electron-builder: macOS Sign error while uploading to apple store.

Electron Version : 6.0.10 Electron Build version: 21.2.0

The following signing errors are shown during uploading mac pkg to apple store.

I have all these certificates at keychain: command: security find-identity -p codesigning -v

  1. 02D559EF08AC6CB6BC0F255035DA50A0EE8FDD7A “Developer ID Application: MyCompany, Inc. (4VXK2DP174)”
  2. 8AF5BD5FDE2078BC55DD09F709068EDF93C3498B “3rd Party Mac Developer Application: MyCompany, Inc. (4VXK2DP174)”
  3. 6127C61FCB71B8A94B55918DD67FCF0FE78EA621 “Mac Developer: Ahmed Wali (K8PV65GGCB)” 3 valid identities found

Errors on upload pkg:

  1. ERROR ITMS-90287: “Invalid Code Signing Entitlements. The entitlements in your app bundle signature do not match the ones that are contained in the provisioning profile. The bundle contains a key that is not included in the provisioning profile: ‘com.apple.developer.team-identifier’ in ‘com.myapp.myappformac.pkg/Payload/My App.app/Contents/MacOS/My App’.”
  2. ERROR ITMS-90287: “Invalid Code Signing Entitlements. The entitlements in your app bundle signature do not match the ones that are contained in the provisioning profile. The bundle contains a key that is not included in the provisioning profile: ‘com.apple.application-identifier’ in ‘com.myapp.myappformac.pkg/Payload/My App.app/Contents/MacOS/My App’.”
  3. ERROR ITMS-90237: “The product archive package’s signature is invalid. Ensure that it is signed with your “3rd Party Mac Developer Installer” certificate.”
  4. ERROR ITMS-90277: “Invalid Bundle Identifier. The application bundle contains a tool or framework Electron Helper (GPU) [com.myapp.myappformac.pkg/Payload/My App.app/Contents/Frameworks/My App Helper (GPU).app] using the bundle identifier ‘com.myapp.myappformac.helper.(GPU)’, which is not a valid bundle identifier.”
  5. ERROR ITMS-90277: “Invalid Bundle Identifier. The application bundle contains a tool or framework Electron Helper (Plugin) [com.myapp.myappformac.pkg/Payload/My App.app/Contents/Frameworks/My App Helper (Plugin).app] using the bundle identifier ‘com.myapp.myappformac.helper.(Plugin)’, which is not a valid bundle identifier.”
  6. ERROR ITMS-90277: “Invalid Bundle Identifier. The application bundle contains a tool or framework Electron Helper (Renderer) [com.myapp.myappformac.pkg/Payload/My App.app/Contents/Frameworks/My App Helper (Renderer).app] using the bundle identifier ‘com.myapp.myappformac.helper.(Renderer)’, which is not a valid bundle identifier.”

Here are mac settings in package.json file;

"mac": {
     "category": "public.app-category.productivity",
     "target": [
       "pkg"
     ],
     "identity": "MyCompany, Inc. (4VXK2DP174)",
     "icon": "My-APP.icns",
     "entitlements": "dist/entitlements.mac.plist",
     "entitlementsInherit": "dist/entitlements.mac.plist",
   },
   "dmg": {
     "background": "electron-config/dmg/todo-background.tiff",
     "contents": [
       {
         "type": "file",
         "x": 120,
         "y": 275
       },
       {
         "type": "link",
         "path": "/Applications",
         "x": 420,
         "y": 275
       }
     ],
     "window": {
       "width": 540,
       "height": 400
     }
   },

entitlements.mac.plist:

<?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
   <dict>
    <key>com.apple.security.cs.allow-jit</key>
        <true/>
        <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
        <true/>
    	<key>com.apple.security.cs.disable-library-validation</key>
        <true/>
    	<key>com.apple.security.cs.disable-executable-page-protection</key>
        <true/>
     <key>com.apple.security.app-sandbox</key>
        <true/>
     <key>com.apple.security.inherit</key>
        <true/>
   </dict>
 </plist>

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Reactions: 2
  • Comments: 16 (3 by maintainers)

Most upvoted comments

I was getting similar errors when verifying the bundle with altool before uploading. The solution was to create a provisioning profile for Mac App distribution, download it and set provisioningProfile for electron-builder to point to the downloaded provisioning profile file.

After this the build passed all verifications and uploaded with no issues.

+1
salomvary on May 7, 2020

To me it looks like you are using a wrong bundle id for your app during notarize. Following is my notarize script which requires you to provide the app bundle id.

I use electron-notarize.

const { notarize } = require('electron-notarize');

exports.default = async function notarizing(context) {
  const { electronPlatformName, appOutDir } = context;  
  if (electronPlatformName !== 'darwin') {
    return;
  }

  const appName = context.packager.appInfo.productFilename;

  return await notarize({
    appBundleId: 'com.xxx.<app-name>',
    appPath: `${appOutDir}/${appName}.app`,
    appleId: process.env['APPLE_ID'],
    appleIdPassword: `@keychain:AppleNotarize`,
    ascProvider: 'XXXXXXXXXX'
  });
};

appBundleId should match with what you have in your provisioning profile. This is important. And also the entitlements should match what you have in your provisioning profile.

Here is my entitlement file -

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.cs.allow-jit</key>
    <true/>
    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
    <true/>
    <key>com.apple.security.cs.allow-dyld-environment-variables</key>
    <true/>
    <key>com.apple.security.cs.disable-library-validation</key>
    <true/>
  </dict>
</plist>

Let me know how it goes. I hope this helps. Good luck.

+1
amargautam on Jan 26, 2020

Thanks @codebytere. I’ll alert @ahmadwaliesipick to check these links you shared. Thank you for the reply.

+1
kellerchch on Jan 24, 2020

@kellerchch how did you generate the codesigning information? We have a document in the main codebase that should outline the necessary steps.

This module partially abstracts that process away should you prefer that: https://github.com/electron/electron-osx-sign

+1
codebytere on Jan 24, 2020
Read more comments on GitHub
← electron-builder: macOS Hardened runtime, notarization, code signing: app crashes and doesn't work at all
electron-builder: Macro "arch" does not work in artifactName for NSIS →