-
-
Notifications
You must be signed in to change notification settings - Fork 487
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mac Code Signing Error #3252
Comments
I am facing the same issue. Have you found the culprit? Thank you in advance |
Same issue. Any news on this? |
This comment was marked as outdated.
This comment was marked as outdated.
@tommcgurl Glad to hear you got something working but I've hidden your comment to avoid others copying as your solution has a few flaws:
|
Facing same issue. . . Any updates here. . . |
Have same issue, anyone have any ideas how solve this? |
Same issue 😭 |
Same issue :( |
The problem was in the certificates, at least in my case, besides, I migrated to electron-builder |
@altdja , what issue was with your certificate? |
This comment was marked as outdated.
This comment was marked as outdated.
Hi All, I got it working by downgrading electron to the older version of electron i.e. to 20.1.0 from 23.1.2. Other dependencies I downgraded : Now :
Earlier :
I'm using Developer ID Application certificate as I intend to release the app outside Mac App store. Hope this helps. |
Same issue, could it be related to the macos 14.0 Beta (23A5301h) ? UPDATE: I tried with electron-builder and I have the same error :/ • signing file=dist/mac-arm64/... provisioningProfile=none |
@Gr8Warrior do you happen to know if all these downgrades were necessary? If this is an Electron or Forge bug somewhere, it would be nice to know where it occurred so that we can address it. |
it seems that he notarize succeed but cannot stample the app here is the log in debug: electron-osx-sign Signing... /Users/project/truc/electron/dist/mac-arm64/truc.app/Contents/Resources/app.asar +1ms
electron-osx-sign Executing... codesign --sign 5371AA5AE02D0872230B4B7245384B366ABCB8CC --force --timestamp --options runtime --entitlements entitlements.mac.plist /Users/project/truc/electron/dist/mac-arm64/truc.app/Contents/Resources/app.asar +0ms
• selecting signing options file=dist/mac-arm64/truc.app/Contents/Resources/icon.icns entitlements=entitlements.mac.plist hardenedRuntime=true timestamp=undefined requirements=undefined
electron-osx-sign Pre-sign operation enabled for entitlements automation with versions >= `1.1.1`:
* Disable by setting `pre-auto-entitlements` to `false`. +242ms
electron-osx-sign Automating entitlement app group...
> Info.plist: /Users/project/truc/electron/dist/mac-arm64/truc.app/Contents/Info.plist
+0ms
electron-osx-sign Signing... /Users/project/truc/electron/dist/mac-arm64/truc.app/Contents/Resources/icon.icns +1ms
electron-osx-sign Executing... codesign --sign 5371AA5AE02D0872230B4B7245384B366ABCB8CC --force --timestamp --options runtime --entitlements entitlements.mac.plist /Users/project/truc/electron/dist/mac-arm64/truc.app/Contents/Resources/icon.icns +0ms
• selecting signing options file=dist/mac-arm64/truc.app entitlements=entitlements.mac.plist hardenedRuntime=true timestamp=undefined requirements=undefined
electron-osx-sign Pre-sign operation enabled for entitlements automation with versions >= `1.1.1`:
* Disable by setting `pre-auto-entitlements` to `false`. +253ms
electron-osx-sign Automating entitlement app group...
> Info.plist: /Users/project/truc/electron/dist/mac-arm64/truc.app/Contents/Info.plist
+0ms
electron-osx-sign Signing... /Users/project/truc/electron/dist/mac-arm64/truc.app +1ms
electron-osx-sign Executing... codesign --sign 5371AA5AE02D0872230B4B7245384B366ABCB8CC --force --timestamp --options runtime --entitlements entitlements.mac.plist /Users/project/truc/electron/dist/mac-arm64/truc.app +0ms
electron-osx-sign Verifying... +241ms
electron-osx-sign Verifying application bundle with codesign... +0ms
electron-osx-sign Executing... codesign --verify --deep --strict --verbose=2 /Users/project/truc/electron/dist/mac-arm64/truc.app +0ms
electron-osx-sign Verified. +175ms
electron-osx-sign Displaying entitlements... +0ms
electron-osx-sign Executing... codesign --display --entitlements :- /Users/project/truc/electron/dist/mac-arm64/truc.app +0ms
electron-osx-sign Entitlements:
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>com.apple.security.cs.allow-dyld-environment-variables</key><true/><key>com.apple.security.cs.allow-jit</key><true/><key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/><key>com.apple.security.cs.disable-library-validation</key><true/></dict></plist>
+25ms
electron-osx-sign Application signed. +0ms
electron-notarize notarizing using the new notarytool system +0ms
electron-notarize:spawn spawning cmd: xcrun args: [ '--find', 'notarytool' ] opts: {} +0ms
electron-notarize:spawn cmd xcrun terminated with code: 0 +13ms
electron-notarize:notarytool starting notarize process for app: /Users/project/truc/electron/dist/mac-arm64/truc.app +0ms
electron-notarize:helpers doing work inside temp dir: /var/folders/cg/91478cc93rj_hwz368y8pwzh0000gn/T/electron-notarize-xMbSKy +0ms
electron-notarize:notarytool zipping application to: /var/folders/cg/91478cc93rj_hwz368y8pwzh0000gn/T/electron-notarize-xMbSKy/truc.zip +0ms
electron-notarize:spawn spawning cmd: ditto args: [
'-c',
'-k',
'--sequesterRsrc',
'--keepParent',
'truc.app',
'/var/folders/cg/91478cc93rj_hwz368y8pwzh0000gn/T/electron-notarize-xMbSKy/truc.zip'
] opts: { cwd: '/Users/project/truc/electron/dist/mac-arm64' } +1ms
electron-notarize:spawn cmd ditto terminated with code: 0 +7s
electron-notarize:notarytool zip succeeded, attempting to upload to Apple +7s
electron-notarize:spawn spawning cmd: xcrun args: [
'notarytool',
'submit',
'/var/folders/cg/91478cc93rj_hwz368y8pwzh0000gn/T/electron-notarize-xMbSKy/truc.zip',
'--apple-id',
'*********',
'--password',
'*********',
'--team-id',
'*********',
'--wait',
'--output-format',
'json'
] opts: {} +1ms
electron-notarize:spawn cmd xcrun terminated with code: 0 +3m
electron-notarize:notarytool notarization success +3m
electron-notarize:helpers work succeeded +3m
electron-notarize:staple attempting to staple app: /Users/project/truc/electron/dist/mac-arm64/truc.app +0ms
electron-notarize:spawn spawning cmd: xcrun args: [ 'stapler', 'staple', '-v', 'truc.app' ] opts: { cwd: '/Users/project/truc/electron/dist/mac-arm64' } +6ms
electron-notarize:spawn cmd xcrun terminated with code: 65 +624ms
⨯ Failed to staple your application with code: 65
Processing: /Users/project/truc/electron/dist/mac-arm64/truc.app
Properties are {
NSURLIsDirectoryKey = 1;
NSURLIsPackageKey = 1;
NSURLIsSymbolicLinkKey = 0;
NSURLLocalizedTypeDescriptionKey = Application;
NSURLTypeIdentifierKey = "com.apple.application-bundle";
"_NSURLIsApplicationKey" = 1;
}
Props are {
cdhash = {length = 20, bytes = 0xf7a1383567754456543e7738db957f56a07e853a};
digestAlgorithm = 2;
flags = 65536;
secureTimestamp = "2023-08-07 08:57:55 +0000";
signingId = "com.sakod.truc";
teamId = 6CVA2LKQMN;
}
JSON Data is {
records = (
{
recordName = "2/2/f7a1383567754456543e7738db957f56a07e853a";
}
);
}
Headers: {
"Content-Type" = "application/json";
}
Domain is api.apple-cloudkit.com
Response is <NSHTTPURLResponse: 0x600002cec900> { URL: https://api.apple-cloudkit.com/database/1/com.apple.gk.ticket-delivery/production/public/records/lookup } { Status Code: 200, Headers {
Connection = (
"keep-alive"
);
"Content-Encoding" = (
gzip
);
"Content-Type" = (
"application/json; charset=UTF-8"
);
Date = (
"Mon, 07 Aug 2023 09:01:09 GMT"
);
Server = (
"AppleHttpServer/3faf4ee9434b"
);
"Strict-Transport-Security" = (
"max-age=31536000; includeSubDomains;"
);
"Transfer-Encoding" = (
Identity
);
Via = (
"xrail:st53p00ic-qujn15053002.me.com:8301:23R232:grp60,631194250daa17e24277dea86cf30319:cdfc2f8b1231264a0e4c61d:gbslo5"
);
"X-Apple-CloudKit-Version" = (
"1.0"
);
"X-Apple-Edge-Response-Time" = (
90
);
"X-Apple-Request-UUID" = (
"17d76d03-650c-4a0c-b2e4-972ec71dcd7a"
);
"X-Responding-Instance" = (
"ckdatabasews:16310001:st52p63ic-qujn06060501:8201:2321B347:fea20f34123450097a7d19a072b4e85219df4c28"
);
"access-control-expose-headers" = (
"X-Apple-Request-UUID,X-Responding-Instance,Via"
);
"x-apple-user-partition" = (
63
);
} }
Size of data is 165
JSON Response is: {
records = (
{
reason = "Record not found";
recordName = "2/2/f7a1383567754456543e7738db957f56a07e853a";
serverErrorCode = "NOT_FOUND";
}
);
}
CloudKit query for truc.app (2/f7a1383567754456543e7738db957f56a07e853a) failed due to "Record not found".
Could not find base64 encoded ticket in response for 2/f7a1383567754456543e7738db957f56a07e853a
The staple and validate action failed! Error 65.
failedTask=build stackTrace=Error: Failed to staple your application with code: 65
|
@erickzhao Retried again with the same dependencies(6.05 and electron v23.1.2). Worked well today. Nothing got changed apart from the dependencies mentioned earlier. |
Ok, I found the problem for my case. I signed the app with an Apple Development certificate. The signing succeed. The notarytool returned this :
and electron forge took this as a success:
and then it tries to staple the app instead of returning the notarytool error. so the staple failed because the notarized failed. |
@raghavnaphade @Gr8Warrior perhaps you could get the history like this:
and then take a failed one and look at the log like this:
it helped me to find why the stapler is not working |
I have the same error if I use "Apple Distribution" certificate. For "Developer ID" certificate it works even though bundle id is mishmashed. Which certificate should I use to build for publish my app via Mac-AppStore? |
"@electron-forge/maker-deb": "^6.4.0", I am facing the same error. May I ask how you resolved it? |
You need to use Developer ID (Reference)
|
Still broke after three months :-) |
To summarise thisIf you want to generate a signed .app you have to run this command
forge.config.js <- (With Apple Developer config)
But this RETURNS: An unhandled rejection has occurred inside Forge: CloudKit query for .app () failed due to "Record not found". And no-one knows how to fix this? @malept @MarshallOfSound |
@Smuger That error occurs when cloudkit rejects your app due to it not being signed in the first place. My guess is you don't have an apple developer cert installed locally in a way that osx-sign can find it. If you run with |
For electron-builder users, @mifi just released a patch that fix |
Hello future reader,
|
It seems like @mifi fix is to simply not notarize apps for AppStore. In my case, the notarization is not working, even though I am not building an AppStore app. The error is the same though. |
I was having this problem and it turned out that my certificate was just not properly exported and added to my keychain. So even though I thought I was doing the configuration correctly it was failing. This article helped: |
Also ended up here after Failed to staple your application with code: 65. My mistake was assuming that my "Apple Development Certificate: {my email} ({team id})" (generated via Xcode) was the same as a "Developer ID Application" certificate which are NOT the same thing, even though they sound similar per this comment: #3252 (comment) It also failed with an "Apple Distribution Certificate" same as a comment above. What worked for me:
That's it, it worked after that. Maybe it helps someone :) |
Is there a guide to code signing in ci/cd with electron forge or electron/osx-sign? Checking electron's Could we turn this script into gh action step or internalize into an electron package? |
Hey @jgresham This is what worked for me in github actions:
And getting the vars from the env to forge config:
Has some issues passing the keychain variable via env so hardcoded it for github runners, should work if you handle better it versus the github actions import certs, there are also a few examples without htat particular action to import the certs to keychain |
Awesome, thank you! That helped a lot! For anyone coming from
|
My application was an electron-frodge application.
One more thing, I created zip, .app and dmg file for my application and I shared all files to other but only dmg file the other was able to run. Also when you try to create an .app by make or package command in electron-fordge it will ask you login password again And once you have application ready you can share with anyone by |
Pre-flight checklist
Electron Forge version
6.1.1
Electron version
24.4.1
Operating system
macOS
Last known working Electron Forge version
13.2.1
Expected behavior
Code Signing for Mac:
After adding app-id, appspecific password, and team id, it should create a signed build.
Actual behavior
I am getting this error:
An unhandled rejection has occurred inside Forge:
Error: Failed to staple your application with code: 65
Processing: /private/tmp/electron-packager/darwin-arm64/intimepro-darwin-arm64-p5k58c/intimepro.app
Properties are {
NSURLIsDirectoryKey = 1;
NSURLIsPackageKey = 1;
NSURLIsSymbolicLinkKey = 0;
NSURLLocalizedTypeDescriptionKey = Application;
NSURLTypeIdentifierKey = "com.apple.application-bundle";
"_NSURLIsApplicationKey" = 1;
}
Props are {
cdhash = {length = 20, bytes = 0xc4db660d875423335d191425643914982776f7e0};
digestAlgorithm = 2;
flags = 131074;
signingId = Electron;
}
JSON Data is {
records = (
{
recordName = "2/2/c4db660d875423335d191425643914982776f7e0";
}
);
}
Headers: {
"Content-Type" = "application/json";
}
Domain is api.apple-cloudkit.com
Response is <NSHTTPURLResponse: 0x600002c43d80> { URL: https://api.apple-cloudkit.com/database/1/com.apple.gk.ticket-delivery/production/public/records/lookup } { Status Code: 200, Headers {
Connection = (
"keep-alive"
);
"Content-Encoding" = (
gzip
);
"Content-Type" = (
"application/json; charset=UTF-8"
);
Date = (
"Thu, 15 Jun 2023 09:37:15 GMT"
);
Server = (
"AppleHttpServer/3faf4ee9434b"
);
"Strict-Transport-Security" = (
"max-age=31536000; includeSubDomains;"
);
"Transfer-Encoding" = (
Identity
);
Via = (
"xrail:st53p00ic-qujn15041902.me.com:8301:23R116:grp60,631194250daa17e24277dea86cf30319:03c3e4c22aa07a6fe593e10b4f5236b8:hktko1"
);
"X-Apple-CloudKit-Version" = (
"1.0"
);
"X-Apple-Edge-Response-Time" = (
207
);
"X-Apple-Request-UUID" = (
"dfac8f04-2127-497d-b933-f59de3ffbd1f"
);
"X-Responding-Instance" = (
"ckdatabasews:16304301:st43p63ic-qugg12023901:8201:2317B350:a3d4ea8f7e29eaf3300101626982ea3c671f131b"
);
"access-control-expose-headers" = (
"X-Apple-Request-UUID,X-Responding-Instance,Via"
);
"x-apple-user-partition" = (
63
);
} }
Size of data is 165
JSON Response is: {
records = (
{
reason = "Record not found";
recordName = "2/2/c4db660d875423335d191425643914982776f7e0";
serverErrorCode = "NOT_FOUND";
}
);
}
CloudKit query for intimepro.app (2/c4db660d875423335d191425643914982776f7e0) failed due to "Record not found".
Could not find base64 encoded ticket in response for 2/c4db660d875423335d191425643914982776f7e0
The staple and validate action failed! Error 65.
at /Users/waitechnologies/Documents/Raghav/Wai Projects/MicoWML/mico_wml/node_modules/@electron/notarize/lib/staple.js:23:19
at Generator.next ()
at fulfilled (/Users/waitechnologies/Documents/Raghav/Wai Projects/MicoWML/mico_wml/node_modules/@electron/notarize/lib/staple.js:4:58)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
in my forge.config.js:
I changed with my appleid, app specific password and teamId.
},
Steps to reproduce
run -> sudo npm run make
Additional information
No response
The text was updated successfully, but these errors were encountered: