Electron-builder: MacOS pkg error: electron-builder attemps to code-sign a framework

Created on 26 Nov 2019  Â·  8Comments  Â·  Source: electron-userland/electron-builder
  • Version: 21.2.0 (not the latest version as it does not currently work on MacOS)
  • Target: MacOS pkg

Hi,
We're working on the MacOS version of an existing Windows app.

Everything works fine when code-signing is disabled.
If code-signing is enabled, we get the following error:

⨯ Command failed: codesign --sign E0769897B5207F7E3FF79D46FCEFC98F84A212F3 --force --options runtime --entitlements installer/osx/entitlements.mac.plist /Users/merwan/Documents/MyApp/_bundles/mac/MyApp.app/Contents/Resources/app.asar.unpacked/someDependencyC.framework
/Users/merwan/Documents/MyApp/_bundles/mac/MyApp.app/Contents/Resources/app.asar.unpacked/someDependencyC.framework: bundle format unrecognized, invalid, or unsuitable

The app contains a native Node addon and some of its dependencies. They are _asarUnpacked_ so here's what's inside of MyApp.App/Contents/Resources/app.asar.unpacked.

  • nodeAddon.node (our native addon)
  • someDependencyA.dylib (no issue with this one)
  • someDependencyB.dylib (no issue with this one)
  • someDependencyC.framework (library provided by a third party)

It seems that electron-builder attempts to sign the .framework, which fails.

1) Is this an expected behavior?

2) I noticed that there's a Contents/Frameworks folder in the bundled app. Should I put our dependency there? If yes, how to instruct electron builder to do so?

_Note:_ if we exclude the framework from the bundle and then, after everything is signed, we copy it manually in the app.asar.unpacked folder (or even in Content/Frameworks), there's no signing error and the app works. I guesse we could do this with an _afterSign_ script as a workaround but this is not obviously not ideal.

Thanks for your help,

picture merwaaan

Most helpful comment

I simply disabled automatic sign off aaplication
export CSC_IDENTITY_AUTO_DISCOVERY=false

picture biancama on 23 Mar 2020
🎉31

All 8 comments

  1. You can use https://www.electron.build/configuration/contents.html#extraresources to copy additional files into resources or other directories. 
        "mac": {
            "extraResources": [
                {
                    "from": "crv/assets/data",
                    "to": "../../../",
                    "filter": "test*"
                }
            ],
            "icon": "crv/assets/icons/icon.icns",
            "hardenedRuntime": true,
            "gatekeeperAssess": false
        }

The code snippet copies all files with the name test* outside of the .app file, in my case it's the SQLite database. You can try, but I don't know if this solve the sign issue.

kzimny picture kzimny on 27 Nov 2019

@kzimny Tried using extraFiles and extraResources. This copies the framework but electron-builder still tries to code-sign the framework and a different error occurs:

⨯ Command failed: codesign --sign E0769897B5207F7E3FF79D46FCEFC98F84A212F3 --force --options runtime --entitlements installer/osx/entitlements.mac.plist /[...]/_bundles/mac/MyApp.app/Contents/Resources/someDependencyC.framework/someDependencyC
/[...]/_bundles/mac/MyApp.app/Contents/Resources/someDependencyC.framework/someDependencyC: replacing existing signature
/[...]/_bundles/mac/MyApp.app/Contents/Resources/someDependencyC.framework/someDependencyC: bundle format is ambiguous (could be app or framework)
merwaaan picture merwaaan on 27 Nov 2019

We found the solution to the initial issue!

It was due to MacOS frameworks relying on internal symbolic links. Electron-builder properly deals with those symlinks but a previous stage of our build pipeline copied the framework library without preserving symbolic links.

So be sure to cp -a frameworks or the code-signing process won't be able to recognize those damaged frameworks.

(Similar that might me interested in this solution: #4081 #3790 #2957 #2644 #4347 #2794)

merwaaan picture merwaaan on 29 Nov 2019

@merwaaan At what stage and How to use cp -a

joeyer picture joeyer on 12 Feb 2020

@joeyer

I had to use the cp -a terminal command in a custom build step unrelated to Electron builder.
If you just use cp to copy frameworks, it breaks symlinks.

If you don't need to move frameworks around, you don't need it. Also, using the MacOS explorer to move files around (with drag-n-drop or right-click>copy/paste) should preserve symlinks.

merwaaan picture merwaaan on 12 Feb 2020

I simply disabled automatic sign off aaplication
export CSC_IDENTITY_AUTO_DISCOVERY=false

biancama picture biancama on 23 Mar 2020
🎉31

I simply disabled automatic sign off aaplication
export CSC_IDENTITY_AUTO_DISCOVERY=false

Thanks!
This is the only solution that worked for me (macOS).

But if I do need to sign, how do I do that?

Yiddishe-Kop picture Yiddishe-Kop on 27 May 2020

@biancama where did you put the export?

gwsounddsg picture gwsounddsg on 21 Nov 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

omarkilani picture omarkilani  Â·  3Comments
ccorcos picture ccorcos  Â·  3Comments
StickNitro picture StickNitro  Â·  3Comments
NPellet picture NPellet  Â·  3Comments
lbssousa picture lbssousa  Â·  3Comments