electron-deeplink icon indicating copy to clipboard operation
electron-deeplink copied to clipboard

Published 20 hours ago verified publisher icon glawson

App fails to notarise properly with electron-deeplink

Open aaronmcadam opened this issue 4 years ago • 7 comments

Hi, thanks for an awesome library!

I'm having trouble when launching my app after signing and notarising it for macOS.

I was initially seeing the following error:

electron-deeplink-library-validation

I found an article that says to disable the library validation.

Here is my entitlements.plist:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>com.apple.security.cs.allow-jit</key>
	<true/>
	<key>com.apple.security.cs.allow-dyld-environment-variables</key>
	<true/>
	<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
	<true/>
	<key>com.apple.security.cs.disable-library-validation</key>
	<true/>
</dict>
</plist>

With the above configuration, I see the following malware warning instead:

CleanShot 2020-10-29 at 15 21 35

One approach that might work is if I vendor in your library, effectively copying and pasting the source (with attribution, of course). I'd rather not have to do that, though!

Do you have any ideas that could help me, please?

aaronmcadam avatar Oct 29 '20 15:10 aaronmcadam

@aaronmcadam - in the dev env I'm changing the Electron Info.plist, and this file stays modified. That's probable what is causing the malware warning. I can add a pre-build script to replace the original Info.plist file and delete the modified one. Can you re-install Electron before running your prod build? I'm curious if that's the issue. Let me know and I'll add in the script.

glawson avatar Oct 30 '20 15:10 glawson

@glawson I am building the app in a GitHub action, so I think a fresh electron should be getting installed each time.

aaronmcadam avatar Oct 30 '20 16:10 aaronmcadam

@aaronmcadam - yeah, this is not related to the file change, it's somewhere with the entitlements as you noted. Check out https://medium.com/@stephen.cty/notarize-electron-app-for-macos-catalina-10-15-d994e29dfe82. I'll also test and publish electron-deeplink-example soon to see if I can document the correct settings.

glawson avatar Oct 31 '20 20:10 glawson

Hi @glawson, thanks for the article.

I've tried adding com.apple.security.inherit to the child entitlements, as mentioned in the article, but it didn't help.

I'll keep tinkering while you have a go too, thanks so much for helping out! 😄

aaronmcadam avatar Nov 01 '20 01:11 aaronmcadam

@aaronmcadam - following up. Where you able to find anything out?

glawson avatar Apr 21 '21 16:04 glawson

@glawson No, I wasn't. Any tools I found for verifying that the app was signed correctly said it was fine. There's nothing I could do to debug the problem, so I had to give up, unfortunately.

aaronmcadam avatar Apr 21 '21 18:04 aaronmcadam

Hi all, have just run into the same problem. My entitlements are nearly identical to @aaronmcadam's, except I also have com.apple.security.network.client set. I've also split up my entitlements as suggested by @glawson.

I've also confirmed removing the library does package the app and it opens successfully, so unfortunately the packaging is related to electron-deep-link (I'm using electron-builder)

Not the end of the world, using app.setAsDefaultProtocolClient() and all the associated calls from the default electron package still works - would just be nice to use electron-deep-link as it's a great way to test in dev.

jklp avatar Jul 25 '22 05:07 jklp

https://github.com/glawson/electron-deeplink#-deprecation-notice-

glawson avatar Aug 18 '23 15:08 glawson