Finish support for notarization #3926
Conversation
|
@develar Can you take a look at this? I don't really see why the appVeyor or travis builds would fail on this (failures seem unrelated too?) |
|
Looks like some dependency errors: https://ci.appveyor.com/project/stefanjudis/electron-builder/builds/24832175#L244 I would guess some updates are in order? |
|
I also just tried testing sections of this PR against travis and appveyor.. I have no idea why these errors are being thrown. Although they look like they are linked to fs-extra-p @develar |
|
Idk if this will be taken care of, but @Kilian I copied the "out" folder from app-builder-lib and dmg-builder in order to get this working for myself because its taking so long to get this merged. I noticed that there is a bug in app-builder-lib where it is saying gatekeeperAssess is not a valid configuration option (on your branch). For myself I hard coded it but this may be a problem here. |
|
@lane-c-wagner did you put gatekeeperAssess in the |
|
Thank you @develar for the commit. As I understand the situation, this commit effectively solves the notarization situation as far as electron-build is concerned. May I just check if you will be tagging this as a release, or might there be more needed before it's ready? Thanks again! :) |
|
20.43.0 released. |
|
After bumping the version and trying this out, I'm seeing when trying to open the App. The actual disk image mounts fine.
gives me And gives Has anyone seen this? |
|
Did you get the entitlements right? I saw this before I fixed my
entitlements
…On Tue, Jun 4, 2019, 6:07 PM Raymond Jacobson ***@***.***> wrote:
After bumping the version and trying this out, I'm seeing
Exception Type: EXC_BAD_ACCESS (Code Signature Invalid)
when trying to open the App. The actual disk image mounts fine.
codesign --verify -vvvv /Volumes/App/App.app
gives me
--prepared:/Volumes/App/App.app/Contents/Frameworks/App Helper.app
--validated:/Volumes/App/App.app/Contents/Frameworks/App Helper.app
--prepared:/Volumes/App/App.app/Contents/Frameworks/Electron Framework.framework/Versions/Current/.
--validated:/Volumes/App/App.app/Contents/Frameworks/Electron Framework.framework/Versions/Current/.
--prepared:/Volumes/App/App.app/Contents/Frameworks/Mantle.framework/Versions/Current/.
--validated:/Volumes/App/App.app/Contents/Frameworks/Mantle.framework/Versions/Current/.
--prepared:/Volumes/App/App.app/Contents/Frameworks/ReactiveCocoa.framework/Versions/Current/.
--validated:/Volumes/App/App.app/Contents/Frameworks/ReactiveCocoa.framework/Versions/Current/.
--prepared:/Volumes/App/App.app/Contents/Frameworks/Squirrel.framework/Versions/Current/.
--validated:/Volumes/App/App.app/Contents/Frameworks/Squirrel.framework/Versions/Current/.
/Volumes/App/App.app: valid on disk
/Volumes/App/App.app: satisfies its Designated Requirement
And
spctl -a -v /Volumes/App/App.app
gives
/Volumes/App/App.app: accepted
source=Notarized Developer ID
Has anyone seen this?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#3926?email_source=notifications&email_token=AFHZKVIFXJKVL4IQ3OEQKF3PY37TFA5CNFSM4HPZ5GUKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODW6G3XI#issuecomment-498888157>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AFHZKVPST77OMILQKK3F5OTPY37TFANCNFSM4HPZ5GUA>
.
|
|
Looks that that was probably the issue :) Particularly this one, I think? thx Lane! |
|
@raymondjacobson We only have 1 single entitlement, com.apple.security.files.user-selected.read-write and getting this on our app. Is there anything else that would cause it? UPDATE: Added an obscene amount of entitlements and now I don't get the signing crash, but our app exits on launch. |
|
@itsthisjustin Sorry, just saw this message. FWIW, this is what I've done You may not need all of these. |
|
@raymondjacobson Thanks. I finally got it working. Notarization has unfortunately caused a new issue that I'm wondering if you or @Kilian have come across. Node-notifier has this weird issue where it comes default with the terminal icon and you have to manually copy your app's icon over top it in the node_modules folder. This has been working fine for us and the way we do it is by copying over a new info.plist and the icon so it shows as fresh and then unasar-ing it in the build command. So, now with notarization, Apple gives us back this error:
Any tips on how to have my cake and eat it too? |
As per #3870, this PR adds two new options:
*
gatekeeperAssessin macOptions (defaults to true) Allows people to disable the gatekeeper assessment while osx-sign fails on that (see electron/osx-sign#196)*
signin dmgOptions (defaults to false) signing the dmg does not appear to be needed and actually prevents people from opening the dmg in 10.14.5, see #3870.Together with the afterSign hook where people can call
electron-notarize, these options letelectron-builderuser successfully create a notarized application in a DMG that does not show warning messages.