Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]: MacOS signing and notarization instructions don't work #3217

Open
6 tasks done
ryanhugh opened this issue Nov 20, 2024 · 5 comments
Open
6 tasks done

[Bug]: MacOS signing and notarization instructions don't work #3217

ryanhugh opened this issue Nov 20, 2024 · 5 comments

Comments

@ryanhugh
Copy link

Checks before filing an issue

Mattermost Desktop Version

release-5.9

Operating System

MacOS M2 15.1.1 (24B91)

Mattermost Server Version

No response

Steps to reproduce

We are running into an issue notarizing and signing the MacOS application.

npm run package:mac does not work. It throw an error. We are unable to launch the binary that is produced.

image

Full details here: https://rose-piranha-ec2.notion.site/Bounty-Electron-MacOS-Signing-Issue-1435eaeefd2180da87acebd500bdd884?pvs=74

Happy to pay if you help solve this for us thanks.

Expected behavior

I expect npm run package:mac to be able to compile, notarize and sign the MacOS application such that we can share the build app and run it on other Mac computers with no issues.

Observed behavior

npm run package:mac fails to build the Mac app. It produces a binary, but the binary refuses to launch. Mac OS says

image

Log Output

webpack 5.90.3 compiled with 10 warnings in 5970 ms
  • electron-builder  version=24.13.3 os=24.1.0
  • loaded configuration  file=/Users/ryanhughes/Desktop/code/mattermost-desktop/electron-builder.json
  • writing effective config  file=release/builder-effective-config.yaml
  • rebuilding native dependencies  [email protected], [email protected] platform=darwin arch=x64
  • packaging       platform=darwin arch=x64 electron=33.0.2 appOutDir=release/mac
  • signing         file=release/mac/Mattermost.app platform=darwin type=distribution identity=ED56A83F68CA0082422ADB37940C1057CA2E69E3 provisioningProfile=./mac.provisionProfile
Error: Failed to notarize via notarytool

{"status":"Invalid","message":"Processing complete","id":"b2d66f44-52bc-4286-b6b0-94f481f43dfe"}

    at /Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/@electron/notarize/src/notarytool.ts:95:13
    at Generator.next (<anonymous>)
    at fulfilled (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/@electron/notarize/lib/notarytool.js:28:58)
    at processTicksAndRejections (node:internal/process/task_queues:105:5)
From previous event:
    at processImmediate (node:internal/timers:491:21)
From previous event:
    at readDirectoryAndSign (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/macPackager.ts:479:28)
    at MacPackager.signApp (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/macPackager.ts:496:5)
    at MacPackager.doSignAfterPack (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/platformPackager.ts:336:21)
    at MacPackager.doPack (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/platformPackager.ts:321:7)
    at MacPackager.pack (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/macPackager.ts:198:9)
    at Packager.doBuild (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/packager.ts:445:9)
    at executeFinally (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/builder-util/src/promise.ts:12:14)
    at Packager._build (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/packager.ts:379:31)
    at Packager.build (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/packager.ts:340:12)
    at executeFinally (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/builder-util/src/promise.ts:12:14)
  ⨯ Failed to notarize via notarytool

{"status":"Invalid","message":"Processing complete","id":"b2d66f44-52bc-4286-b6b0-94f481f43dfe"}
  failedTask=build stackTrace=Error: Failed to notarize via notarytool
                                                                                                                                            {"status":"Invalid","message":"Processing complete","id":"b2d66f44-52bc-4286-b6b0-94f481f43dfe"}
                                                                                                                                                at /Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/@electron/notarize/src/notarytool.ts:95:13
    at Generator.next (<anonymous>)
    at fulfilled (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/@electron/notarize/lib/notarytool.js:28:58)
    at processTicksAndRejections (node:internal/process/task_queues:105:5)
From previous event:
    at processImmediate (node:internal/timers:491:21)
From previous event:
    at readDirectoryAndSign (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/macPackager.ts:479:28)
    at MacPackager.signApp (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/macPackager.ts:496:5)
    at MacPackager.doSignAfterPack (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/platformPackager.ts:336:21)
    at MacPackager.doPack (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/platformPackager.ts:321:7)
    at MacPackager.pack (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/macPackager.ts:198:9)
    at Packager.doBuild (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/packager.ts:445:9)
    at executeFinally (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/builder-util/src/promise.ts:12:14)
    at Packager._build (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/packager.ts:379:31)
    at Packager.build (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/packager.ts:340:12)
    at executeFinally (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/builder-util/src/promise.ts:12:14)




                    
{
  "logFormatVersion": 1,
  "jobId": "7a654253-c890-46d7-8f85-6d55d4478c61",
  "status": "Invalid",
  "statusSummary": "Archive contains critical validation errors",
  "statusCode": 4000,
  "archiveFilename": "Mattermost.zip",
  "uploadDate": "2024-11-19T22:46:37.875Z",
  "sha256": "14c4002d8187a59647e82ec24aaeeaaff142df55bbacca66b4efa755f4ca46a8",
  "ticketContents": null,
  "issues": [
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/MacOS/Mattermost",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Resources/app.asar.unpacked/node_modules/macos-notification-state/build/Release/focuscenter.node",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Resources/app.asar.unpacked/node_modules/macos-notification-state/build/Release/notificationstate.node",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Resources/app.asar.unpacked/node_modules/windows-focus-assist/build/Release/focusassist.node",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libEGL.dylib",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libvk_swiftshader.dylib",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libGLESv2.dylib",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libffmpeg.dylib",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Helpers/chrome_crashpad_handler",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/ReactiveObjC.framework/Versions/A/ReactiveObjC",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Mattermost Helper (Renderer).app/Contents/MacOS/Mattermost Helper (Renderer)",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Squirrel.framework/Versions/A/Squirrel",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Squirrel.framework/Versions/A/Resources/ShipIt",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Mattermost Helper (Plugin).app/Contents/MacOS/Mattermost Helper (Plugin)",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Mattermost Helper.app/Contents/MacOS/Mattermost Helper",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Mantle.framework/Versions/A/Mantle",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Mattermost Helper (GPU).app/Contents/MacOS/Mattermost Helper (GPU)",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    }
  ]
}

Additional Information

No response

@devinbinnie
Copy link
Member

May I first ask why you need to sign your own binary? Are there modifications to the app that you intend to distribute?

Looking at the error, The binary is not signed with a valid Developer ID certificate.. Do you have one of these issued by Apple for your organization?

@ryanhugh
Copy link
Author

We made some changes to the app yeah.

Looking at the error, The binary is not signed with a valid Developer ID certificate.. Do you have one of these issued by Apple for your organization?

We have a valid Apple Developer ID and made a new profile for this. Here's a screenshot showing the profile is valid. There's a lot of options in the Apple Developer portal though, so the issue may be with how the profile was made.

image

@vkiranmaniya
Copy link

Posting my findings here as well. I'm able to properly sign and output the build. However, as soon as i open it, I get The application “Mattermost” can’t be opened. for some reason. To make sure app is valid and properly signed, i did spctl, codesign check. here is the output

Screenshot 2024-11-26 at 12 44 31 AM

Additionally, i have updated the necessary plist files to support my signing profile and team id. I have validated entire electron-builder configuration and seems right to me. Any idea on the issue or worths giving a try with older version, different arch?

@ryanhugh
Copy link
Author

@devinbinnie any insight?

@devinbinnie
Copy link
Member

I'd recommend reading through these docs to make sure everything is set up correctly: https://www.electron.build/code-signing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants