To provide more context, I tried security find-identity -p codesigning -v but it only prints my Developer ID Application and not my Developer ID Installer, even though I saw the Developer ID Installer in Xcode and in Keychain Access. Hence what I think might be happening is that there is an issue on the Apple end with my Developer ID Installer certificate itself. Sridhara & Govinda Dasu

I guessed that maybe the older versions of electron and forge don't work anymore. So I decided to literally try setting up the tutorial app on https://www.electronjs.org/docs/latest/ While going through the steps I noticed that here https://www.electronjs.org/docs/latest/tutorial/tutorial-packaging, they say that you should follow electron forge's docs' code-signing-macos section. And there I noticed it recommends us to have a Developer ID Installer. Now I tried security find-identity -p codesigning -v but it only prints my Developer ID Application and not my Developer ID Installer, even though I saw the Developer ID Installer in Xcode and in Keychain Access. Hence, I am confused. I am all out of Developer ID Installer certificates and none of them work, so I think I need to ask apple to revoke them all so I can retry with fresh ones. I will try emailing product-security AT apple.com

Thank you so much for your answer. Yes - knowing why that traps would be helpful, but I actually I think I discovered an issue that may be causing all this. After making the app, it works fine and prints Hello world - both the MAS .app and the pkg work. However, after running: electron-osx-sign out/Thea-mas-x64/Thea.app --identity='3rd Party Mac Developer Application' --entitlements=entitlements.plist --provisioning-profile=Thea11072024.provisionprofile --platform=mas --no-pre-auto-entitlements I tried it without --no-pre-auto-entitlements but no difference. By the way I am pretty sure osx-sign is using codesign under the hood. Then clicking on MAS .app no longer works and it gives us this error: Translated Report (Full Report Below) ------------------------------------- Incident Identifier: 526F2C25-10CD-41EE-9D79-88A664304EFD CrashReporter Key: C9688684-833E-6290-40E6-2EBFB18D3C42 Hardware Model: MacBookPro15,1 Process: Thea [53001] Path: /Users/USER/Desktop/*/Thea.app/Contents/MacOS/Thea Identifier: com.ldtalentwork.thea Version: 1.0.18 (1.0.18) Code Type: X86-64 (Native) Role: Default Parent Process: launchd [1] Coalition: com.ldtalentwork.thea [171678] Date/Time: 2023-12-19 17:39:39.5882 -0600 Launch Time: 2023-12-19 17:39:39.4860 -0600 OS Version: macOS 13.5 (22G74) Release Type: User Report Version: 104 Exception Type: EXC_CRASH (SIGKILL (Code Signature Invalid)) Exception Codes: 0x0000000000000000, 0x0000000000000000 Termination Reason: CODESIGNING 1 Taskgated Invalid Signature Triggered by Thread: 0 Thread 0 Crashed: 0 ??? 0x112640070 _dyld_start + 0 1 0x10d77e000 ??? Thread 0 crashed with X86 Thread State (64-bit): rax: 0x0000000000000000 rbx: 0x0000000000000000 rcx: 0x0000000000000000 rdx: 0x0000000000000000 rdi: 0x0000000000000000 rsi: 0x0000000000000000 rbp: 0x0000000000000000 rsp: 0x00007ff7b2781b78 r8: 0x0000000000000000 r9: 0x0000000000000000 r10: 0x0000000000000000 r11: 0x0000000000000000 r12: 0x0000000000000000 r13: 0x0000000000000000 r14: 0x0000000000000000 r15: 0x0000000000000000 rip: 0x0000000112640070 rfl: 0x0000000000000200 cr2: 0x0000000000000000 Logical CPU: 0 Error Code: 0x00000000 Trap Number: 0 Binary Images: 0x11263b000 - 0x1126d6fff ??? (*) <31e1c182-e611-3883-97a3-4334a21c90bd> ??? 0x10d77e000 - 0x10d77ffff (*) <4c4c441a-5555-3144-a113-99eac23befd3> ??? Error Formulating Crash Report: dyld_process_snapshot_get_shared_cache failed EOF Is this normal that after codesigning the .app, it should no longer be openable. Moreover, I noticed that after running the electron-osx-sign command the .app file and the .pkg file were not modified at all. Despite the .app file not being modified, it no longer worked after running osx-sign. Might this be the issue? I tried to look this issue up: https://forums.developer.apple.com/forums/thread/698870 https://github.com/electron/osx-sign/issues/61 But I don't think I have found any solution that might work. Here is how my entitlements.plist looks: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.device.camera</key> <true/> <key>com.apple.security.device.audio-input</key> <true/> <key>com.apple.security.network.client</key> <true/> <key>com.apple.security.network.server</key> <true/> <key>com.apple.security.cs.allow-jit</key> <true/> <key>com.apple.security.cs.debugger</key> <true/> <key>com.apple.security.cs.allow-unsigned-executable-memory</key> <true/> <key>com.apple.application-identifier</key> <string>626S3G94S4.com.ldtalentwork.thea</string> <key>com.apple.developer.team-identifier</key> <string>626S3G94S4</string> </dict> </plist> And I just created a certificate signing request in keychain access and then just downloaded the 3rd Party Mac Developer Application and put it in keychain access, so I am not sure how anything could be wrong. Let me know if you have any ideas on what I can try.