Electron-builder: How to sign Mac application (DMG target)
- Version: 7.10.2
- Target: Mac
I have difficuties signing a Mac app with target DMG. MAS builds are signed just fine when downloading from GDrive for example, but the file://... method produces the same errors as described below for the DMG targets.
First I created a 3rd Party Mac Developer Application and a 3rd Party Mac Developer Installer certificate. Following the code sigining instructions on the Wiki, I exported two *.p12 files and exported the following environment variables:
CSC_LINK=https://drive.google.com/uc?export=download&id=app.p12
CSC_KEY_PASSWORD=password
CSC_INSTALLER_LINK=https://drive.google.com/uc?export=download&id=installer.p12
CSC_INSTALLER_KEY_PASSWORD=password
With a DMG target, I get the following error:
Warning: App is not signed: CSC_LINK is not specified, and no valid identity in the keychain, see https://github.com/electron-userland/electron-builder/wiki/Code-Signing
Must be "Developer ID Application:" or custom non-Apple code signing certificate
Creating DMG
Unhandled rejection Error: data has additional properties, data has additional properties
Then, I exported also CSC_NAME="3rd Party Mac Developer Application: Company, Inc. (534FHX123DHR)", which produced the error Unhandled rejection Error: Please remove prefix "3rd Party Mac Developer Application:" from the specified name — appropriate certificate will be chosen automatically
Ok, removing the requested parts including the team ID, leaves me with this: Unhandled rejection Error: Identity name "Company, Inc." is specified, but no valid identity with this name in the keychain
I also imported the cert and private key into the keychain, but that produces the same error. I appreciate your help.
eriedl-kiban
All 9 comments
OK, after a lot of trial and error, I figured out that this seems to be an issue that was introduced after 6.7.3. The error message Unhandled rejection Error: data has additional properties, data has additional properties was eventually the clue for me to try to downgrade to an older version.
I downgraded back to 6.7.3 and everything is building and signing now just fine. At least that's what RB App Checker Lite is suggesting and the installer also shows the correct certificate.
eriedl-kiban
on 4 Oct 2016
Duplicates https://github.com/electron-userland/electron-builder/issues/710#issuecomment-244389520
3rd Party Mac Developer Application
This certificate is not valid to sign mac application, please see https://github.com/electron-userland/electron-builder/wiki/Code-Signing#how-to-export-certificate-on-macos Must be Developer ID Application:
develar
on 5 Oct 2016
I wouldn't say this is a duplicate. I had finally figured that the Developer ID certificate was required for the DMG target. However, the signing error still persists in 7.10.2 and works just fine in 6.7.3. I have all three certificates and their private keys in one p12 file and 6.7.3 automatically picks the right certificate as described in the docs. Do you want me to open a new issue?
eriedl-kiban
on 5 Oct 2016
I have all three certificates and their private keys in one p12 file and 6.7.3 automatically picks the right certificate as described in the docs
I had finally figured that the Developer ID certificate was required for the DMG target.
So, now your p12 file is correct and contains Developer ID Application:?
CSC_INSTALLER_LINK and CSC_INSTALLER_KEY_PASSWORD is deprecated and should be not used.
And you set CSC_LINK and CSC_KEY_PASSWORD and ...
- is mas build ok? or do you get error?
- is dmg build ok? Please specify error.
- do you build on CI server or development machine?
CSC_LINKto file or https?
develar
on 5 Oct 2016
CSC_INSTALLER_LINK and CSC_INSTALLER_KEY_PASSWORD is deprecated and should be not used.
Good to know :)
To answer your first two questions:
With 6.7.3 everything builds fine and the signatures are valid. This is the output:
Packaging for platform darwin x64 using electron 1.4.0 to out/packages/mac
Packaging for platform mas x64 using electron 1.4.0 to out/packages/mas
Signing app (identity: Mac Developer: Me (XYZ))
Signing app (identity: 3rd Party Mac Developer Application: Company, Inc. (XYZ))
Creating DMG
Signing app (identity: 3rd Party Mac Developer Application: Company, Inc. (XYZ))
With 7.10.2 the following errors occur:
[email protected]
+-- [email protected]
| `-- [email protected]
+-- [email protected]
+-- [email protected]
`-- [email protected]
`-- [email protected]
//....
Packaging for platform darwin x64 using electron 1.4.0 to out/packages/mac
Packaging for platform mas x64 using electron 1.4.0 to out/packages/mas
Warning: App is not signed: CSC_LINK is not specified, and no valid identity in the keychain, see https://github.com/electron-userland/electron-builder/wiki/Code-Signing
Must be "Developer ID Application:" or custom non-Apple code signing certificate
Creating DMG
Unhandled rejection Error: data has additional properties, data has additional properties
at Object.fn (sources/node_modules/appdmg-tf/lib/appdmg.js:142:10)
at Pipeline._runStep (sources/node_modules/appdmg-tf/lib/pipeline.js:44:8)
at Pipeline._run (sources/node_modules/appdmg-tf/lib/pipeline.js:93:8)
at Function.next.skip (sources/node_modules/appdmg-tf/lib/pipeline.js:39:21)
at Object.fn (sources/node_modules/appdmg-tf/lib/appdmg.js:111:37)
at Pipeline._runStep (sources/node_modules/appdmg-tf/lib/pipeline.js:44:8)
at Pipeline._run (sources/node_modules/appdmg-tf/lib/pipeline.js:93:8)
at Function.next.skip (sources/node_modules/appdmg-tf/lib/pipeline.js:39:21)
at Object.fn (sources/node_modules/appdmg-tf/lib/appdmg.js:94:37)
at Pipeline._runStep (sources/node_modules/appdmg-tf/lib/pipeline.js:44:8)
at Pipeline._run (sources/node_modules/appdmg-tf/lib/pipeline.js:93:8)
at next (sources/node_modules/appdmg-tf/lib/pipeline.js:33:23)
at sources/node_modules/appdmg-tf/lib/appdmg.js:84:9
at FSReqWrap.cb [as oncomplete] (fs.js:257:19)
From previous event:
at DmgTarget.<anonymous> (sources/node_modules/electron-builder/src/targets/dmg.ts:47:5)
at next (native)
From previous event:
at tsAwaiter (sources/node_modules/electron-builder/src/util/awaiter.ts:10:47)
at DmgTarget.build (sources/node_modules/electron-builder/out/targets/dmg.js:27:16)
at MacPackager.packageInDistributableFormat (sources/node_modules/electron-builder/src/macPackager.ts:195:25)
at nonMasPromise.doPack.then.then (sources/node_modules/electron-builder/src/macPackager.ts:80:16)
From previous event:
at MacPackager.<anonymous> (sources/node_modules/electron-builder/src/macPackager.ts:79:10)
at next (native)
From previous event:
at tsAwaiter (sources/node_modules/electron-builder/src/util/awaiter.ts:10:47)
at Object.build (sources/node_modules/electron-builder/out/builder.js:138:12)
at Packager.package (sources/build-script/bozon/lib/packaging/packager.js:62:31)
at Object.runner.package (sources/build-script/bozon/lib/bin/runner.js:28:38)
at Command.<anonymous> (sources/build-script/bozon/lib/bin/bozon.js:50:17)
at Command.listener (sources/node_modules/commander/index.js:301:8)
at emitTwo (events.js:106:13)
at Command.emit (events.js:191:7)
at Command.parseArgs (sources/node_modules/commander/index.js:615:12)
at Command.parse (sources/node_modules/commander/index.js:458:21)
at Object.<anonymous> (sources/build-script/bozon/lib/bin/bozon.js:53:9)
at Module._compile (module.js:556:32)
at Object.Module._extensions..js (module.js:565:10)
at Module.load (module.js:473:32)
at tryModuleLoad (module.js:432:12)
at Function.Module._load (module.js:424:3)
at Module.runMain (module.js:590:10)
at run (bootstrap_node.js:394:7)
at startup (bootstrap_node.js:149:9)
at bootstrap_node.js:509:3
Signing app (identity: 3rd Party Mac Developer Application: Company, Inc. (XYZ))
Signing app (identity: 3rd Party Mac Developer Application: Company, Inc. (XYZ))
Unhandled rejection Error: data has additional properties, data has additional properties
at Object.fn (sources/node_modules/appdmg-tf/lib/appdmg.js:142:10)
at Pipeline._runStep (sources/node_modules/appdmg-tf/lib/pipeline.js:44:8)
at Pipeline._run (sources/node_modules/appdmg-tf/lib/pipeline.js:93:8)
at Function.next.skip (sources/node_modules/appdmg-tf/lib/pipeline.js:39:21)
at Object.fn (sources/node_modules/appdmg-tf/lib/appdmg.js:111:37)
at Pipeline._runStep (sources/node_modules/appdmg-tf/lib/pipeline.js:44:8)
at Pipeline._run (sources/node_modules/appdmg-tf/lib/pipeline.js:93:8)
at Function.next.skip (sources/node_modules/appdmg-tf/lib/pipeline.js:39:21)
at Object.fn (sources/node_modules/appdmg-tf/lib/appdmg.js:94:37)
at Pipeline._runStep (sources/node_modules/appdmg-tf/lib/pipeline.js:44:8)
at Pipeline._run (sources/node_modules/appdmg-tf/lib/pipeline.js:93:8)
at next (sources/node_modules/appdmg-tf/lib/pipeline.js:33:23)
at sources/node_modules/appdmg-tf/lib/appdmg.js:84:9
at FSReqWrap.cb [as oncomplete] (fs.js:257:19)
From previous event:
at DmgTarget.<anonymous> (sources/node_modules/electron-builder/src/targets/dmg.ts:47:5)
at next (native)
From previous event:
at tsAwaiter (sources/node_modules/electron-builder/src/util/awaiter.ts:10:47)
at DmgTarget.build (sources/node_modules/electron-builder/out/targets/dmg.js:27:16)
at MacPackager.packageInDistributableFormat (sources/node_modules/electron-builder/src/macPackager.ts:195:25)
at nonMasPromise.doPack.then.then (sources/node_modules/electron-builder/src/macPackager.ts:80:16)
From previous event:
at MacPackager.<anonymous> (sources/node_modules/electron-builder/src/macPackager.ts:79:10)
at next (native)
From previous event:
at tsAwaiter (sources/node_modules/electron-builder/src/util/awaiter.ts:10:47)
at Object.build (sources/node_modules/electron-builder/out/builder.js:138:12)
at Packager.package (sources/build-script/bozon/lib/packaging/packager.js:62:31)
at Object.runner.package (sources/build-script/bozon/lib/bin/runner.js:28:38)
at Command.<anonymous> (sources/build-script/bozon/lib/bin/bozon.js:50:17)
at Command.listener (sources/node_modules/commander/index.js:301:8)
at emitTwo (events.js:106:13)
at Command.emit (events.js:191:7)
at Command.parseArgs (sources/node_modules/commander/index.js:615:12)
at Command.parse (sources/node_modules/commander/index.js:458:21)
at Object.<anonymous> (sources/build-script/bozon/lib/bin/bozon.js:53:9)
at Module._compile (module.js:556:32)
at Object.Module._extensions..js (module.js:565:10)
at Module.load (module.js:473:32)
at tryModuleLoad (module.js:432:12)
at Function.Module._load (module.js:424:3)
at Module.runMain (module.js:590:10)
at run (bootstrap_node.js:394:7)
at startup (bootstrap_node.js:149:9)
at bootstrap_node.js:509:3
I admit the opening issues being a pebcak and I got that resolved. However, there is a problem with the latest 7.10.2 and signing. The stack trace suggests to me that there was an improvement in 0.4.9 of appdmg-tf that causes now this error. The previous version 0.4.5 seems to work fine.
do you build on CI server or development machine?
Both, above error occurs on both machines.
CSC_LINK to file or https?
Only file link or putting the certificates in the keychain works. Downloading from GDrive (yes, I generated the direct download link) results in another error message from security import... saying that the p12 file is in an unknown format. Converting it to base64 as suggested in older issues results in the same error message. I have not investigated this issue any further yet as I wanted to find the "happy path" first and do some more digging on my end, i.e. by trying different servers like S3 or an Artifactory or so, before reporting it.
eriedl-kiban
on 5 Oct 2016
Signing app (identity: Mac Developer: Me (XYZ))
Are you sure that your file / keychain has Developer ID Application cert? Mac Developer IS NOT valid cert and your 6.x build is not fine and not correct. In the 7.x Mac Developer was explicitly forbidden to avoid incorrectly signed app.
develar
on 5 Oct 2016
OK, thank you for that info! You were correct in regards to the certificate type and the invalid signature. It turns out that only the designated "Team Agent" can create Developer ID certificates. Which I requested and then recreated the p12 and ran the packaging and signing process again.
With version 6.7.3 it all builds and spctl and codesign can now verify the app:
Packaging for platform darwin x64 using electron 1.4.0 to out/packages/mac
Packaging for platform mas x64 using electron 1.4.0 to out/packages/mas
Signing app (identity: Developer ID Application: Company, Inc. (XYZ))
Signing app (identity: 3rd Party Mac Developer Application: Company, Inc. (XYZ))
Signing app (identity: 3rd Party Mac Developer Application: Company, Inc. (XYZ))
Creating DMG
5543:eriedl:eriedl-mbp15:12:19:12 ~/sources> spctl -v -a out/packages/mac/MyApp.app
out/packages/mac/MyApp.app: accepted
source=Developer ID
5556:eriedl:eriedl-mbp15:12:22:02 ~/sources> codesign --verify --verbose out/packages/mas/MyApp.app
out/packages/mas/MyApp.app: valid on disk
out/packages/mas/MyApp.app: satisfies its Designated Requirement
Signing with version 7.10.2 still fails with the previous data has additional properties error. The 3rd Party Mac Developer certificates are still required for signing MAS targets, correct?
eriedl-kiban
on 5 Oct 2016
Signing with version 7.10.2 still fails with the previous data has additional properties error.
Please try 7.10.3
The 3rd Party Mac Developer certificates are still required for signing MAS targets, correct?
Yes (one for app (3rd Party Mac Developer Application:), and second one for installer (pkg) (3rd Party Mac Developer Installer:)).
develar
on 6 Oct 2016
Yes, 7.10.3 fixes the aforementioned error! spctl and codesign also seem to be happy now.
Packaging for platform mas x64 using electron 1.4.2 to out/packages/mas
Downloading electron-v1.4.2-mas-x64.zip
[> ] 3.6% of 41.07 MB (730.37 kB/s)
Downloading electron-v1.4.2-mas-x64.zip
[============================================>] 100.0% of 41.07 MB (5.66 MB/s)
Creating DMG
Warning: dmg.title is not supported, file issue if need
Warning: dmg.background-color is deprecated, please use dmg.backgroundColor instead
Signing app (identity: 3rd Party Mac Developer Application: Company, Inc. (XYZ))
Signing app (identity: 3rd Party Mac Developer Application: Company, Inc. (XYZ))
5591:eriedl:eriedl-mbp15:8:01:13 ~/sources> spctl -v -a out/packages/mac/MyApp.app
out/packages/mac/MyApp.app: accepted
source=Developer ID
5592:eriedl:eriedl-mbp15:8:01:53 ~/sources> codesign --verify --verbose out/packages/mas/MyApp.app
out/packages/mas/MyApp.app: valid on disk
out/packages/mas/MyApp.app: satisfies its Designated Requirement
5593:eriedl:eriedl-mbp15:8:03:10 ~/sources> codesign --verify --verbose out/packages/mac/MyApp.app
out/packages/mac/MyApp.app: valid on disk
out/packages/mac/MyApp.app: satisfies its Designated Requirement
Related issues
xingoxu
·
3Comments
Jashepp
·
3Comments
iklemm
·
3Comments
AidanNichol
·
3Comments
popod
·
3Comments
Most helpful comment
Yes, 7.10.3 fixes the aforementioned error!
spctlandcodesignalso seem to be happy now.