electron-builder
electron-builder copied to clipboard
electron-userland
Electron MacOS app 'Not Available for Testing' in Testflight
- Electron-Builder Version: 23.0.8
- Node Version: v16.9.1
- Electron Version: 17.4.3
- Electron Type (current, beta, nightly): Current
- Electron Updater Version: 5.0.1
- Target: MAS (Mac Appstore)
- Build Platform: M1 Air, Monterey 12.3.1
I'm working on a universal MacOS app in Electron, and while I've gotten pretty far, I can't seem to figure out how to enable it for testing in Testflight.
I keep running into the following error in App Store Connect no matter what I do:
Varying useful stuff I've found:
- https://github.com/electron/osx-sign/issues/251
- https://developer.apple.com/forums/thread/689377
- https://jondot.medium.com/shipping-electron-apps-to-mac-app-store-with-electron-builder-e960d46148ec
- https://www.electronjs.org/docs/latest/tutorial/mac-app-store-submission-guide
- https://til.simonwillison.net/electron/sign-notarize-electron-macos
Why does this issue happen? What can I do to help debug?
My setup
package.json relevant build section
"build": {
"appId": "com.xxxxx.xxxxxx",
"afterSign": "electron-builder-notarize",
"mac": {
"category": "public.app-category.entertainment",
"darkModeSupport": true,
"hardenedRuntime": true,
"gatekeeperAssess": false,
"entitlements": "build/entitlements.mac.plist",
"entitlementsInherit": "build/entitlements.mac.plist",
"icon": "build/icon.icns",
"target": [
{
"target": "mas",
"arch": "universal"
},
"dmg"
]
},
"mas": {
"type": "distribution",
"hardenedRuntime": false,
"provisioningProfile": "embedded.provisionprofile",
"entitlements": "build/entitlements.mas.plist",
"entitlementsInherit": "build/entitlements.mas.inherit.plist"
}
}
entitlements.mas.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.application-groups</key>
<string>TEAMID.com.app.appname</string>
<key>com.apple.application-identifier</key>
<string>TEAMID.com.app.appname</string>
<key>com.apple.developer.team-identifier</key>
<string>TEAMID</string>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
<true/>
</dict>
</plist>
entitlements.mas.inherit.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.inherit</key>
<true/>
</dict>
</plist>
I thought hardenedRuntime was required to be true for all modern versions of macOS, regardless of mac or mas target.
Not sure, but changing it to true didn't solve the issue unfortunately 🫤
Multiple places where people have disabled hardenedRuntime, apparently successfully:
- https://www.techandstartup.org/tutorials/release-electron-app-on-mac-app-store
- https://gist.github.com/salomvary/c8728f97d3ae916ea11129ebadf8b85f
- https://webspaceteam.com/blog/how-to-publish-an-electron-application-to-mac-app-store
After looking through all these, and just playing around with adding different entitlements, it was resolved with the following settings. I honestly have no idea which of these is relevant at this point, and after days of debugging I am beyond the point of caring haha. But for future internet travelers who find themselves stuck, here is what I have that got me through:
package.json relevant section (added loginhelper!)
"build": {
"appId": "com.xxxxxx.xxxxxx",
"afterSign": "electron-builder-notarize",
"mac": {
"category": "public.app-category.entertainment",
"darkModeSupport": true,
"hardenedRuntime": true,
"gatekeeperAssess": false,
"entitlements": "build/entitlements.mac.plist",
"entitlementsInherit": "build/entitlements.mac.plist",
"icon": "build/icon.icns",
"target": [
{
"target": "mas",
"arch": "universal"
},
"dmg"
]
},
"mas": {
"type": "distribution",
"hardenedRuntime": false,
"provisioningProfile": "embedded.provisionprofile",
"entitlements": "build/entitlements.mas.plist",
"entitlementsInherit": "build/entitlements.mas.inherit.plist",
"entitlementsLoginHelper": "build/entitlements.mas.loginhelper.plist"
}
}
entitlements.mas.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.application-groups</key>
<string>TEAMID.com.app.appname</string>
<key>com.apple.application-identifier</key>
<string>TEAMID.com.app.appname</string>
<key>com.apple.developer.team-identifier</key>
<string>TEAMID</string>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.files.user-selected.read-only</key>
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
</dict>
</plist>
entitlements.mas.inherit.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.inherit</key>
<true/>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
</dict>
</plist>
entitlements.mas.loginhelper.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
</dict>
</plist>
lol, then I immediately run into this: https://github.com/electron/electron/issues/33054
So close, yet so far.
After looking through all these, and just playing around with adding different entitlements, it was resolved with the following settings. I honestly have no idea which of these is relevant at this point, and after days of debugging I am beyond the point of caring haha. But for future internet travelers who find themselves stuck, here is what I have that got me through:
package.json relevant section (added loginhelper!)
"build": { "appId": "com.xxxxxx.xxxxxx", "afterSign": "electron-builder-notarize", "mac": { "category": "public.app-category.entertainment", "darkModeSupport": true, "hardenedRuntime": true, "gatekeeperAssess": false, "entitlements": "build/entitlements.mac.plist", "entitlementsInherit": "build/entitlements.mac.plist", "icon": "build/icon.icns", "target": [ { "target": "mas", "arch": "universal" }, "dmg" ] }, "mas": { "type": "distribution", "hardenedRuntime": false, "provisioningProfile": "embedded.provisionprofile", "entitlements": "build/entitlements.mas.plist", "entitlementsInherit": "build/entitlements.mas.inherit.plist", "entitlementsLoginHelper": "build/entitlements.mas.loginhelper.plist" } }entitlements.mas.plist
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.application-groups</key> <string>TEAMID.com.app.appname</string> <key>com.apple.application-identifier</key> <string>TEAMID.com.app.appname</string> <key>com.apple.developer.team-identifier</key> <string>TEAMID</string> <key>com.apple.security.cs.allow-jit</key> <true/> <key>com.apple.security.cs.allow-unsigned-executable-memory</key> <true/> <key>com.apple.security.cs.allow-dyld-environment-variables</key> <true/> <key>com.apple.security.network.client</key> <true/> <key>com.apple.security.files.user-selected.read-only</key> <true/> <key>com.apple.security.files.user-selected.read-write</key> <true/> </dict> </plist>entitlements.mas.inherit.plist
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.inherit</key> <true/> <key>com.apple.security.cs.allow-jit</key> <true/> <key>com.apple.security.cs.allow-unsigned-executable-memory</key> <true/> </dict> </plist>entitlements.mas.loginhelper.plist
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.app-sandbox</key> <true/> </dict> </plist>
finally this works 😉 Thank you very much!!!
In case anyone bumps into this in the future, it issue for me was also missing entitlements entry for loginhelper. Adding those resolved the issue 🎉
@hisnameisjimmy Where can I download the build/entitlements.mac.plist file?
Another thing to consider is I believe I've determined that on my particular configuration, com.apple.security.application-groups must be an array of strings.
https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_application-groups
Related thread:
https://github.com/electron/osx-sign/issues/281#issuecomment-1967719627
This resolved it for me:
"entitlementsLoginHelper": "build/entitlements.mas.loginhelper.plist"
