electron-builder 20.29.0+ bundles fail to run on macOS Catalina
There seems to be a regression between electron-builder 20.28.4 and 20.29.0 that makes the app not run on macOS Catalina with an error like "The application Foo.app can't be opened":
Note that this is not a notarization error, it's something different.
Repro steps:
Package app using
electron-webpack-quick-start@masteron a Mojave machine, upload .zip to the internet, download on Catalina and attempt to run the app. The app fails to run with the message above.Package app using
electron-webpack-quick-start@09ae10e82e728047aed5e7341c4a555398fee33d(uses electron-builder 20.28.1), repeat steps above, and confirm that it works fine on Catalina although you might get a different "can't check for malicious software" app notarization error
To make our app compatible with macOS Catalina, we downgraded to [email protected], build into a directory using --dir, manually run electron-osx-sign with --entitlements="entitlements.plist" --entitlements-inherit="entitlements.plist" --hardened-runtime=true, manually run electron-notarize, and manually create a .zip.
poiru
All 8 comments
20.28.4 and 20.29.0 are so old and there have been may recent fixes to improve notarisation support.
Have you tried the latest 21.2.0?
timfish
on 2 Sep 2019
I am also encountering this issue on [email protected]. This appears to be the same issue as #4108
This occurs for me regardless of if I use an afterSign script to notarize the app. My mac configuration is:
mac:
target:
- dmg
- zip
category: public.app-category.productivity
type: distribution
Versions:
- macOS - 10.15 Beta (19A546d)
- electron - 3.1.13
- electron-builder - 21.2.0
mcous
on 5 Sep 2019
I had assumed that Electron v4.x was a requirement for notarisation but not really sure where I got that from.
I had the same crash at startup when using anything but the default entitlements but now everything works even with custom entitlements and can't reproduce the previous issues so it's a weird one...
timfish
on 5 Sep 2019
I had assumed that Electron v4.x was a requirement for notarisation but not really sure where I got that from.
Oh man, if you do find any concrete information on that, would you please ping me? I'd like to keep us on the 3.x line for macOS 10.9 support. Then again, Electron v3 is EoL'd, so maybe I should just do the responsible thing and update.
In terms of repro, I running into some really weird stuff:
- Build machine: macOS 10.14.6
- Test machine: VM running macOS 10.15 Beta (19A546d)
Testing with an unnotarized app I have no issues with the ZIP file on my 10.14 machine. On the 10.15 machine, where I obtain the ZIP file by downloading it from a server:
- Unzip the archive by double-clicking (Archive Utility)
- "The application can't be opened"
- Open inspection, the executable in
Contents/MacOSis lacking executable permission chmod +x, try to open, '"App Name" is damaged and can't be opened. You should move it to the Trash'
- Unzip the archive with a different GUI app (Keka)
- Application hits Gatekeeper (expected behavior), Gatekeeper complains
- Unzip the archive with
unzip
- Application launches (???)
With a notarized build on 10.15
- Unzip the archive by double-clicking (Achive Utility)
- "The application can't be opened"
- Same behavior as above
- Unzip the archive with a different GUI app (Keka)
- Application hits Gatekeeper
- '"App Name" is an app created by Keka. Are you sure you want to open it? Keka created this file on an unknown date.'
- Click "Open", application launches
- Unzip the archive with
unzip
- '"App Name" is an app downloaded from the Internet. Are you sure you want to open it?'
- This feels "correct" to me
So I guess that leaves us with the following list of options?
- Bug in the 10.15 Beta version of Archive Utility
- Problem with the ZIP output of electron-builder that causes certain unzippers to do weird things with permissions
- Something else entirely
The good news is that this doesn't appear to affect auto-update on mac for me, so I think I can proceed by simply distributing the DMG and I guess just crossing my fingers?
mcous
on 5 Sep 2019
I noticed the same thing as @mcous. I tested on Mojave and extracting/running the notarized zip works fine so it seems like an issue with Archive Utility on Catalina not correctly extracting notarized apps.
gschier
on 10 Oct 2019
Duplicate issue and potential workaround: https://github.com/electron-userland/electron-builder/issues/4299#issuecomment-540262406
poiru
on 11 Oct 2019
See comment https://github.com/electron-userland/electron-builder/issues/4299#issuecomment-544997415
semireg
on 23 Oct 2019
Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
![stale[bot] picture](https://avatars3.githubusercontent.com/in/1724?v=4&s=40)
stale[bot]
on 22 Dec 2019
Related issues
ccorcos
路
3Comments
jhg
路
3Comments
popod
路
3Comments
antonycourtney
路
3Comments
Jashepp
路
3Comments
Most helpful comment
Oh man, if you do find any concrete information on that, would you please ping me? I'd like to keep us on the 3.x line for macOS 10.9 support. Then again, Electron v3 is EoL'd, so maybe I should just do the responsible thing and update.
In terms of repro, I running into some really weird stuff:
Testing with an unnotarized app I have no issues with the ZIP file on my 10.14 machine. On the 10.15 machine, where I obtain the ZIP file by downloading it from a server:
Contents/MacOSis lacking executable permissionchmod +x, try to open, '"App Name" is damaged and can't be opened. You should move it to the Trash'unzipWith a notarized build on 10.15
unzipSo I guess that leaves us with the following list of options?
The good news is that this doesn't appear to affect auto-update on mac for me, so I think I can proceed by simply distributing the DMG and I guess just crossing my fingers?