electron-builder: Mac App Store build is broken after upgrading to electron-builder@24

  • Electron-Builder Version: 24.5.2 and 24.4.0
  • Node Version: 18
  • Electron Version: 25.2.0
  • Electron Type (current, beta, nightly): current
  • Target: MAS (Mac App Store)

I’ve tested a few times and confirmed that upgrading from electron-builder@23.6.0 to electron-builder@24.5.2 broke Mac App Store build. Builds created with electron-builder@24.5.2 would show up as “Not Available for Testing” and then got rejected by App Review.

It is likely related to https://github.com/electron-userland/electron-builder/issues/7471 and https://github.com/electron-userland/electron-builder/pull/7491.

Electron: 25.2.0.

entitlements.mas.plist and entitlements.mas.inherit.plist are not specified in the config, but they exist in the build-resources directory.

Here’s my configuration:

  const opts: CliOptions = {
    publish: 'always',
    targets: platform.createTarget(targetTypes, ...archs),
    config: {
      appId: 'com.webcatalog.translatium',
      // https://github.com/electron-userland/electron-builder/issues/3730
      buildVersion: process.platform === 'darwin' ? appVersion : undefined,
      productName: 'Translatium',
      files: [
        '!docs/**/*',
        '!popclip/**/*',
        '!test/**/*',
        // Ignore C build files
        // https://github.com/electron/universal/issues/41#issuecomment-1074159565
        // fix "Can't reconcile two non-macho files"
        '!node_modules/**/*.{c,mk,a,o,h,Makefile}',
      ],
      directories: {
        buildResources: 'build-resources',
      },
      protocols: {
        name: 'Translatium',
        schemes: ['translatium'],
      },
      appx: {
        identityName: 'WebCatalogLtd.Translatium',
        publisher: 'CN=C2673AF2-2F8A-4FAF-AC59-112BBCFB3423',
        backgroundColor: '#43a047',
        languages: Object.values(DisplayLanguage),
        showNameOnTiles: true,
      },
      mac: {
        darkModeSupport: true,
        // https://github.com/electron/electron/issues/15958#issuecomment-447685065
        // alternative solution for
        // app.requestSingleInstanceLock in signed mas builds (Mac App Store)
        extendInfo: {
          LSMultipleInstancesProhibited: true,
        },
      },
      mas: {
        category: 'public.app-category.travel',
        provisioningProfile: process.env.FORCE_DEV
          ? 'build-resources/embedded-development.provisionprofile' // mas-dev
          : 'build-resources/embedded.provisionprofile',
        darkModeSupport: true,
        entitlements: 'build-resources/entitlements.mas.plist',
        entitlementsInherit: 'build-resources/entitlements.mas.inherit.plist',
        entitlementsLoginHelper:
          'build-resources/entitlements.mas.login-helper.plist',
      },
    },
  };

CC: @mmaietta

About this issue

  • Original URL
  • State: closed
  • Created a year ago
  • Comments: 16 (7 by maintainers)

Most upvoted comments

@mmaietta Thanks for the hint! I’ve found the issue, it’s a regression in @electron/osx-sign.

Here’s the fix: https://github.com/electron/osx-sign/pull/292

Temporary patch:

diff --git a/node_modules/@electron/osx-sign/dist/cjs/sign.js b/node_modules/@electron/osx-sign/dist/cjs/sign.js
index 2c1f202..baa0423 100644
--- a/node_modules/@electron/osx-sign/dist/cjs/sign.js
+++ b/node_modules/@electron/osx-sign/dist/cjs/sign.js
@@ -186,6 +186,9 @@ async function signApplication(opts, identity) {
             continue;
         }
         const perFileOptions = await mergeOptionsForFile(opts.optionsForFile ? opts.optionsForFile(filePath) : null, defaultOptionsForFile(filePath, opts.platform));
+        // preAutoEntitlements should only be applied to the top level app bundle.
+        // Applying it other files will cause the app to crash and be rejected by Apple.
+        if (!filePath.includes('.app/')) {
         if (opts.preAutoEntitlements === false) {
             (0, util_1.debugWarn)('Pre-sign operation disabled for entitlements automation.');
         }
@@ -206,6 +209,7 @@ async function signApplication(opts, identity) {
                 }
             }
         }
+        }
         (0, util_1.debugLog)('Signing... ' + filePath);
         const perFileArgs = [...args];
         if (perFileOptions.requirements) {
diff --git a/node_modules/@electron/osx-sign/dist/esm/sign.js b/node_modules/@electron/osx-sign/dist/esm/sign.js
index 9ef36c5..465120f 100644
--- a/node_modules/@electron/osx-sign/dist/esm/sign.js
+++ b/node_modules/@electron/osx-sign/dist/esm/sign.js
@@ -161,6 +161,9 @@ async function signApplication(opts, identity) {
             continue;
         }
         const perFileOptions = await mergeOptionsForFile(opts.optionsForFile ? opts.optionsForFile(filePath) : null, defaultOptionsForFile(filePath, opts.platform));
+        // preAutoEntitlements should only be applied to the top level app bundle.
+        // Applying it other files will cause the app to crash and be rejected by Apple.
+        if (!filePath.includes('.app/')) {
         if (opts.preAutoEntitlements === false) {
             debugWarn('Pre-sign operation disabled for entitlements automation.');
         }
@@ -181,6 +184,7 @@ async function signApplication(opts, identity) {
                 }
             }
         }
+        }
         debugLog('Signing... ' + filePath);
         const perFileArgs = [...args];
         if (perFileOptions.requirements) {
+2
quanglam2807 on Aug 16, 2023

Alright, try v24.6.2

+1
mmaietta on Jul 20, 2023

Will attempt to look into this tonight! Apologies folks. Looks like an additional unit test may be needed.

[EDIT]: I think I found the issue. Should have a patch release out shortly

+1
mmaietta on Jul 20, 2023
Read more comments on GitHub
← electron-builder: Linux build is not using productName
electron-builder: Mac downloads the update, but does not install it →