Electron-builder: App Crash after electron-builder 22.2.0 MAS build

After adding "hardenedRuntime": false it opens without error. When I try to upload it to the app store I get this error...

ERROR ITMS-90296: "App sandbox not enabled. The following executables must include the "com.apple.security.app-sandbox" ...

Got it!

package.json

"mac": {
      "target": "mas",
      "hardenedRuntime": false,
      "gatekeeperAssess": false,
      "identity": null,
      "category": "public.app-category.lifestyle",
      "icon": "assets/mac/icon.icns"
    },
    "mas": {
      "entitlements": "build/entitlements.mac.plist",
      "entitlementsInherit": "build/entitlements.mac.inherit.plist",
      "provisioningProfile": "**profile_name**.provisionprofile"
    }

entitlements.mac.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.application-groups</key>
    <array>
      <string>**devId.appId**</string>
    </array>

    <key>com.apple.security.network.client</key>
    <true/>
  </dict>
</plist>

entitlements.mac.inherit.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.inherit</key>
    <true/>
  </dict>
</plist>

Hope this helps someone out there!

Was about to post the same question before I saw this. But sadly this didn't work for me either. It builds the app and I can launch it from the build/mac folder. But when I try to submit it to App Store connect using their Transporter app it fails saying Code Signing Invalid and Missing Required Icon even though the icon is there in the right place in the right format.

I bet your really close. The icon is actually a collection of different sizes in one file. I had the same issue and got it worked out...

https://github.com/electron/electron-osx-sign/issues/217

Thanks for the tip on the icon. Per your link I fixed the icon issue. And I got the other errors fixed. Honestly I don't know what was the cause of the others. I just started the whole process over from scratch with new certificates and provisioning profiles and it worked after that. I am going to post an issue that the MAS submission process be documented. I scoured the web and couldn't find any up-to-date instructions on the whole process. Wasted lots of time on it.

My electron app works fine before singing by the script provided here.

However, after signing the app, the app can no longer access the network. Also, if I try to submit the app through Transporter I get this issue

ERROR ITMS-90296: "App sandbox not enabled. The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of true in the entitlements property list:

Upon checking few comments and troubleshooting for last two days I can confirm that my plists are fine and all of them include

<key>com.apple.security.app-sandbox</key>
<true/>

Also I tried, https://github.com/electron/electron-osx-sign/issues/192#issuecomment-532256196.

My assumption is, after singing in the app, the pkg is losing its entitlements.

Is there something I might be doing wrong?

build script in package.json

"build": {
    "appId": "xxx.xxx.xxxx",
    "productName": "XXX XXX XXX,
    "win": {
      "target": "nsis"
    },
    "mac": {
      "icon": "resources/icon.icns",
      "target": "mas",
      "hardenedRuntime": true,
      "gatekeeperAssess": false,
      "identity": null,
      "category": "public.app-category.business",
      "entitlementsInherit": "build/entitlements.mac.inherit.plist",
      "type": "distribution"
    },
    "mas": {
      "entitlements": "build/entitlements.mac.plist",
      "entitlementsInherit": "build/entitlements.mac.inherit.plist",
      "provisioningProfile": "xxxxxxxxxxxxx.provisionprofile"
    },
    "asar": false
  },

entitlements

CHILD_PLIST="build/entitlements.mac.inherit.plist"

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.inherit</key>
    <true/>
    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
    <true/>
  </dict>
</plist>

PARENT_PLIST="build/entitlements.mac.plist"

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.application-groups</key>
    <array>
      <string>xxxxxx.xxx.xxxxxxx.xxxxxxx.xxxxxx</string>
    </array>
    <key>com.apple.security.files.user-selected.read-only</key>
    <true/>
    <key>com.apple.security.files.user-selected.read-write</key>
    <true/>
    <key>com.apple.security.network.client</key>
    <true/>
    <key>com.apple.security.personal-information.location</key>
    <true/>
    <key>com.apple.security.cs.allow-jit</key>
    <true/>
    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
    <true/>
    <key>com.apple.security.cs.allow-dyld-environment-variables</key>
    <true/>
    <key>com.apple.security.cs.disable-library-validation</key>
    <true/>
  </dict>
</plist>

LOGINHELPER_PLIST="entitlements.mas.loginhelper.plist"

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
  </dict>
</plist>

Packages used:

"electron": "^7.1.7",
 "electron-builder": "^22.2.0",
"electron-packager": "^14.1.1",

thanks for posting your fixes @danieldoddjr and @steve981cr. Similar but different, we are struggling to find a fix to our electron build issue #4602 Do you have any ideas? And, we'd be willing to hire the right dev to help us get a fix if you know of one. Thanks.

@kellerchch
I put together a step by step process for Electron apps submitted to the Mac App Store. It's not completely done but it may help you. This is the starting point and looking at the error you mentioned I would follow these steps and it may fix it.
ELECTRON-MAS-SUBMISSION-GUIDE.txt

Thank you @steve981cr for replying with that link. I'll work with Wali who is my developer doing the work and we'll step through your instructions. :-)

Great, let me know if that solves it for you. One thing I didn't include but is critical is you have to use Electron version 5.0.13 or 6.1.7 or your app will be rejected for use of private APIs. These two versions are patched to not use private APIs when building for the MAS. Electron version 7 does not have these patches. These are considered a temporary fix and the Electron team is working on a permanent solution.

Release notes for Electron 8.0.2 include "Fixed Electron apps getting rejected to Mac App Store." https://github.com/electron/electron/pull/22298

I followed the steps provided by @abhish3kk , no matter what I do... the app file after code sign crash.
I get:
"Exception Type: EXC_CRASH (Code Signature Invalid)"
I tried the RB App CHecker
It says "The profile does NOT match the application's Team ID (XXXXXXXX)!"

My package.json has these

"mac": {
  "category": "public.app-category.developer-tools",
  "target": [ "mas" ],
  "icon": "build/app.icns",
  "provisioningProfile": "embedded.provisionprofile",
  "entitlements": "build/entitlements.mas.plist",
  "entitlementsInherit": "build/entitlements.mas.inherit.plist",
  "hardenedRuntime": false
},

I am using...
"electron": "8.2.3",
"electron-builder": "^22.5.1",

Any one can help please ?

Same problem here. I had my fingers crossed when trying the step by step signing solution for the mas/ folder from @danieldoddjr and @abhish3kk but I still get the error Exception Type: EXC_CRASH (Code Signature Invalid). No error message thrown from the Terminal during signing process.

  • electron-builder  version=22.6.0 os=19.4.0
  • loaded configuration  file=package.json ("build" field)
  • description is missed in the package.json  appPackageFile=/Applications/MAMP/htdocs/webapp/app-electron/package.json
  • packaging       platform=mas arch=x64 electron=8.2.4 appOutDir=build/mas
  • signing         file=build/mas/superApp.app identityName=Developer ID Application: COMPANY_NAME (TEAM_ID) identityHash=XXXXXXXXXXXX04555B8B0FXXXXXXXXXX provisioningProfile=none
  • signing         file=build/mas/superApp.app identityName=3rd Party Mac Developer Application: COMPANY_NAME (TEAM_ID) identityHash=XXXXXXXXXXXX677A48XXXXXXXXXXXX provisioningProfile=xxxxxxxxxxxx.provisionprofile

If I try to sign my app for local testing to the mac/ folder (with "target":"dmg"), I get a different error type which is Exception Type: EXC_BAD_ACCESS (Code Signature Invalid). Any ideas about the difference between EXC_CRASH and EXC_BAD_ACCESS?

I'm using:
"electron": "^8.2.4"
"electron-builder": "^22.6.0"

My Certificates, Identifiers & Profiles are well installed and up to date (I revoked and redone the all process to be sure). Entitlements files are there too.
My package.json is:

"build": {
       "appId": "xxx.xxxxxxxxxxxx.xxx",
        "productName": "SuperApp",
        "mac":{
            "target":"mas",
            "hardenedRuntime": false,
            "gatekeeperAssess": false,
            "type":"distribution",
            "identity": "COMPANY_NAME (TEAM_ID)",
            "category": "public.app-category.music-games",
            "icon": "icons.icns",
            "minimumSystemVersion":"10.9.0",
            "electronLanguages":["en","fr","it","pt_BR","es","zh_TW","ja","de","tr","pl","ar","hi","ta","te","vi","id","ms","th","bn","nb","ko","ru","zh_CN"],
            "extendInfo": {
                "ITSAppUsesNonExemptEncryption": false,
                "CFBundleVersion": "0.1.7"
            }
        },
        "mas":{
            "provisioningProfile": "xxxxxxxxxxxx.provisionprofile",
            "entitlements": "build/entitlements.mac.plist",
            "entitlementsInherit": "build/entitlements.mac.inherit.plist"
        }
}

(of course XXXXXX and COMPANY_NAME (TEAM_ID) are replaced in my code with correct values).

Any ideas would be very very welcome! Thanks.

I just tried to sign my app with the method explained on the Electron Github using a bash script. No error thrown during signing process (so I guess it is signed?)

/Applications/test/build/mas/mySuperApp.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework: replacing existing signature
/Applications/test/build/mas/mySuperApp.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libffmpeg.dylib: replacing existing signature
/Applications/test/build/mas/mySuperApp.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libnode.dylib: No such file or directory
/Applications/test/build/mas/mySuperApp.app/Contents/Frameworks/Electron Framework.framework: replacing existing signature
/Applications/test/build/mas/mySuperApp.app/Contents/Frameworks/mySuperApp Helper.app/Contents/MacOS/mySuperApp Helper: replacing existing signature
/Applications/test/build/mas/mySuperApp.app/Contents/Frameworks/mySuperApp Helper.app/: replacing existing signature
/Applications/test/build/mas/mySuperApp.app/Contents/Library/LoginItems/mySuperApp Login Helper.app/Contents/MacOS/mySuperApp Login Helper: replacing existing signature
/Applications/test/build/mas/mySuperApp.app/Contents/Library/LoginItems/mySuperApp Login Helper.app/: replacing existing signature
/Applications/test/build/mas/mySuperApp.app/Contents/MacOS/mySuperApp: replacing existing signature
/Applications/test/build/mas/mySuperApp.app: replacing existing signature
productbuild: Adding component at /Applications/test/build/mas/mySuperApp.app
productbuild: Signing product with identity "3rd Party Mac Developer Installer: COMPANY_NAME (TEAM_ID)" from keychain /Users/myName/Library/Keychains/login.keychain-db
productbuild: Adding certificate "Apple Worldwide Developer Relations Certification Authority"
productbuild: Adding certificate "Apple Root CA"
productbuild: Wrote product to /Users/myName/Desktop/mySuperApp.pkg
productbuild: Supported OS versions: [10.9.0, )

I get my app.pkg and apparently it is signed. If I try to install this PKG on my Mac, installation succeed, but impossible to find the app (no ideas in what folder it goes)...

So I tried on a second Mac -> open the PKG -> installation succeed -> I can find the app in the Applications folder -> open it -> app crashes -> crashlog: Exception type: EXC_BAD_INSTRUCTION (SIGILL)

Any help/advises would be (hugely) appreciate. Thanks!

I spent 4 days trying to sign my Electron app (without Notarization process) for the MAS (Mac App Store) distribution with electron-builder...
By cross-checking helpful documentation found here (Electron Mac App Store Submission) and here I finally found a way for building and signing MAS .app+.pkg files without crashes at launch and getting validation from the App Store Connect without any problems (hurray!).

Very important: my test succeed ONLY using these versions:

    "electron": "^5.0.13",
    "electron-builder": "^21.2.0"

If you don't use these versions, I can't promise anything... Here you can find Electron version history list and Electron-builder version history list (if you still want to try different versions combination).

Here is the step by step solution who worked for me, I really hope it could help some of you to not tear your hair off like I did.

Restart process from a clean base

To be sure that app's crashes I got after signing process wasn't due to my app code or because of my Certificats and Provisioning profiles, I restart all the process from scratch.

Certificats, identifiers and Provisioning profile

This step has always been complicated and blurry for me. Never sure about what I am doing clearly during this process... So I removed every Certificats, Identifiers and Provisioning profiles from my App Store Connect interface, removed local certificats from my Keychain Access, and re-did it again. I followed the below steps using the App Store Connect interface:

• Generate and install new Certificates
• Generate a new Identifier (com.myCompany.superApp).
• Register my Device (my Mac 10.15.4).
• Generate a Provisioning profile for Distribution to the Mac App Store connected to my Identifier.

Electron quick start

To be sure my own app code wasn't the source of my problems, I restarted from a clean project.

I clone the official electron-quick-start app. I install it in my MAMP root folder from the Terminal:

# Go to the folder you want
cd /Applications/MAMP/
# Clone this repository
git clone https://github.com/electron/electron-quick-start
# Go into the repository
cd electron-quick-start
# Install dependencies
npm install

The electron-quick-start app use by default the latest version of Electron (which is 8.2.5 today). So I have to downgrade it:

npm i [email protected] --save-dev

Then I install the right version of electron-builder

npm i [email protected] --save-dev

Now my package.json and root folder looks like below:

{
  "name": "electron-quick-start",
  "version": "1.0.0",
  "description": "A minimal Electron application",
  "main": "main.js",
  "scripts": {
    "start": "electron ."
  },
  "devDependencies": {
    "electron": "^5.0.13",
    "electron-builder": "^21.2.0"
  }
}

Just to be sure, I test a npm run start to see if the app runs correctly. The app runs, let's continue.

Adding files in the build folder

Now I create a build/ folder to my root directory in which I add the following files:

• embedded.provisionprofile is the Provisioning profile generated and downloaded from the App Store Connect which makes reference to my Identifier com.myCompany.superApp.
-> Rename your Provisioning profile by embedded.provisionprofile.

• entitlements.mas.plist contains:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>com.apple.security.app-sandbox</key>
        <true/>
        <key>com.apple.security.application-groups</key>
        <array>
            <string>TEAM_ID.com.myCompany.superApp</string>
        </array>    
    </dict>
</plist>

-> You have to replace TEAM_ID and com.myCompany.superApp with your own informations.

• entitlements.mas.inherit.plist contains:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>com.apple.security.app-sandbox</key>
        <true/>
        <key>com.apple.security.inherit</key>
    <true/>
    </dict>
</plist>

• entitlements.mas.loginhelper.plist contains:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>com.apple.security.app-sandbox</key>
        <true/>
    </dict>
</plist>

• resignAndPackage.sh is a bash script needed to re-sign the SuperApp.app and for generating a valid PKG file. First, electron-builder will do its job (building+signing) like usually, which will create a .app and .pkg in the dist/mas/ folder. Then, the resignAndPackage.sh bash script will be called. It will target the SuperApp.app, re-signed it then create a valid PKG from it. This new PKG will be use for the MAS submission.

#!/bin/bash

printf "......................\nresignAndPackage start\n\n"

# Name of your app.
APP="SuperApp"
# Your Certificate name.
CERT="COMPANY_NAME (TEAM_ID)"
# The path of your app to sign.
APP_PATH="/Applications/MAMP/electron-quick-start/dist/mas/$APP.app"
# The path to the location you want to put the signed package.
RESULT_PATH="/Applications/MAMP/electron-quick-start/dist/mas/$APP-mac_store.pkg"
# The name of certificates you requested.
APP_KEY="3rd Party Mac Developer Application: $CERT"
INSTALLER_KEY="3rd Party Mac Developer Installer: $CERT"
# The path of your plist files.
PARENT_PLIST="build/entitlements.mas.plist"
CHILD_PLIST="build/entitlements.mas.inherit.plist"
LOGINHELPER_PLIST="build/entitlements.mas.loginhelper.plist"
FRAMEWORKS_PATH="$APP_PATH/Contents/Frameworks"
codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$FRAMEWORKS_PATH/Electron Framework.framework/Versions/A/Electron Framework"
codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$FRAMEWORKS_PATH/Electron Framework.framework/Versions/A/Libraries/libffmpeg.dylib"
codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$FRAMEWORKS_PATH/Electron Framework.framework/Libraries/libffmpeg.dylib"
codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$FRAMEWORKS_PATH/Electron Framework.framework"
codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$FRAMEWORKS_PATH/$APP Helper.app/Contents/MacOS/$APP Helper"
codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$FRAMEWORKS_PATH/$APP Helper.app/"
codesign -s "$APP_KEY" -f --entitlements "$LOGINHELPER_PLIST" "$APP_PATH/Contents/Library/LoginItems/$APP Login Helper.app/Contents/MacOS/$APP Login Helper"
codesign -s "$APP_KEY" -f --entitlements "$LOGINHELPER_PLIST" "$APP_PATH/Contents/Library/LoginItems/$APP Login Helper.app/"
codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$APP_PATH/Contents/MacOS/$APP"
codesign -s "$APP_KEY" -f --entitlements "$PARENT_PLIST" "$APP_PATH"
productbuild --component "$APP_PATH" /Applications --sign "$INSTALLER_KEY" "$RESULT_PATH"

printf "\nresignAndPackage end\n......................\n"

-> Replace CERT var with your own information.
-> Replace /Applications/MAMP/electron-quick-start/ with your own path.

Edit the package.json

Now I have to edit my package.json file with the right key/value for script and build so electron-builder can do the job. My package.json looks like:

{
  "name": "electron-quick-start",
  "version": "1.0.0",
  "description": "A minimal Electron application",
  "main": "main.js",
  "scripts": {
    "start": "electron .",
    "build-mas": "electron-builder && bash build/resignAndPackage.sh"
  },
  "devDependencies": {
    "electron": "^5.0.13",
    "electron-builder": "^21.2.0"
  },
  "build": {

        "productName": "SuperApp",
        "appId": "com.myCompany.superApp",

        "mac":{
            "target":["mas"]
        },

        "mas":{
            "provisioningProfile": "build/embedded.provisionprofile",
            "entitlements": "build/entitlements.mas.plist",
            "entitlementsInherit": "build/entitlements.mas.inherit.plist"
        }
    }
}

Build + Sign + Re-Sign

From the Terminal you can now run (and cross your fingers :)

npm run build-mas

Your Terminal should return this:

> [email protected] build-mas /Applications/MAMP/electron-quick-start
> electron-builder && bash build/resignAndPackage.sh

  • electron-builder  version=21.2.0 os=19.4.0
  • loaded configuration  file=package.json ("build" field)
  • author is missed in the package.json  appPackageFile=/Applications/MAMP/electron-quick-start/package.json
  • writing effective config  file=dist/builder-effective-config.yaml
  • packaging       platform=mas arch=x64 electron=5.0.13 appOutDir=dist/mas
  • default Electron icon is used  reason=application icon is not set
  • signing         file=dist/mas/SuperApp.app identityName=Developer ID Application: COMPANY_NAME (TEAM_ID) identityHash=XXXXXXXXXXXXXXXXXXXX provisioningProfile=none
  • signing         file=dist/mas/SuperApp.app identityName=3rd Party Mac Developer Application: COMPANY_NAME (TEAM_ID) identityHash=XXXXXXXXXXXXXXXXXXXX provisioningProfile=build/embedded.provisionprofile
......................
resignAndPackage start

/Applications/MAMP/electron-quick-start/dist/mas/SuperApp.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework: replacing existing signature
/Applications/MAMP/electron-quick-start/dist/mas/SuperApp.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libffmpeg.dylib: replacing existing signature
/Applications/MAMP/electron-quick-start/dist/mas/SuperApp.app/Contents/Frameworks/Electron Framework.framework/Libraries/libffmpeg.dylib: replacing existing signature
/Applications/MAMP/electron-quick-start/dist/mas/SuperApp.app/Contents/Frameworks/Electron Framework.framework: replacing existing signature
/Applications/MAMP/electron-quick-start/dist/mas/SuperApp.app/Contents/Frameworks/SuperApp Helper.app/Contents/MacOS/SuperApp Helper: replacing existing signature
/Applications/MAMP/electron-quick-start/dist/mas/SuperApp.app/Contents/Frameworks/SuperApp Helper.app/: replacing existing signature
/Applications/MAMP/electron-quick-start/dist/mas/SuperApp.app/Contents/Library/LoginItems/SuperApp Login Helper.app/Contents/MacOS/SuperApp Login Helper: replacing existing signature
/Applications/MAMP/electron-quick-start/dist/mas/SuperApp.app/Contents/Library/LoginItems/SuperApp Login Helper.app/: replacing existing signature
/Applications/MAMP/electron-quick-start/dist/mas/SuperApp.app/Contents/MacOS/SuperApp: replacing existing signature
/Applications/MAMP/electron-quick-start/dist/mas/SuperApp.app: replacing existing signature
productbuild: Adding component at /Applications/MAMP/electron-quick-start/dist/mas/SuperApp.app
productbuild: Signing product with identity "3rd Party Mac Developer Installer: COMPANY_NAME (TEAM_ID)" from keychain /Users/YOU/Library/Keychains/login.keychain-db
productbuild: Adding certificate "Apple Worldwide Developer Relations Certification Authority"
productbuild: Adding certificate "Apple Root CA"
productbuild: Wrote product to /Applications/MAMP/electron-quick-start/dist/mas/SuperApp-mac_store.pkg
productbuild: Supported OS versions: [10.10.0, )

resignAndPackage end
......................

Asking electron-builder to build and sign your app without specifying an output folder for builds will create a new dist/ folder to your root directory.
This folder will now contains dist/mas/ folder containing your SuperApp.app (which can be open without crashing) and a SuperApp-mac_store.pkg (which can be used for MAS submission).
-> You can remove/delete the SuperApp-1.0.0.pkg.

Hope this can helps!

Nope, same issue, it says invalid signature.

Sorry for you. Are you sure about the Certificats, identifiers and Provisioning profile process? Did you double check in your Keychain Access that your Certificats are valid and up to date? From which macOS version are you trying?

This work for me, with the latest electron-builder version(22.6.1), my os x version is 10.15.4

@chenjuneking Could you show us your electron-builder's configuration and entitlements file? I tested in development using dev-provisioning-profile and failed again, with electron-builder version 22.6.1.

@vifird

package.json

{
  "name": "myapp",
  // ...
  "build": {
    "productName": "myapp",
    "copyright": "xxx",
    "directories": {
      "buildResources": "./"
    },
    "files": [
      "!**/bin",
      "!**/build",
      "!**/*.sh"
    ],
    "mac": {
      "icon": "build/icon.icns",
      "target": [
        "mas"
      ],
      "provisioningProfile": "build/myapp.provisionprofile"
    },
    "appId": "my.app",
    "mas": {
      "entitlements": "build/entitlements.mas.plist",
      "entitlementsInherit": "build/entitlements.mas.inherit.plist"
    }
  }
}

entitlements.mas.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.application-groups</key>
    <array>
      <string>xxx.com.myapp</string>
    </array>
    <key>com.apple.security.network.client</key>
    <true/>
  </dict>
</plist>

entitlements.mas.inherit.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.inherit</key>
    <true/>
  </dict>
</plist>

entitlements.mas.loginhelper.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
  </dict>
</plist>

@chenjuneking Thanks a lot. Have you used entitlements.mas.loginhelper.plist? I didn't see how to use it in electron-builder.
And the target you runned succded is mas target? How did you test the package? Have you tried mas-dev target?

I haven't test mas target with electron-builder 22.6.1, i tested mas-dev and it crashed.

@vifird I didnot add entitlements.mas.loginhelper.plist into my configuration, so I dont think this file is necessary.
I test on a mac target before, when I decide to distribute my app to the OS X app store, I add a mas target. The mac target configuration as bellow:

{
  "name": "myapp",
  // ...
  "build": {
    "mac": {
      "icon": "build/icon.icns",
      "target": [
        "dmg",
        "zip"
      ],
      "publish": [
        {
          "provider": "generic",
          "url": "https://my/hot/update/url"
        }
      ],
      "provisioningProfile": "build/myapp.provisionprofile"
    },
    "dmg": {
      "icon": "build/icon.icns",
      "iconSize": 80
    }
  }
}

As you see, I didnot add any .plist on target mac, but it works.
So I think setting a entitlements.mas.plist and entitlements.mas.inherit.plist was only mas target needed.
Let me know if my understanding was wrong.

@chenjuneking Yeah, it' right. So you build your mas target and push to AppStore directly? Has it approved?

@vifird It's under review, not yet approved.

@vifird It's under review, not yet approved.

Hard to say, let's waiting for Apple's reply.

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.