osx-sign: Error: code object is not signed at all
Hey @sethlu and @malept. I’ve been working on getting an Electron app into the MAS for a few days. 😅 – lots of googling and I keep seeing your names pop up on old threads. Thanks for helping people figure this stuff out!
I’ve got all my signing certs set up:
I’m using this electron-packager incantation to generate a .pkg file and publishing the build to iTunes Connect using Application Loader:
# package for MAS
electron-packager . \
--platform=mas \
--arch=x64 \
--out=dist \
--prune=true \
--app-bundle-id=com.sikelianos.zeke.illuminati \
--app-version="$npm_package_version" \
--build-version="$npm_package_version_build" \
--icon=build/icon.icns \
--osx-sign
# copy provision profile
cp embedded.provisionprofile dist/Illuminati-mas-x64/Illuminati.app/Contents/
# flatten
electron-osx-flat dist/Illuminati-mas-x64/Illuminati.app \
--pkg dist/illuminati.pkg
The Application Loader step succeeds, but I got an email back:
Invalid Signature - The executable at path Illuminati.app/Contents/Resources/app/node_modules/fsevents/build/Release/.node has following signing error(s): code object is not signed at all In architecture: x86_64 . Refer to the Code Signing and Application Sandboxing Guide at http://developer.apple.com/library/mac/#documentation/Security/Conceptual/CodeSigningGuide/AboutCS/AboutCS.html and Technical Note 2206 at https://developer.apple.com/library/mac/technotes/tn2206/_index.html for more information.
Any pointers on what I might be missing?
Ideas:
- Should I be using
codesignsomewhere too, or iselectron-osx-signall I need? - Do I need an
Info.plistfile with some custom stuff in it? The app doesn’t have any special requirements that I know of.
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Comments: 15 (9 by maintainers)
Hi @zeke! 😺
I think the issue comes from the native node addons (from the
fseventsdependency). Sinceelectron-osx-signbypasses scanning files that begin with a dot.(typically the hidden files, e.g..gitignore), it happens to skip code signing this binary file located atIlluminati.app/Contents/Resources/app/node_modules/fsevents/build/Release/.node. While files with names likesomething.nodewill be automatically signed.🏅 I guess it may be good for
electron-osx-signto expect.nodeas a binary?A revised workflow for now may be the following:
Lemme know if it helps 😄
Hi @sethlu we fixed this issue and successfully launched on app store thanks for your reply.
Hey Seth thanks for following up! I’m not able to test this fix right now, and probably won’t get back to this any time soon. Feel free to close this issue.
I ended up working around it by removing the dependency on
fseventswhich was coming fromelemona file watcher that I should have put indevDependenciesanyway, as those get pruned from the build. 👍Oh, and in response to your ideas: (Forgot to address them in an earlier post)
Yep,
electron-osx-signcallscodesignitself so we don’t have to tweak all those parameters.electron-osx-signwill at times modify theInfo.plistfile if it doesn’t contain enough information,ElectronTeamIDfor example. Providing an env variableDEBUG=electron-osx-sign*should have it displaying all those changes and what files are actually signed.