This is a
Hi,
I used nexe to transform a Node.js file to an executable used by a macOS application.
I recently updated to 2.0.0-rc.29 (from a version a ~year ago) and it no longer works.
First, I had an issue where Xcode codesign would fail:
codesign says my main executable failed strict validation.
- Your Mach-O executable does not conform to modern Mach-O layout rules.
- You may be using a third party development product that hasn't been brought up to date, or post-processed your file in unsupported ways.
That got fixed by the following issues / hack:
https://github.com/nexe/nexe/issues/446
https://github.com/nexe/nexe/issues/470
But then I had another error:
caught error in https
ReferenceError: net is not defined
at Server.server.on (_third_party_main.js:212:14)
at Server.emit (events.js:182:13)
at onParserExecuteCommon (_http_server.js:535:14)
at onParserExecute (_http_server.js:482:3)
These are the "imports" I used:
const http = require('http');
const httpProxy = require('http-proxy');
const fs = require('fs');
const parseDomain = require('parse-domain');
I guess this is a result of "resources" not working:
Nexe relies on mangling the base binary which inherently breaks signing. Using the patch shown in that comment should allow you to embed your application fully. However, resources will not work.
Is there any way around this? Maybe I should use something else? Or maybe there is planned support for it?
Thank you, and I appreciate the library. It helped to quickly transform code written in Node to be used in macOS.
@kgaidis can you mention which version worked for you? Were you able to build and sign for Node 10.3 with the latest or the previous one?
@calebboyd - is there any current path to get nexe to create a signable binary on mac w/ a resource file? Is there any current path that works without a resource? I've been trawling through the various linked issues/comments/etc. and can't get anything usable to work.
OSX signing is evil.
Basically, you can't sign something which has had stuff appended to it (like a new nexe app has).
I recently spend 2 weeks making my (heavily modified old NEXE app using lockwrap for a filesystem) work for OSX.
The solution I came up with was as follows:
Because an OSX 'APP' is normally delivered as a folder structure, you can include data files in your deployment.
So, quite simply, I modified my 'internal' nexe javascript (the stuff which is compiled in) to look for the packaged filesystem in a known datafile, and if that failed, look on the end of the exe (e.g. for win32 or linux).
This allows you to sign the (now valid) OSX plain executable, and the data file get's signed separately, then it all works, and even passed their new 'let apple virus scan it' system.... :).
Now trying to upgrade from node 6.9.11 to node 12.10.0 using latest nexe... more heavy nexe modifications required :) (but once done the OSX should still be fine).
p.s. if someone really wants a challenge, check out my fork of isign - OSX signing without OSX - I gave up at the last hurdle, but maybe someone with better python/openssl experience can take it on....
Most helpful comment
OSX signing is evil.
Basically, you can't sign something which has had stuff appended to it (like a new nexe app has).
I recently spend 2 weeks making my (heavily modified old NEXE app using lockwrap for a filesystem) work for OSX.
The solution I came up with was as follows:
Because an OSX 'APP' is normally delivered as a folder structure, you can include data files in your deployment.
So, quite simply, I modified my 'internal' nexe javascript (the stuff which is compiled in) to look for the packaged filesystem in a known datafile, and if that failed, look on the end of the exe (e.g. for win32 or linux).
This allows you to sign the (now valid) OSX plain executable, and the data file get's signed separately, then it all works, and even passed their new 'let apple virus scan it' system.... :).
Now trying to upgrade from node 6.9.11 to node 12.10.0 using latest nexe... more heavy nexe modifications required :) (but once done the OSX should still be fine).
p.s. if someone really wants a challenge, check out my fork of isign - OSX signing without OSX - I gave up at the last hurdle, but maybe someone with better python/openssl experience can take it on....