Electron-builder: MAS distribution pkg rejected during review process

Created on 5 Feb 2018  路  7Comments  路  Source: electron-userland/electron-builder


  • Version: 19.55.3

  • Target: mas


Hi guys!
I have an issue with review process in Mac App Store
My mac key in build settings looks like this:

package.json

{"mac": {
      "type": "distribution",
      "extendInfo": {
        "ElectronTeamID": "XXXXXXXXW4"
      },
      "category": "public.app-category.business",
      "entitlements": "build/entitlements.mas.plist",
      "entitlementsInherit": "build/entitlements.mas.inherit.plist",
      "target": [
        {
          "target": "mas"
        }
      ]
    }

I got .app and .pkg 聽files. This package could not be loaded though Application Loader with error

ERROR ITMS-90287: "Invalid Code Signing Entitlements. The entitlements in your app bundle signature do not match the ones that are contained in the provisioning profile. The bundle contains a key that is not included in the provisioning profile: 'com.apple.developer.team-identifier' in 'xxxxxx/Payload/xxxxxxxx.app/Contents/MacOS/Xxxxxxx'.

If I resign it with next script
sign.sh

#!/bin/bash

APP="XXXXXXXXX"
APP_PATH="install/mas/Xxxxxxxxx.app"
RESULT_PATH="AppStore/$APP.pkg"
APP_KEY="3rd Party Mac Developer Application: XXXXXXXXXX (XXXXXXXXXXXXX)"
INSTALLER_KEY="3rd Party Mac Developer Installer: XXXXXXXXX (XXXXXXXXXXX)"
CHILD_PLIST="plists/child.plist"
PARENT_PLIST="plists/parent.plist"
LOGINHELPER_PLIST="plists/loginhelper.plist"

FRAMEWORKS_PATH="$APP_PATH/Contents/Frameworks"

codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$FRAMEWORKS_PATH/Electron Framework.framework/Versions/A/Electron Framework"
codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$FRAMEWORKS_PATH/Electron Framework.framework/Versions/A/Libraries/libffmpeg.dylib"
codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$FRAMEWORKS_PATH/Electron Framework.framework/Versions/A/Libraries/libnode.dylib"
codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$FRAMEWORKS_PATH/Electron Framework.framework"
codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$FRAMEWORKS_PATH/$APP Helper.app/Contents/MacOS/$APP Helper"
codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$FRAMEWORKS_PATH/$APP Helper.app/"
codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$FRAMEWORKS_PATH/$APP Helper EH.app/Contents/MacOS/$APP Helper EH"
codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$FRAMEWORKS_PATH/$APP Helper EH.app/"
codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$FRAMEWORKS_PATH/$APP Helper NP.app/Contents/MacOS/$APP Helper NP"
codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$FRAMEWORKS_PATH/$APP Helper NP.app/"
codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$APP_PATH/Contents/MacOS/$APP"

codesign -s "$APP_KEY" -f --entitlements "$PARENT_PLIST" "$APP_PATH"

productbuild --component "$APP_PATH" /Applications --sign "$INSTALLER_KEY" "$RESULT_PATH"

My plists
child.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.inherit</key>
    <true/>
  </dict>
</plist>

parent.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.network.client</key>
    <true/>
  </dict>
</plist>

loginhelper.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.inherit</key>
    <true/>
  </dict>
</plist>

It passes Application Loader validation and successfully loads to App Store. But during review I always receive the next issue:

Your app crashed on Mac running macOS 10.13 when we:
Launched the app.
No crash log was generated by this crash.
Next Steps
Please revise your app and test it to ensure that it runs as expected.
Should you require more assistance with resolving this issue, Apple Developer Technical Support is available to provide direct one-on-one support for discrete code-level questions.

If I set taget as "mas-dev" it runs locally without any issues. Also I have newly generated certificates
"3rd Party Mac Developer Application: XXXXXXXXXX (XXXXXXXXXXXXX)"
"3rd Party Mac Developer Installer: XXXXXXXXX (XXXXXXXXXXX)"

Application is correctly sandboxed.

I couldn't understand what the issue is. Does anyone have any suggestion?

question
Source
picture dmitrykurochka
👍3

Most helpful comment

I have the same problem but can't find the solution

picture nyanev on 12 Feb 2018
👍3

All 7 comments

I have the same problem but can't find the solution

nyanev picture nyanev on 12 Feb 2018
👍3

Still no suggestions?

dmitrykurochka picture dmitrykurochka on 14 Mar 2018

@dmitrykurochka is the certificate created by the team agent (not team admin) of the apple developer account?

damianobarbati picture damianobarbati on 22 Jun 2018

@damianobarbati Yes it was

dmitrykurochka picture dmitrykurochka on 22 Jun 2018

OK, I'm trying right now to sign my "mas" target but... how can I use a different (and proper) certificate for mas target and dmg target? CSC_LINK and CSC_KEY_PASSWORD will always point to just one certificate file :\

damianobarbati picture damianobarbati on 22 Jun 2018

@damianobarbati I don't know. I've used one

dmitrykurochka picture dmitrykurochka on 22 Jun 2018

One p12 can contain several certs.

develar picture develar on 1 Jul 2018
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

philcockfield picture philcockfield  路  3Comments
ccorcos picture ccorcos  路  3Comments
alexstrat picture alexstrat  路  3Comments
githubbob42 picture githubbob42  路  3Comments
antonycourtney picture antonycourtney  路  3Comments