr/local/lib/node_modules/electron-packager/node_modules/electron-osx-sign/index.js:88:29)
at /usr/local/lib/node_modules/electron-packager/node_modules/electron-osx-sign/index.js:122:9
MacBook-Pro-3:buildthis3 Scott Barrington$

.o files being present in node_modules cause Application Loader to reject .pkg file

If there are any .o files generated from native modules in node_modules during packaging, they will be present in the .app. This will cause Application Loader to reject the package with this error:

ERROR ITMS-90135: "The executable could not be re-signed for submission to the App Store. The app may have been built or signed with non-compliant or pre-release tools."

The easy fix is to clear out the .o files from node_modules before packaging. Not sure if this should be fixed in electron-osx-sign or electron-packager, but the issue doesn't manifest until .pkg and Application Loader get involved.

Building mas package file needs a different signing identity

Need to be able to pass two `identity'

3rd Party Mac Developer Application: Company (XXX) for signing the '.app'
'3rd Party Mac Developer Installer: Company (XXX) for signing the '.pkg'

I cannot just let electron find the identity as there are multiple identities installed on my computer/ci machine.

whitescreen after signing the app

Hi, I am using the very last version of electron and electron-osx-sign. Everything works like expected when not signing the app with electron-osx-sign, but when signing I have a whitescreen (with loading cursor). How to debug?

Helper IDs

This is fantastic. I've used this app to sign my application and I've nearly gotten through every issue to submit to the MAS with just two remaining.

The Frameworks have three Helper apps Helper, Helper.EH and Helper.NP. Using your pull request to electron-packager I've created the package file and it correctly changes the bundle id for the helper, however the EH and NP bundle ids still have the original github.electron id. I went in and manually changed those IDs to com.mydomain.myapp.helper.EH and com.mydomain.myapp.helper.NP. The application loader is now down to just two errors. Basically it's the same error for each of those files:

"Bad CFBundleExecutable. Cannot find executable file that matches the value of CFBundleExecutable in the nested bundle Electron Helper EH [com.mydomain.myapp.pkg/Payload/MyApp.app/Contents/Frameworks/MyApp Helper EH.app] property list file"

I'm not sure if I've named these improperly in the plist files? Or do I need to add those bundle IDS on iTunes Connect? I'm kinda stumped at this point.

Thanks for any help on this!

Packaging macOS applications with a self-signed certificate fails

Using [email protected] which I assume is something like a recent master of this repo (see #82).

Using a self-signed certificate passes codesign --verify but does not pass spctl --assess aka Gatekeeper.

Error: Failed to pass Gatekeeper: : Error: Command failed: spctl --assess --type execute --verbose --ignore-cache --no-cache dist/mac/MyApp.app
dist/mac/MyApp.app: rejected
    at node_modules/electron-osx-sign-tf/index.js:215:12
    at node_modules/electron-osx-sign-tf/index.js:302:64

In my understanding spctl failing is expected and can not be circumented with self-signed certificates and is the equivalent of seeing "This application is from an unidentified developer" when trying to execute the given application.

However I think letting self-signed applications through is still a valid use case, because:

Automatic updates require signed applications (self-signed are fine).
Self-signed applications will still be verified for integrity an not execute when currupted.

Maybe have an option to opt-out from the spctl check?

Default temporary exception for app sandbox? (com.apple.security.temporary-exception.sbpl)

Refer to electron/electron#3871 (comment)

Add full support testing on Travis CI

See electron/packager#332

Feature request - create and sign package file

In my build script, after signing the .app I create a .pkg file and sign that. Because Application Loader requires the app to be packaged up for submission. You must have this file in order to submit the app to the app store.

Even though it is more than technically signing - it seems like it would be appropriate to include in electron-osx-sign because it is the final step for MAS preparation (and there is more signing involved).

Here is the code in my script that does this:

APP_PATH="MyApp.app"
RESULT_PATH="MyApp.pkg"
APP_KEY="3rd Party Mac Developer Application: Company, Inc (C123K93QGT)"
INSTALLER_KEY="3rd Party Mac Developer Installer: Company, Inc (C123K93QGT)"

# build the pkg installer file which application loader expects
productbuild --component "$APP_PATH" /Applications --sign "$INSTALLER_KEY" "$RESULT_PATH"

# sign the package file (seems redundant, but otherwise binary is rejected by itunesconnect)
codesign -fs "$APP_KEY" "$RESULT_PATH"

Set DEBUG environment variable to automatically set verbose mode

In a few packages that are dependencies of electron-packager, you can set the DEBUG environment variable to a comma-separated list of module names that (if they have support for it) will print debug information as they're run. (A known list is in electron-packager's CONTRIBUTING document.)

Since this package has opts.verbose, it would be nice if DEBUG was found to contain electron-osx-sign, then verbose mode was automatically enabled.

Minimum Node version

@sethlu As of 2d08347#diff-168726dbe96b3ce427e7fedce31bb0bcR92, the minimum Node version needed to use this module has increased to 4.0. Was this intentional? If so, electron-packager is going to need to decide whether to remove support for Node 0.12 in either 6.0.0 or 7.0.0.

Add detection for CSSMERR_TP_CERT_EXPIRED, CSSMERR_TP_NOT_TRUSTED

This may currently be resolved with http://stackoverflow.com/questions/35390072/this-certificate-has-an-invalid-issuer-apple-push-services for a new AppleWWDRCA.cer to be expired in 2023.

Enhance testing script for more coverage

As addressed from #17, there may be ways for testing both compatibility and various minor functionalities that are infrequently called for execution.

Mac Os (MAS) sandbox build freezes after being code-signed - The <app> Helper.app

OS: 10.11.6

electron-builder: 7.11.4
npm: 3.10.9
electron: 1.4.2

Mac App store

As soon as the mac app-store built is signed, when the app is launched, it freezes, particularly, the BrowserWindow.

After doing a lot of digging, I've narrowed the issue to the Helper.app being signed. As soon as that's signed - problem.

Please help. I spent many hours yesterday of banging my head against the wall until 3 am until I gave up. Maybe something is wrong with my entitlements?

I made a very basic "hello world" app to do the testing.

Here is my child.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.network.client</key>
    <true/>
    <key>com.apple.security.application-groups</key>
    <string>U3AQW9824Q.com.projector.screenmeet.testbuild</string>
  </dict>
</plist>

parent.plist:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.network.client</key>
    <true/>
    <key>com.apple.security.application-groups</key>
    <string>U3AQW9824Q.com.projector.screenmeet.testbuild</string>
  </dict>
</plist>

build section from my package.json:

  "build": {
    "appId": "com.projector.screenmeet.testbuild",
    "asar" : false,
    "mac": {
      "target" : "mas",
      "category": "public.app-category.productivity",
      "identity" : "U3AQW9824Q"
    },
    "mas" : {
      "identity" : "U3AQW9824Q",
      "entitlements": "child.plist",
      "category": "public.app-category.productivity",
      "entitlementsInherit" : "parent.plist"

    }
  },

And finally, the build output:


Skip app dependencies rebuild because dev and app dependencies are not separated
Packaging for platform mas x64 using electron 1.4.3 to dist/mas

Warning: Application icon is not set, default Electron icon will be used
Signing app (identity: 3rd Party Mac Developer Application: Projector LLC (U3AQW9824Q))

  electron-osx-sign Pre-sign operation enabled for entitlements automation with versions >= `1.1.1`; disable by setting `pre-auto-entitlements` to `false`. +0ms
  electron-osx-sign Automating entitlement app group... +1ms
  electron-osx-sign:warn `ElectronTeamID` not found in `Info.plist`, use parsed from signing identity: U3AQW9824Q +4ms
  electron-osx-sign `com.apple.security.application-groups` found in entitlements file: U3AQW9824Q.com.projector.screenmeet.testbuild +3ms
  electron-osx-sign Signing application... +1ms
  electron-osx-sign > application         /Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app +0ms
  electron-osx-sign > platform            mas +0ms
  electron-osx-sign > entitlements        child.plist +0ms
  electron-osx-sign > child-entitlements  parent.plist +0ms
  electron-osx-sign > additional-binaries undefined +0ms
  electron-osx-sign > identity            3rd Party Mac Developer Application: Projector LLC (U3AQW9824Q) +0ms
  electron-osx-sign Signing... /Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/AwesomeTestApp Helper EH.app/Contents/MacOS/AwesomeTestApp Helper EH +36ms
  electron-osx-sign Signing... /Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/AwesomeTestApp Helper EH.app +213ms
  electron-osx-sign Signing... /Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/AwesomeTestApp Helper NP.app/Contents/MacOS/AwesomeTestApp Helper NP +216ms
  electron-osx-sign Signing... /Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/AwesomeTestApp Helper NP.app +214ms
  electron-osx-sign Signing... /Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/AwesomeTestApp Helper.app/Contents/MacOS/AwesomeTestApp Helper +214ms
  electron-osx-sign Signing... /Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/AwesomeTestApp Helper.app +210ms
  electron-osx-sign Signing... /Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework +215ms
  electron-osx-sign Signing... /Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libffmpeg.dylib +1s
  electron-osx-sign Signing... /Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libnode.dylib +260ms
  electron-osx-sign Signing... /Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/Electron Framework.framework +501ms
  electron-osx-sign Signing... /Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/MacOS/AwesomeTestApp +4s
  electron-osx-sign Signing... /Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app +235ms
  electron-osx-sign Verifying... +235ms
  electron-osx-sign Verifying application bundle with codesign... +0ms
  electron-osx-sign Result:
--prepared:/Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/AwesomeTestApp Helper.app
--validated:/Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/AwesomeTestApp Helper.app
--prepared:/Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/AwesomeTestApp Helper NP.app--prepared:/Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/AwesomeTestApp Helper EH.app

--validated:/Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/AwesomeTestApp Helper NP.app
--validated:/Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/AwesomeTestApp Helper EH.app
--prepared:/Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/Electron Framework.framework/Versions/Current/.
--validated:/Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/Electron Framework.framework/Versions/Current/.
/Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app: valid on disk
/Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app: satisfies its Designated Requirement
 +609ms
  electron-osx-sign Verified. +0ms
  electron-osx-sign Displaying entitlements... +0ms
  electron-osx-sign Entitlements (prefixed with blob header):
��qq�<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.network.client</key>
    <true/>
    <key>com.apple.security.application-groups</key>
    <string>U3AQW9824Q.com.projector.screenmeet.testbuild</string>
  </dict>
</plist> +17ms
  electron-osx-sign Application signed. +0ms
Signing app (identity: 3rd Party Mac Developer Application: Projector LLC (U3AQW9824Q))

  electron-osx-sign Pre-sign operation enabled for entitlements automation with versions >= `1.1.1`; disable by setting `pre-auto-entitlements` to `false`. +432ms
  electron-osx-sign Automating entitlement app group... +0ms
  electron-osx-sign `ElectronTeamID` found in `Info.plist`: U3AQW9824Q +2ms
  electron-osx-sign `com.apple.security.application-groups` found in entitlements file: U3AQW9824Q.com.projector.screenmeet.testbuild +0ms
  electron-osx-sign Signing application... +0ms
  electron-osx-sign > application         /Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app +0ms
  electron-osx-sign > platform            mas +0ms
  electron-osx-sign > entitlements        child.plist +0ms
  electron-osx-sign > child-entitlements  parent.plist +0ms
  electron-osx-sign > additional-binaries undefined +0ms
  electron-osx-sign > identity            3rd Party Mac Developer Application: Projector LLC (U3AQW9824Q) +0ms
  electron-osx-sign Signing... /Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/AwesomeTestApp Helper EH.app/Contents/MacOS/AwesomeTestApp Helper EH +41ms
  electron-osx-sign Signing... /Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/AwesomeTestApp Helper EH.app +216ms
  electron-osx-sign Signing... /Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/AwesomeTestApp Helper NP.app/Contents/MacOS/AwesomeTestApp Helper NP +214ms
  electron-osx-sign Signing... /Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/AwesomeTestApp Helper NP.app +215ms
  electron-osx-sign Signing... /Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/AwesomeTestApp Helper.app/Contents/MacOS/AwesomeTestApp Helper +214ms
  electron-osx-sign Signing... /Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/AwesomeTestApp Helper.app +213ms
  electron-osx-sign Signing... /Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework +215ms
  electron-osx-sign Signing... /Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libffmpeg.dylib +1s
  electron-osx-sign Signing... /Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libnode.dylib +251ms
  electron-osx-sign Signing... /Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/Electron Framework.framework +460ms
node_modules
  electron-osx-sign Signing... /Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/MacOS/AwesomeTestApp +1s
  electron-osx-sign Signing... /Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app +233ms
  electron-osx-sign Verifying... +235ms
  electron-osx-sign Verifying application bundle with codesign... +0ms
  electron-osx-sign Result:
--prepared:/Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/AwesomeTestApp Helper NP.app
--validated:/Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/AwesomeTestApp Helper NP.app
--prepared:/Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/AwesomeTestApp Helper EH.app
--prepared:/Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/AwesomeTestApp Helper.app
--validated:/Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/AwesomeTestApp Helper EH.app
--validated:/Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/AwesomeTestApp Helper.app
--prepared:/Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/Electron Framework.framework/Versions/Current/.
--validated:/Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app/Contents/Frameworks/Electron Framework.framework/Versions/Current/.
/Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app: valid on disk
/Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app: satisfies its Designated Requirement
 +608ms
  electron-osx-sign Verified. +1ms
  electron-osx-sign Displaying entitlements... +0ms
  electron-osx-sign Entitlements (prefixed with blob header):
��qq�<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.network.client</key>
    <true/>
    <key>com.apple.security.application-groups</key>
    <string>U3AQW9824Q.com.projector.screenmeet.testbuild</string>
  </dict>
</plist> +17ms
  electron-osx-sign Application signed. +0ms
  electron-osx-sign:warn No `install` passed in arguments, will fallback to default `/Applications`. +2ms
  electron-osx-sign Flattening application... +431ms
  electron-osx-sign > application    /Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app +0ms
  electron-osx-sign > package-output /Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp-1.0.3.pkg +0ms
  electron-osx-sign > install-path   /Applications +1ms
node_modules
  electron-osx-sign > identity       3rd Party Mac Developer Installer: Projector LLC (U3AQW9824Q) +0ms
  electron-osx-sign Flattening... /Users/eugene/WebstormProjects/testbuild/dist/mas/AwesomeTestApp.app +0ms
  electron-osx-sign Application flattened. +7s
MacBook-Pro:testbuild eugene$ ./dist/mas/AwesomeTestApp.app/Contents/Resources/
am.lproj/     bg.lproj/     cs.lproj/     el.lproj/     es.lproj/     fa.lproj/     fr.lproj/     hi.lproj/     id.lproj/     kn.lproj/     lv.lproj/     ms.lproj/     pl.lproj/     ro.lproj/     sl.lproj/     sw.lproj/     th.lproj/     vi.lproj/
app/          bn.lproj/     da.lproj/     en.lproj/     es_419.lproj/ fi.lproj/     gu.lproj/     hr.lproj/     it.lproj/     ko.lproj/     ml.lproj/     nb.lproj/     pt_BR.lproj/  ru.lproj/     sr.lproj/     ta.lproj/     tr.lproj/     zh_CN.lproj/
ar.lproj/     ca.lproj/     de.lproj/     en_GB.lproj/  et.lproj/     fil.lproj/    he.lproj/     hu.lproj/     ja.lproj/     lt.lproj/     mr.lproj/     nl.lproj/     pt_PT.lproj/  sk.lproj/     sv.lproj/     te.lproj/     uk.lproj/     zh_TW.lproj/

Feature request - additional binary files to sign

For one of my apps, there are additional binary files that the app uses (makes shell calls). These have to be signed in order for the app to be accepted to the MAS. I'm not able to fully use electron-osx-sign for this app because of these binaries. It would be great if there was a parameter to specify additional files that will be signed. Perhaps a comma-delimited list of files?

--additional-binaries=Resources/app/binary1,Resources/app/binary1

Warn .o files in node_modules

Regarding #58

Warn about team identifier when code signing without provisioning profile and with individual development certificate

Addresses partly #88

default.darwin.entitlements is not used but mentioned in the docs

default.darwin.entitlements is not used, but mentioned in the docs.

It is an error? Or docs should be updated and file default.darwin.entitlements removed?

Why is this project published under two different names to npm?

https://www.npmjs.com/package/electron-osx-sign
and
https://www.npmjs.com/package/electron-osx-sign-tf
both point to this repo.

The latter using version 1.0.0 which does not exist as a tag or release here.

Postinstall scripts not working

I'm trying to include a postinstall script in my pkg but it doesn't seem to work.

electron-osx-flat MyApp.app --identity="3rd Party Mac Developer Installer: BLAHBLAH LTD (******)" --scripts="./scripts/" --install="/Applications"

./scripts/postinstall

mkdir ~/test

I run the install and the ~/test folder is not there. Hoping this is a pebkac; what am I doing wrong?

Invalid Signature and signed app isn't running correctly

Sorry in advance if I overlooked something obvious. I've tried to make this work for some hours now, and I'm out of ideas.

I developed a Mac app using electron and everything works as expected after packaging with electron-packager. Now I want to submit the app to the mac app store.

After packaging I'm signing the app using electron-osx-sign --identity="xyz" name.app and then I'm flattening it with electron-osx-flat --identity="xyz" name.app (it doesn't work without me specifying the identity, although this is the first app that I'm signing) and submit the created .pkg file to Application Loader.

The first problem is that the signed .app file doesn't work correctly anymore. If I try to execute it, the app starts with a window it usually doesn't have and doesn't respond at all:

I'm not sure if I'm still supposed to be able to execute apps that were signed for the MAS, so maybe this is just expected behaviour? Otherwise this may hint to something going wrong when signing.

The second problem: Application Loader accepts the .pkg file without any errors and uploads it to iTunes, but afterwards I get an email stating this error:

Invalid Signature - This error occurs when you have signed your app's installer incorrectly. There are two certs required for this process: the "3rd Party Mac Developer Application" cert and the "3rd Party Mac Developer Installer" cert. When signing your package, you need to ensure that you are using the Installer cert to sign your package. Ensure that you are specifying this cert when submitting your app via the Xcode Organizer or when running productbuild from the command line.

I do have those two certs and when signing/flattening several certs were requested, so I'm not sure what's going wrong. I'm not calling productbuild myself, electron-osx-flat is doing that right?

Do you guys have any idea what I might do wrong?

(The xyz in --identity="xyz" from above is the string in the parentheses of "3rd Party Mac Developer Installer: myname (xyz)".)

Could not get code signature for running application

electron-osx-sign works fine when I package my app. It throws the error Could not get code signature for running application when I try running the app from terminal using npm start

Symlink in Electron before v0.29 failed to pass Gatekeeper

Inconsistent test cases in README

Electron v0.36.8 compatibility: libffmpeg.dylib

In the change log of the most recent release of Electron v0.36.8 mentioned "Link with ffmpeg dynamically". Despite whether adding ffmpeg.dylib into mas builds will cause rejection from iTC, detection of ffmpeg.dylib will have to be added for code-signing.
@jasonhinkle did you request signing with additional binaries for adding ffmpeg.dylib earlier?

On signing with entitlements for distribution outside the Mac App Store?

Display child entitlements after code signing

Enhancement idea: add optional codesign validation after codesigning is complete

I think it'd be helpful to have an option that verifies the code signature as part of the process and fails if it fails. This would have helped me in a recent issue I ran into.

Running something like:

codesign --verify --deep --strict MyApp.app/

I recently ran into an issue where a bundled dependency was being mysteriously modified after signing (which invalidates the signature). It looked like everything was working because I could run the app on my machine without any security issues but when I downloaded it from the internet, it wouldn't run. I've now incorporated this command into my build process to surface this issue much sooner, but I think having this here (and by extension in electron-builder) would be an improvement. I might have time to work on a PR if you'd like, just thought I'd float the idea first. Thanks!

ITMS-90135 - app may have been built or signed with non-compliant or pre-release tools

Signing the app with electron-osx-sign. Debug enabled, there are no errors, everything appears fine. When trying to load the app through Application Loader, however, I get this worse than useless error message:

ERROR ITMS-90135: "The executable could not be re-signed for submission to the App Store. The app may have been built or signed with non-compliant or pre-release tools."

My app contains a native module - node-spellcheck, and so I sign the binaries for that (hunspell.a and spellcheck.node) as well (I've tried without that, and it still gives me the same error).

I'm at a complete loss.