notarize icon indicating copy to clipboard operation
notarize copied to clipboard
verified publisher icon electron

Hard Crashes During Notarization Step

Open Bug-Reaper opened this issue 1 year ago • 6 comments

Pre-flight checklist

  • [X] I have read the contribution documentation for this project.
  • [X] I agree to follow the code of conduct that this project uses.
  • [X] I have searched the issue tracker for a bug that matches the one I want to file, without success.

Electron Forge version

7.4.0

Electron version

29.X

Operating system

Ventura 13.5

Last known working Electron Forge version

N/A

Expected behavior

App Gets Notarized

Actual behavior

Hard crashes on a notary step:

An unhandled rejection has occurred inside Forge:
Error: Failed to notarize via notarytool.  Failed with unexpected result: 

Error: SoundSafari.zip must be a zip archive (.zip), flat installer package (.pkg), or UDIF disk image (.dmg)
Usage: notarytool <subcommand>
  See 'notarytool --help' for more information.
at /Users/llama/Sorcery/releaseday/soundsafari/node_modules/@electron/notarize/lib/notarytool.js:120:23
    at Generator.next (<anonymous>)
    at fulfilled (/Users/llama/Sorcery/releaseday/soundsafari/node_modules/@electron/notarize/lib/notarytool.js:28:58)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)

Steps to reproduce

This is the forge.config.js I was using, it's practically vanilla.

const { FusesPlugin } = require('@electron-forge/plugin-fuses');
const { FuseV1Options, FuseVersion } = require('@electron/fuses');

module.exports = {
  packagerConfig: {
    name: 'SoundSafari',
    buildVersion:"0.0.1",
    icon:"./build/SoundSafari",
    osxSign: {},
    osxNotarize:{
      tool: 'notarytool',
      keychainProfile: '**************i' 
    },
    asar: true,
    dir:"./",
    appCategoryType: 'public.app-category.developer-tools',
    appBundleId:"SoundSafari",
    appCategoryType:"public.app-category.music",
    overwrite:"true",
    junk:"true",
  },
  rebuildConfig: {},
  makers: [
    {
      name: '@electron-forge/maker-squirrel',
      config: {
        setupIcon:"./build/SoundSafari.icn"
      },
    },
    {
      name: '@electron-forge/maker-dmg',
      config: {
        background: './build/SoundSafariDmg.png'
      }
    },
    {
      name: '@electron-forge/maker-deb',
      config: {},
    },
    {
      name: '@electron-forge/maker-rpm',
      config: {},
    },
  ],
  plugins: [
    {
      name: '@electron-forge/plugin-auto-unpack-natives',
      config: {},
    },
    // Fuses are used to enable/disable various Electron functionality
    // at package time, before code signing the application
    new FusesPlugin({
      version: FuseVersion.V1,
      [FuseV1Options.RunAsNode]: false,
      [FuseV1Options.EnableCookieEncryption]: true,
      [FuseV1Options.EnableNodeOptionsEnvironmentVariable]: false,
      [FuseV1Options.EnableNodeCliInspectArguments]: false,
      [FuseV1Options.EnableEmbeddedAsarIntegrityValidation]: true,
      [FuseV1Options.OnlyLoadAppFromAsar]: true,
    }),
  ],
};

Personal Debug Notes

I'm doing this on an M1 Macbook Pro using electron-forge make.

  • ✅ Problem still occurs if I target ZIP Instead of DMG.
  • ✅ Problem still occurs if I run as sudo.
  • ✅ Builds fine as DMG or ZIP if I remove osxNotarize:{} from config.

Doesn't appear to be a malformed path -- I forced a thrown error from @electron/notarize/lib/notarytool.js to get the array used to execute the notarytool command and the result is below.

An unhandled rejection has occurred inside Forge:
Error: notarytool,submit,/var/folders/lx/3zfzg6xd4_l1lzqbl04kb22h0000gn/T/electron-notarize-8Nl1Ck/SoundSafari.zip,--keychain-profile,***********,--wait,--output-format,json
at /Users/llama/Sorcery/releaseday/soundsafari/node_modules/@electron/notarize/lib/notarytool.js:112:19
    at Generator.next (<anonymous>)
    at fulfilled (/Users/llama/Sorcery/releaseday/soundsafari/node_modules/@electron/notarize/lib/notarytool.js:28:58)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)

Conclusion

My best guess at this point is the forge is trying to send it for notarization before it's fully copied into tmp storage or is otherwise causing the file to be malformed. It is a rather beefy app (~4Gib). Happy to assist if I have time w/a PR to fix.

Bug-Reaper avatar Aug 01 '24 23:08 Bug-Reaper

I was able to notarize my DMG/App manually via notarytool which confirms this appears to be a forge error.

Bug-Reaper avatar Aug 02 '24 23:08 Bug-Reaper

Hi @Bug-Reaper, thanks for the confirmation! I found an Apple Developer Forum thread that seems to point out that this might be a problem with the size of the app and how we compress it in @electron/notarize with ditto:

https://github.com/electron/notarize/blob/a38ba021b47385542cb2b1fadbf6484552761754/src/notarytool.ts#L61

According to a second Apple Developer Forum thread, there are a few workarounds listed (including moving off of ditto), but the official solution seems to be to upgrade to XCode 15.

Do you know what XCode version you're running?

erickzhao avatar Aug 03 '24 00:08 erickzhao

Also moved this issue into the correct upstream repo :)

erickzhao avatar Aug 03 '24 00:08 erickzhao

Hey @erickzhao thanks for moving me around.

Just to clarify I don't think the size of my DMG was an issue. More-so that electron-forge tried to notarize it from a tmp folder before it was finished copying or something like that (thus we get the malformed zip file error)?

When I built the DMG w/no notarization via forge it built fine and I was able to manually notarize via xcrun notary-tool no issue. Something appears awry with the automatic notary action built into forge.

Again this doesn't appear to be apple-tools failing but :

Xcode 14.1
Build version 14B47b

Bug-Reaper avatar Aug 11 '24 05:08 Bug-Reaper

This issue hasn't received much updates, but I wanted to quickly chime in; as I'm just all of a sudden now experiencing problems as well. Specifically, Mac ARM (not Intel) builds are now consistently failing with this error message:

An unhandled rejection has occurred inside Forge:
SyntaxError: Unexpected end of JSON input
at JSON.parse (<anonymous>)
    at /Users/runner/work/Zettlr/Zettlr/node_modules/@electron/packager/node_modules/@electron/notarize/lib/notarytool.js:105:33
    at Generator.next (<anonymous>)
    at fulfilled (/Users/runner/work/Zettlr/Zettlr/node_modules/@electron/packager/node_modules/@electron/notarize/lib/notarytool.js:28:58)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)

nathanlesage avatar Dec 09 '24 17:12 nathanlesage

A quick update on my side: There may be something wrong with the GitHub Actions. On my own MacBook using the same parameters as I provide works, and passing DEBUG='*' also suddenly makes it work. There is something fishy going on. At the very least, it would be great to have somewhat better error output (is this error due to a specific HTTP status or because there was a network connectivity problem, etc…?), but I don't think it's an error in Notarize itself.

EDIT: What I'm trying to say is that we should handle potential errors in the runNotaryTool step here: https://github.com/electron/notarize/blob/main/src/notarytool.ts

nathanlesage avatar Dec 10 '24 13:12 nathanlesage