electron-builder: InvalidConfigurationError: Cannot find valid "3rd Party Mac Developer Installer" identity to sign MAS installer

I have been tormented by this issue for hours. It all started when one or both of these things happened:

a) My app’s “Developer ID Installer” expired (“easily” fixed) b) I added “Apple Distribution” for a second organization, effectively making two available, and electron-builder was silently choosing the first

To troubleshoot I used the trusty: security find-identity -v

I’ve found a few ways to mitigate this issue:

1. Move the second “Apple Distribution” cert and associated private-key into a dedicated Keychain. I just moved all of that team’s signing-related certs/keys into the Keychain, and then LOCKED it.
2. Remove any “-c.mac.identity=” for the mas build step, because defining it seems to cause other issues related to the same arch being built twice, or maybe it was something else. Regardless, specifying the identity breaks things.

I need to get a “F@%& CODE SIGNING” t-shirt made. This stuff is brutal.

As a stopgap measure, I commented out that portion of code in the node_modules/app-builder-lib/out/macPackager.js and just did productbuild manually

await this.doSign(signOptions);
        // https://github.com/electron-userland/electron-builder/issues/1196#issuecomment-312310209
        if (masOptions != null && !isDevelopment) {
            const certType = isDevelopment ? "Mac Developer" : "3rd Party Mac Developer Installer";
            const masInstallerIdentity = await macCodeSign_1.findIdentity(certType, masOptions.identity, keychainFile);
            // if (masInstallerIdentity == null) {
            //     throw new builder_util_1.InvalidConfigurationError(`Cannot find valid "${certType}" identity to sign MAS installer, please see https://electron.build/code-signing`);
            // }
            // // mas uploaded to AppStore, so, use "-" instead of space for name
            // const artifactName = this.expandArtifactNamePattern(masOptions, "pkg", arch);
            // const artifactPath = path.join(outDir, artifactName);
            // await this.doFlat(appPath, artifactPath, masInstallerIdentity, keychainFile);
            // await this.dispatchArtifactCreated(artifactPath, null, builder_util_1.Arch.x64, this.computeSafeArtifactName(artifactName, "pkg", arch, true, this.platformSpecificBuildOptions.defaultArch));
        }

According to this snippet code which generated error debug message, I found a way to solve this issue. We just need to select both Apple Distribution and 3rd Party Mac Developer Installer certificates in the keychain and export them in a single p12 file, and then add to our project, then everything works fine.

I have been tormented by this issue for hours. It all started when one or both of these things happened:

a) My app’s “Developer ID Installer” expired (“easily” fixed) b) I added “Apple Distribution” for a second organization, effectively making two available, and electron-builder was silently choosing the first

To troubleshoot I used the trusty: security find-identity -v

I’ve found a few ways to mitigate this issue:

1. Move the second “Apple Distribution” cert and associated private-key into a dedicated Keychain. I just moved all of that team’s signing-related certs/keys into the Keychain, and then LOCKED it.
2. Remove any “-c.mac.identity=” for the mas build step, because defining it seems to cause other issues related to the same arch being built twice, or maybe it was something else. Regardless, specifying the identity breaks things.

I need to get a “F@%& CODE SIGNING” t-shirt made. This stuff is brutal.

I AGREE with you. This “F@%& CODE SIGNING” requirement is silly trick of Apple to stop you making profit. They are arrogant to provide few instructions and rename the FXXKING certificates randomly.

As a stopgap measure, I commented out that portion of code in the node_modules/app-builder-lib/out/macPackager.js and just did productbuild manually

await this.doSign(signOptions);
        // https://github.com/electron-userland/electron-builder/issues/1196#issuecomment-312310209
        if (masOptions != null && !isDevelopment) {
            const certType = isDevelopment ? "Mac Developer" : "3rd Party Mac Developer Installer";
            const masInstallerIdentity = await macCodeSign_1.findIdentity(certType, masOptions.identity, keychainFile);
            // if (masInstallerIdentity == null) {
            //     throw new builder_util_1.InvalidConfigurationError(`Cannot find valid "${certType}" identity to sign MAS installer, please see https://electron.build/code-signing`);
            // }
            // // mas uploaded to AppStore, so, use "-" instead of space for name
            // const artifactName = this.expandArtifactNamePattern(masOptions, "pkg", arch);
            // const artifactPath = path.join(outDir, artifactName);
            // await this.doFlat(appPath, artifactPath, masInstallerIdentity, keychainFile);
            // await this.dispatchArtifactCreated(artifactPath, null, builder_util_1.Arch.x64, this.computeSafeArtifactName(artifactName, "pkg", arch, true, this.platformSpecificBuildOptions.defaultArch));
        }