We have developed an electron app which we want to extend with an action extension. The action extension is written in swift in Xcode. Our plan was to build the .appex file and insert it into the PlugIns folder in our electron app, but I don't think this is the right way to do it?
If we insert the .appex file before notarization then we get an error that we are "replacing existing signature".
If we manually insert it after the notarization then we get an error with the app is damaged and can’t be opened.
Can anybody provide a procedure for this kind of merge I would imagine that it goes something like:
- Sign app
- Sign extension
- Add extension to App
- Notarize app
For signing the app we use electron-builder.
If we insert the .appex file before notarization then we get an error that we are "replacing existing signature".
That’s not an error; it’s just codesign telling you about the action it took. Consider:
% cp /usr/bin/true MyTrue
% codesign -s - MyTrue ; echo $?
MyTrue: is already signed
1
% codesign -s - -f MyTrue ; echo $?
MyTrue: replacing existing signature
0
The first codesign failed because the program was already signed; the second worked, because of the -f flag, but you then get the replacing existing signature message.
Taking a step back, it’s critical that you insert the app before the final signing step of the container app. That way the appex is sealed over by the code signature. If you insert it after, you break the seal on the existing code signature and, as you’ve seen, bad things ensure.
For general advice on how to sign code manually, see:
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"