osx-sign: CodeSigning / SQLite3 failure
Last resort to post an issue here but I’m running out of idea’s on this one:
Code signing darwin app on TravisCI is failing with the following error message:
WARNING: Code sign failed; please retry manually. Error: Command failed: codesign --sign [secure] --force /var/folders/bb/n7t3rs157850byt_jfdcq9k80000gn/T/electron-packager/darwin-x64/<APP_NAME>-darwin-x64/<APP_NAME>.app/Contents/Resources/app/node_modules/sqlite3/build/Release/.deps/private/var/folders/bb/n7t3rs157850byt_jfdcq9k80000gn/T/electron-packager/darwin-x64/<APP_NAME>-darwin-x64/Electron.app
/var/folders/bb/n7t3rs157850byt_jfdcq9k80000gn/T/electron-packager/darwin-x64/<APP_NAME>-darwin-x64/<APP_NAME>.app/Contents/Resources/app/node_modules/sqlite3/build/Release/.deps/private/var/folders/bb/n7t3rs157850byt_jfdcq9k80000gn/T/electron-packager/darwin-x64/<APP_NAME>-darwin-x64/Electron.app: bundle format unrecognized, invalid, or unsuitable
I’ve no clue as to why SQLite is being involved here (it is a project dependency though) and everything else succeeds beyond this message but the code isn’t signed and our generated artefacts (.dmg) are damaged.
The certificates being used for this, on Travis, are:
- Worldwide Developer Relations Certificate Authority
- Developer ID Certificate Authority
- Our developerID.p12 certificate
The developerID certificate works when I codesign on local OSX but perhaps there’s something bundled within my O/S thats missing or different on Travis. The certificates listed above are indicated as requirements for codesigning within the Apple developer area (https://developer.apple.com/account/ios/certificate/).
Here’s the contents of our signing shell script that is responsible for installing what I believe to be the correct certs:
#!/bin/sh KEY_CHAIN=mac-build.keychain security create-keychain -p travis $KEY_CHAIN security default-keychain -s $KEY_CHAIN security unlock-keychain -p travis $KEY_CHAIN security set-keychain-settings -t 3600 -u $KEY_CHAIN CERT_LOCATION=$PWD/deploy/certs security import $CERT_LOCATION/apple.cer -k $KEY_CHAIN -A /usr/bin/codesign security import $CERT_LOCATION/icon-osx-developer.cer -k $KEY_CHAIN -A /usr/bin/codesign security import $CERT_LOCATION/icon-osx-developer.p12 -k $KEY_CHAIN -P $OSX_SIGNING_IDENTITY_PASSWORD -A /usr/bin/codesign echo "Add keychain to keychain-list" security list-keychains -s mac-build.keychain echo "Settting key partition list" security set-key-partition-list -S apple-tool:,apple: -s -k travis $KEY_CHAIN echo "Installed identities" security find-identity -v -p codesigning
Here’s the content of the electronPackagerConfig section of package.json
'electronPackagerConfig': {
'osxSign': {
identity: process.env.OSX_SIGNING_IDENTITY
}
}
(OSX_SIGNING_IDENTITY is set as A2FC137228DABBAA8101DD3B6704EEXXXXXXXXXX)
And here’s our travis.yml config:
osx_image: xcode8.3
sudo: required
dist: trusty
language: c
matrix:
include:
- os: osx
env: CC=clang CXX=clang++ npm_config_clang=1
compiler: clang
cache:
directories:
- node_modules
- app/node_modules
- "$HOME/.electron"
- "$HOME/.cache"
addons:
apt:
packages:
- libgnome-keyring-dev
- icnsutils
before_install:
- mkdir -p /tmp/git-lfs && curl -L https://github.com/github/git-lfs/releases/download/v1.2.1/git-lfs-$([
"$TRAVIS_OS_NAME" == "linux" ] && echo "linux" || echo "darwin")-amd64-1.2.1.tar.gz
| tar -xz -C /tmp/git-lfs --strip-components 1 && /tmp/git-lfs/git-lfs pull
- if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then sudo apt-get install --no-install-recommends -y icnsutils graphicsmagick xz-utils; fi
- *./deploy/executables/codesign.sh*
- cd build
- ls
install:
- nvm install 6
- npm install electron-forge -g
- npm install electron-builder@next
- npm install node-pre-gyp -g
- export CPPFLAGS=-I/usr/local/opt/openssl/include
- export LDFLAGS=-L/usr/local/opt/openssl/lib
- npm install --g yarn@0.27.5
- npm install --g gulp
- npm install --g node-sass
- npm install --save nan
script:
- npm install
- python ../deploy/environment/replace.py
- electron-forge publish
branches:
except:
- "/^v\\d+\\.\\d+\\.\\d+$/"
only:
- "master"
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Comments: 20 (11 by maintainers)
This is still an issue in 2023! I just updated my mac to Ventura and codesign started failing with the same error.
I was using electron forge and it manifested as this
Then I turned on the debug logging by pasting this into my terminal
export DEBUG=electron-osx-sign*Finally I saw the error mentioned above specifically for sqlite3
WARNING: Code sign failed; please retry manually. Error: Command failed: codesign --sign xxx --force --timestamp --options runtime --entitlements /Users/users/app/node_modules/@electron/osx-sign/entitlements/default.darwin.plist /var/folders/cs/w4t4m2sj4_g_hgzt27pg0q3h0000gn/T/electron-packager/darwin-x64/app-darwin-x64-n9ugoY/app.app/Contents/Resources/app/node_modules/sqlite3/build/Release/.deps/private/var/folders/cs/w4t4m2sj4_g_hgzt27pg0q3h0000gn/T/electron-packager/darwin-x64/app-darwin-x64-n9ugoY/Electron.app /var/folders/cs/w4t4m2sj4_g_hgzt27pg0q3h0000gn/T/electron-packager/darwin-x64/app-darwin-x64-n9ugoY/app.app/Contents/Resources/app/node_modules/sqlite3/build/Release/.deps/private/var/folders/cs/w4t4m2sj4_g_hgzt27pg0q3h0000gn/T/electron-packager/darwin-x64/app-darwin-x64-n9ugoY/Electron.app: bundle format unrecognized, invalid, or unsuitableSolution was this package after prune hook
If I had to guess, Forge is rebuilding
sqlite3viaelectron-rebuildso you’d have to add anafterPrunehook to remove thenode_modules/sqlite3/builddirectory that way.I would suggest setting
electronPackagerConfig.ignoreto ignore thesqlite3/builddirectory.