Persistent Notarization Issues with Electron App

Question

idocohen OP

Created Aug ’24

Replies 1

Boosts 0

Participants 2

I am runnning persistent notarization issues with my macOS Electron application.

Despite multiple attempts to resolve these issues, the notarization status remains "Invalid," and the errors in the report are consistent.

What I'm doing

Sign the code like this

codesign --sign "Apple Distribution: Name Lastname (123456)" --deep --force --timestamp=auto path/to/Application.app

I then get: Application.app: replacing existing signature

I then verify the signing with:

codesign --verify --deep --strict --verbose=4 path/to/Application.app

I then get: --prepared:/path/to/Application.app/Contents/Frameworks/SomeFramework.framework --validated:/path/to/Application.app/Contents/Frameworks/SomeFramework.framework --prepared:/path/to/Application.app/Contents/Frameworks/AnotherFramework.framework --validated:/path/to/Application.app/Contents/Frameworks/AnotherFramework.framework Application.app: valid on disk Application.app: satisfies its Designated Requirement

I then build:

npm build

I then package:

zip -r Application.zip Application.app

I then upload:

xcrun notarytool submit Application.zip --apple-id your-apple-id --team-id your-team-id --password your-app-specific-password

Then I check for status and I get:

Successfully received submission info createdDate: 2024-08-15T18:21:31.520Z id: 55daf39a-4be9-4dd6-a490-1890d33f9e75 name: Application.zip status: Invalid

In the report generated I get issues like:

"path": "path/to/Application.app/Contents/Frameworks/SomeFramework.framework/SomeFramework", "message": "The signature of the binary is invalid.", "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087735", "architecture": "arm64"

and

"path": "path/to/Application.app/Contents/Frameworks/SomeFramework.framework/Versions/Current/Helpers/chrome_crashpad_handler", "message": "The signature does not include a secure timestamp.", "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087733", "architecture": "arm64"

What am I doing wrong? I tried signing each issue separately and rerun the entire process, it's not working.

Answered by DTS Engineer in 801664022

You are currently signing your code using --deep, which is something I specifically recommend against. See --deep Considered Harmful.

Apple has general advice on how to sign a Mac app correctly:

In this case, however, I recommend that you consult the support resources for your third-party tools, because this is a path than many other folks have walked down previously.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Boost

Answer 1

DTS Engineer OP

Apple

Aug ’24

Recommended

You are currently signing your code using --deep, which is something I specifically recommend against. See --deep Considered Harmful.

Apple has general advice on how to sign a Mac app correctly:

In this case, however, I recommend that you consult the support resources for your third-party tools, because this is a path than many other folks have walked down previously.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0