Electron-builder: Help overcoming two errors building macOS app - Electron doesn't recognize my Apple developer certificate ERROR ITMS-90237 and App sandbox not enabled ERROR ITMS-90296
"electron": "3.0.10",
"electron-builder": "21.2.0",
"mac": {
"category": "public.app-category.productivity",
"target": [
"pkg"
],
"identity": "My Company. (4VJSSKP824)",
"hardenedRuntime": true,
"gatekeeperAssess": false,
"entitlements": "dist/entitlements.mac.plist",
"entitlementsInherit": "dist/entitlements.mac.inherit.plist"
},
"dist/entitlements.mac.plist"
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
<key>com.apple.security.cs.disable-executable-page-protection</key>
<true/>
</dict>
</plist>
"dist/entitlements.mac.inherit.plist"
<!--?xml version="1.0" encoding="UTF-8"?-->
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.application-groups</key>
<array>
<string>TEAMID_AND_PACKAGE NAME</string>
</array>
</dict>
</plist>
I have placed the correct Developer ID certificates.
Have any of you successfully overcome these two problems I am facing to create a build of my electron app for the macOS store? I have included the correct apple certificate and entitlement properties but still electron is not detecting these things in the build process.
Errors:
ERROR ITMS-90237: "The product archive package's signature is invalid. Ensure that it is signed with your "3rd Party Mac Developer Installer" certificate."
ERROR ITMS-90296: "App sandbox not enabled. The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of true in the entitlements property list
ahmadwaliesipick
All 16 comments
@codebytere @sonamgupta-kiwi @amargautam @sangeeth96 @heydon you all have chimed in on similar electron build issues. @ahmadwaliesipick is the expert here and we are back to figuring this out so we can get our angular app compiled and working in the Mac and Windows stores. Do you have any ideas on a fix to the above issue?
kellerchch
on 8 Apr 2020
@ahmadwaliesipick @kellerchch
Can you check if build.dmg.sign = false in package.json?
amargautam
on 8 Apr 2020
@ahmadwaliesipick @kellerchch
Can you check if
build.dmg.sign = falseinpackage.json?
@amargautam
i am creating pkg not dmg or mas
ahmadwaliesipick
on 8 Apr 2020
Here's what I've done to get a working MAS pkg: https://github.com/electron/electron-osx-sign/issues/223#issuecomment-611070794
Based on your post, I see that you've set target to pkg. It should be mas instead which will pick up the right certificates.
Also, I suggest you remove setting of custom entitlements.inherit.plist. It should only contain the sandbox and security.inherit keys (unless you know what you're doing).
Lastly, I'd suggest making a mas-dev build as well.
sangeeth96
on 8 Apr 2020
Thanks for replying @sangeeth96
I had tried 'mas' but build failed because if identity issue; ' _skipped macOS application code signing reason=Identity name is specified, but no valid identity with this name in the keychain identity=XYZ. (4VXKRTP824) allIdentities_'.
Even that i have placed all corect identities at KeyChain.
I saw your issue comment link above, you have created build via mas and manually signed using electron-osx-sign. But if we used mas in electron-builder internally it used electron-osx-sign lib to sign the app.
ahmadwaliesipick
on 9 Apr 2020
In my case I resolved the issue by upgrading electron and electron-builder to
"electron": "^5.0.13",
"electron-builder": "^22.3.2",
These two upgradation resolved my all problems.
Here is my build settings -
"build": {
"appId": "my app id",
"productName": "Plv2",
"copyright": " 漏 2012-2020 company, Inc.",
"asar": true,
"files": [
"build/",
"public/",
"embedded.provisionprofile",
"entitlements.mac.plist",
"entitlements.mas.plist",
"all_certificates.p12"
],
"directories": {
"buildResources": "build",
"output": "package_desktop",
"app": "."
},
"mac": {
"gatekeeperAssess": false,
"darkModeSupport": false,
"entitlements": "build/entitlements.mac.plist",
"entitlementsInherit": "build/entitlements.mas.plist",
"target": [
"dmg",
"mas",
"pkg"
]
},
"mas": {
"entitlements": "build/entitlements.mac.plist",
"entitlementsInherit": "build/entitlements.mas.plist",
"provisioningProfile": "build/embedded_live.provisionprofile"
},
"dmg": {
"sign": false
},
"win": {
"certificateFile": "winCerts/certi.pfx",
"certificatePassword": "mypassword",
"verifyUpdateCodeSignature": false
}
}
}
By this I have successfully publish the app on mac store and windows store.
sonamgupta-kiwi
on 9 Apr 2020
@sonamgupta-kiwi thanks for sharing details let me try this and back to you.
ahmadwaliesipick
on 9 Apr 2020
@sonamgupta-kiwi Where you have provided all_certificates.p12 in above config? where should i place this file in directory? how can i create this p12 files? which certificate should include in this p12?
ahmadwaliesipick
on 9 Apr 2020
@ahmadwaliesipick I used this link to create the all_certificate p12.
https://www.electron.build/code-signing#how-to-export-certificate-on-macos
And I place this file in root directory of the project.
sonamgupta-kiwi
on 9 Apr 2020
@sonamgupta-kiwi i am following these steps and able to submit build to apple store but i am facing these last two issues. Do you have idea about these issues?
ITMS-90238: Invalid Signature - The executable at path Todo Cloud.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Resources/crashpad_handler has following signing error(s): valid on disk /Volumes/data01/app_data/app-processing/mz_16802161056023505223dir/mz_6488626210031369281dir/com.myapp.appformac.pkg/Payload/Todo Cloud.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Resources/crashpad_handler: satisfies its Designated Requirement test-requirement: code failed to satisfy specified code requirement(s) . Refer to the Code Signing and Application Sandboxing Guide at http://developer.apple.com/library/mac/#documentation/Security/Conceptual/CodeSigningGuide/AboutCS/AboutCS.html and Technical Note 2206 at https://developer.apple.com/library/mac/technotes/tn2206/_index.html for more information.
ITMS-90238: Invalid Signature - The executable at path Todo Cloud.app/Contents/Frameworks/Squirrel.framework/Versions/A/Resources/ShipIt has following signing error(s): valid on disk /Volumes/data01/app_data/app-processing/mz_16802161056023505223dir/mz_6488626210031369281dir/com.myapp.appformac.pkg/Payload/Todo Cloud.app/Contents/Frameworks/Squirrel.framework/Versions/A/Resources/ShipIt: satisfies its Designated Requirement test-requirement: code failed to satisfy specified code requirement(s) . Refer to the Code Signing and Application Sandboxing Guide at http://developer.apple.com/library/mac/#documentation/Security/Conceptual/CodeSigningGuide/AboutCS/AboutCS.html and Technical Note 2206 at https://developer.apple.com/library/mac/technotes/tn2206/_index.html for more information.
@sonamgupta-kiwi can you please share your entitlements": "build/entitlements.mac.plist", "build/entitlements.mas.plist" ?
ahmadwaliesipick
on 9 Apr 2020
Here is my entitlements.mac.plist -
entitlements.mas.plist -
sonamgupta-kiwi
on 13 Apr 2020
@sonamgupta-kiwi thanks for sharing.
Once i signed app via codeSign "https://www.electronjs.org/docs/tutorial/mac-app-store-submission-guide" The app crash on startup.
I have debug app this error shown '[12264:1029/152011.865024:FATAL:gpu_data_manager_impl_private.cc(892)] The display compositor is frequently crashing. Goodbye.'
Once i removed 'com.apple.security.app-sandbox' from plist then app works but Apple store not accepting build without adding sandbox. @sonamgupta-kiwi You have any idea about this?
ahmadwaliesipick
on 13 Apr 2020
Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
![stale[bot] picture](https://avatars3.githubusercontent.com/in/1724?v=4&s=40)
stale[bot]
on 12 Jun 2020
I have also facing this issue.
ITMS-90237: The product archive package's signature is invalid. Ensure that it is signed with your '3rd Party Mac Developer Installer' certificate.
ajaycallhippo
on 6 Aug 2020
I have also facing this issue.
ITMS-90237: The product archive package's signature is invalid. Ensure that it is signed with your '3rd Party Mac Developer Installer' certificate.
codesign --deep --force --verbose --sign - electron.app
ahmtshn
on 4 Oct 2020
Related issues
NPellet
路
3Comments
leo
路
3Comments
antonycourtney
路
3Comments
AidanNichol
路
3Comments
omarkilani
路
3Comments
Most helpful comment
Here is my entitlements.mac.plist -
entitlements.mas.plist -
