desktop
desktop copied to clipboard
mattermost
[Bug]: MacOS signing and notarization instructions don't work
Checks before filing an issue
- [X] This issue doesn't reproduce on web browsers (such as in Chrome). If it does, issue reports go to the Mattermost Server repository.
- [X] I have checked the issue tracker and have not found an issue that matches the one I'm filing.
- [X] This issue is not a troubleshooting question. Troubleshooting questions go here: https://forum.mattermost.com/c/trouble-shoot/16.
- [X] This issue is not a feature request. You can request features and make product suggestions here: https://mattermost.com/suggestions/.
- [X] This issue reproduces on the most recent stable version, or the most recent prerelease version of the Mattermost Desktop App.
- [X] I have read the contribution guidelines.
Mattermost Desktop Version
release-5.9
Operating System
MacOS M2 15.1.1 (24B91)
Mattermost Server Version
No response
Steps to reproduce
We are running into an issue notarizing and signing the MacOS application.
npm run package:mac does not work. It throw an error. We are unable to launch the binary that is produced.
Full details here: https://rose-piranha-ec2.notion.site/Bounty-Electron-MacOS-Signing-Issue-1435eaeefd2180da87acebd500bdd884?pvs=74
Happy to pay if you help solve this for us thanks.
Expected behavior
I expect npm run package:mac to be able to compile, notarize and sign the MacOS application such that we can share the build app and run it on other Mac computers with no issues.
Observed behavior
npm run package:mac fails to build the Mac app. It produces a binary, but the binary refuses to launch. Mac OS says
Log Output
webpack 5.90.3 compiled with 10 warnings in 5970 ms
• electron-builder version=24.13.3 os=24.1.0
• loaded configuration file=/Users/ryanhughes/Desktop/code/mattermost-desktop/electron-builder.json
• writing effective config file=release/builder-effective-config.yaml
• rebuilding native dependencies [email protected], [email protected] platform=darwin arch=x64
• packaging platform=darwin arch=x64 electron=33.0.2 appOutDir=release/mac
• signing file=release/mac/Mattermost.app platform=darwin type=distribution identity=ED56A83F68CA0082422ADB37940C1057CA2E69E3 provisioningProfile=./mac.provisionProfile
Error: Failed to notarize via notarytool
{"status":"Invalid","message":"Processing complete","id":"b2d66f44-52bc-4286-b6b0-94f481f43dfe"}
at /Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/@electron/notarize/src/notarytool.ts:95:13
at Generator.next (<anonymous>)
at fulfilled (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/@electron/notarize/lib/notarytool.js:28:58)
at processTicksAndRejections (node:internal/process/task_queues:105:5)
From previous event:
at processImmediate (node:internal/timers:491:21)
From previous event:
at readDirectoryAndSign (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/macPackager.ts:479:28)
at MacPackager.signApp (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/macPackager.ts:496:5)
at MacPackager.doSignAfterPack (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/platformPackager.ts:336:21)
at MacPackager.doPack (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/platformPackager.ts:321:7)
at MacPackager.pack (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/macPackager.ts:198:9)
at Packager.doBuild (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/packager.ts:445:9)
at executeFinally (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/builder-util/src/promise.ts:12:14)
at Packager._build (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/packager.ts:379:31)
at Packager.build (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/packager.ts:340:12)
at executeFinally (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/builder-util/src/promise.ts:12:14)
⨯ Failed to notarize via notarytool
{"status":"Invalid","message":"Processing complete","id":"b2d66f44-52bc-4286-b6b0-94f481f43dfe"}
failedTask=build stackTrace=Error: Failed to notarize via notarytool
{"status":"Invalid","message":"Processing complete","id":"b2d66f44-52bc-4286-b6b0-94f481f43dfe"}
at /Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/@electron/notarize/src/notarytool.ts:95:13
at Generator.next (<anonymous>)
at fulfilled (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/@electron/notarize/lib/notarytool.js:28:58)
at processTicksAndRejections (node:internal/process/task_queues:105:5)
From previous event:
at processImmediate (node:internal/timers:491:21)
From previous event:
at readDirectoryAndSign (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/macPackager.ts:479:28)
at MacPackager.signApp (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/macPackager.ts:496:5)
at MacPackager.doSignAfterPack (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/platformPackager.ts:336:21)
at MacPackager.doPack (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/platformPackager.ts:321:7)
at MacPackager.pack (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/macPackager.ts:198:9)
at Packager.doBuild (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/packager.ts:445:9)
at executeFinally (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/builder-util/src/promise.ts:12:14)
at Packager._build (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/packager.ts:379:31)
at Packager.build (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/packager.ts:340:12)
at executeFinally (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/builder-util/src/promise.ts:12:14)
{
"logFormatVersion": 1,
"jobId": "7a654253-c890-46d7-8f85-6d55d4478c61",
"status": "Invalid",
"statusSummary": "Archive contains critical validation errors",
"statusCode": 4000,
"archiveFilename": "Mattermost.zip",
"uploadDate": "2024-11-19T22:46:37.875Z",
"sha256": "14c4002d8187a59647e82ec24aaeeaaff142df55bbacca66b4efa755f4ca46a8",
"ticketContents": null,
"issues": [
{
"severity": "error",
"code": null,
"path": "Mattermost.zip/Mattermost.app/Contents/MacOS/Mattermost",
"message": "The binary is not signed with a valid Developer ID certificate.",
"docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "Mattermost.zip/Mattermost.app/Contents/Resources/app.asar.unpacked/node_modules/macos-notification-state/build/Release/focuscenter.node",
"message": "The binary is not signed with a valid Developer ID certificate.",
"docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "Mattermost.zip/Mattermost.app/Contents/Resources/app.asar.unpacked/node_modules/macos-notification-state/build/Release/notificationstate.node",
"message": "The binary is not signed with a valid Developer ID certificate.",
"docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "Mattermost.zip/Mattermost.app/Contents/Resources/app.asar.unpacked/node_modules/windows-focus-assist/build/Release/focusassist.node",
"message": "The binary is not signed with a valid Developer ID certificate.",
"docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework",
"message": "The binary is not signed with a valid Developer ID certificate.",
"docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libEGL.dylib",
"message": "The binary is not signed with a valid Developer ID certificate.",
"docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libvk_swiftshader.dylib",
"message": "The binary is not signed with a valid Developer ID certificate.",
"docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libGLESv2.dylib",
"message": "The binary is not signed with a valid Developer ID certificate.",
"docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libffmpeg.dylib",
"message": "The binary is not signed with a valid Developer ID certificate.",
"docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Helpers/chrome_crashpad_handler",
"message": "The binary is not signed with a valid Developer ID certificate.",
"docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/ReactiveObjC.framework/Versions/A/ReactiveObjC",
"message": "The binary is not signed with a valid Developer ID certificate.",
"docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Mattermost Helper (Renderer).app/Contents/MacOS/Mattermost Helper (Renderer)",
"message": "The binary is not signed with a valid Developer ID certificate.",
"docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Squirrel.framework/Versions/A/Squirrel",
"message": "The binary is not signed with a valid Developer ID certificate.",
"docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Squirrel.framework/Versions/A/Resources/ShipIt",
"message": "The binary is not signed with a valid Developer ID certificate.",
"docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Mattermost Helper (Plugin).app/Contents/MacOS/Mattermost Helper (Plugin)",
"message": "The binary is not signed with a valid Developer ID certificate.",
"docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Mattermost Helper.app/Contents/MacOS/Mattermost Helper",
"message": "The binary is not signed with a valid Developer ID certificate.",
"docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Mantle.framework/Versions/A/Mantle",
"message": "The binary is not signed with a valid Developer ID certificate.",
"docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Mattermost Helper (GPU).app/Contents/MacOS/Mattermost Helper (GPU)",
"message": "The binary is not signed with a valid Developer ID certificate.",
"docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
"architecture": "x86_64"
}
]
}
Additional Information
No response
May I first ask why you need to sign your own binary? Are there modifications to the app that you intend to distribute?
Looking at the error, The binary is not signed with a valid Developer ID certificate.. Do you have one of these issued by Apple for your organization?
We made some changes to the app yeah.
Looking at the error, The binary is not signed with a valid Developer ID certificate.. Do you have one of these issued by Apple for your organization?
We have a valid Apple Developer ID and made a new profile for this. Here's a screenshot showing the profile is valid. There's a lot of options in the Apple Developer portal though, so the issue may be with how the profile was made.
Posting my findings here as well. I'm able to properly sign and output the build. However, as soon as i open it, I get The application “Mattermost” can’t be opened. for some reason. To make sure app is valid and properly signed, i did spctl, codesign check. here is the output
Additionally, i have updated the necessary plist files to support my signing profile and team id. I have validated entire electron-builder configuration and seems right to me. Any idea on the issue or worths giving a try with older version, different arch?
I'd recommend reading through these docs to make sure everything is set up correctly: https://www.electron.build/code-signing