osx-sign
osx-sign copied to clipboard
electron
Code sign failed; please retry manually
I've seen a few other issue reports along these lines, but none that seem to address my situation specifically.
When attempting to code-sign my (development) app using electron-packager, I see:
WARNING: Code sign failed; please retry manually. Error: Command failed: spctl --assess --type execute --verbose --ignore-cache --no-cache /var/folders/gq/n2kpn6jd6sq_0prjv3vp8cgh0000gp/T/electron-packager/darwin-x64/electron-quick-start-apns-darwin-x64/electron-quick-start-apns.app
/var/folders/gq/n2kpn6jd6sq_0prjv3vp8cgh0000gp/T/electron-packager/darwin-x64/electron-quick-start-apns-darwin-x64/electron-quick-start-apns.app: rejected
The same issue appears if I use the osx-sign command line utilities.
I'm at a bit of a loss re: how to debug further. I've revisited code-signing requirements and have confirmed that the provisioning profile matches the bundle ID and developer certificate. Here are the options I'm passing into electron-packager/osx-sign (via electron-forge) (w/ some redactions):
"packagerConfig": {
"appBundleId": "com.sample-bundle-id",
"osxSign": {
"identity": "Mac Developer: [name] (XXXXXXXX)",
"entitlements": "entitlements-dev.plist",
"type": "development"
}
}
I've attempted to bundle the provisioning profile into the project + explicitly specify the path via the provisioningProfile option as well - no luck.
The strange bit - I was able to sign a previous project with similar options; but it's now failing when I attempt to newly sign a different project (with an updated bundle ID + provisioning profile).
Any thoughts on what might be happening here?
New provisioning profiles / certificates require notarization to pass spctl checks. You need to set gatekeeperAssess to false. The new @electron/osx-sign which will be integrated into packager Soon ™️ takes that into account. In fact I think newer already released versions of electron-osx-sign take that into account as well 🤔 so maybe try updating packager / osx-sign
