electron-builder icon indicating copy to clipboard operation
electron-builder copied to clipboard

Published 20 hours ago verified publisher icon electron-userland

Invalid code signing for MAS build (version 23.3.3)

Open thomasdao opened this issue 1 year ago • 0 comments

  • Electron-Builder Version: 23.3.3
  • Node Version: 16
  • Electron Version: 19.0.10
  • Target: MAS

From version 23.3.0 and later, signing MAS build will use 3rd Party Mac Developer Application certificate by default, and this causes invalid build for my app. When upload to the Mac App Store, I see the below error:

Asset validation failed (90284) Invalid Code Signing. The executable 'com.app.name.pkg/Payload/AppName.app/Contents/Library/LoginItems/AppName Login Helper.app/Contents/MacOS/AppName Login Helper' must be signed with the certificate that is contained in the provisioning profile. (ID: c3f46e59-cbb9-4b15-841d-04ffb05cb2b7)

I believe when the certificate doesn’t match the one embedded in provisioning profile, the build will show this error. However, when I set identity in mas key to Apple Distribution, I get the below error:

⨯ Cannot find valid "3rd Party Mac Developer Installer" identity to sign MAS installer, please see https://electron.build/code-signing

I believe this PR https://github.com/electron-userland/electron-builder/pull/6970 is related. When I manually patch macPackager.js to change ["3rd Party Mac Developer Application", "Apple Distribution"] to ["Apple Distribution", "3rd Party Mac Developer Application"], the app can be signed and uploaded to the Mac App Store successfully.

Should we use Apple Distribution by default and move 3rd Party Mac Developer Application to fallback? This should work for issue https://github.com/electron-userland/electron-builder/issues/6621 where Apple Distribution cannot be found so electron-builder will use 3rd Party Mac Developer Application certificate.

thomasdao avatar Aug 03 '22 03:08 thomasdao

I believe this PR https://github.com/electron-userland/electron-builder/pull/6970 is related. When I manually patch macPackager.js to change ["3rd Party Mac Developer Application", "Apple Distribution"] to ["Apple Distribution", "3rd Party Mac Developer Application"], the app can be signed and uploaded to the Mac App Store successfully. Should we use Apple Distribution by default and move 3rd Party Mac Developer Application to fallback? This should work for issue https://github.com/electron-userland/electron-builder/issues/6621 where Apple Distribution cannot be found so electron-builder will use 3rd Party Mac Developer Application certificate.

Can you open a PR for swapping the two values? :)

mmaietta avatar Aug 15 '22 06:08 mmaietta

I had the same problem, validated the suggestion of swapping it, and it worked. Created the PR for this. Thank you @thomasdao

jeanfbrito avatar Aug 25 '22 18:08 jeanfbrito

@thomasdao i still am getting the same error (around 13 for different files) Asset validation failed (90284). Am i missing some step here?

enunmuz avatar Aug 29 '22 20:08 enunmuz

@jeanfbrito thanks for the PR, I somehow forgot about this ticket! @enunmuz I don't get the error after swapping the two values. Did you manually swap the values for macPackager.js on your computer?

thomasdao avatar Aug 30 '22 04:08 thomasdao

@thomasdao yes i manually swapped the values for macPackager.js for electron-builder version 23.3.3. Do i need to follow some extra steps after manually changing the values?

enunmuz avatar Aug 30 '22 05:08 enunmuz

Merged and released.

mmaietta avatar Sep 01 '22 15:09 mmaietta

Already used in production and worked 100%. Thank you very much @mmaietta

jeanfbrito avatar Sep 01 '22 16:09 jeanfbrito