tauri
tauri copied to clipboard
tauri-apps
On Mac: failed to bundle project: failed to sign app
I am having very weird and inconsistent problem when building and code sign a Tauri app on Mac.
I have certificate and passwords from a previous app that could code sign, and I also generated a new set of certificate and passwords for current project. Let me call them ENV-old and ENV-new.
I could not code sign my current app locally with either ENV-old or ENV-new. If I use github action CI, ENV-new doesn't work, but ENV-old work.
I also Tried both set of credentials on my previous project. Both ENV-old and ENV-new don't work locally. and only ENV-old works in GitHub Action.
I did check whether there are new terms to sign on Apple's website. I did try to code sign a brand new tauri app.
What could be wrong with the certificates? They are newly generated following https://tauri.app/v1/guides/distribution/sign-macos/
Here is the log I get with npm run tauri build --verbose, but I can't see the reason this failed.
warning: `app` (lib) generated 16 warnings (run `cargo fix --lib -p app` to apply 7 suggestions)
Compiling app v0.1.0 (/Users/Dev/Dev/projects/Jarvis/apps/desktop/src-tauri)
warning: `app` (bin "app") generated 7 warnings (7 duplicates)
Finished `release` profile [optimized] target(s) in 8.23s
Bundling [tauri_bundler::bundle::macos::app] jarvis.app (/Users/Dev/Dev/projects/Jarvis/target/release/bundle/macos/jarvis.app)
Running [tauri_bundler::bundle::common] Command `xattr -crs /Users/Dev/Dev/projects/Jarvis/target/release/bundle/macos/jarvis.app`
Signing [tauri_bundler::bundle::macos::sign] with identity "Developer ID Application: <User> (<Team ID>)"
Running [tauri_bundler::bundle::common] Command `security delete-keychain tauri-build.keychain`
Info [tauri_bundler::bundle::macos::sign] setup keychain from environment variables...
Running [tauri_bundler::bundle::common] Command `base64 --decode -i /var/folders/f7/7c6q0gh121vdyh86bv192wpc0000gn/T/.tmpB7t0er/cert.p12.tmp -o /var/folders/f7/7c6q0gh121vdyh86bv192wpc0000gn/T/.tmpB7t0er/cert.p12`
Running [tauri_bundler::bundle::common] Command `security create-keychain -p tauri-build tauri-build.keychain`
Running [tauri_bundler::bundle::common] Command `security unlock-keychain -p tauri-build tauri-build.keychain`
Running [tauri_bundler::bundle::common] Command `security import /var/folders/f7/7c6q0gh121vdyh86bv192wpc0000gn/T/.tmpB7t0er/cert.p12 -k tauri-build.keychain -P MxTUHA3733V3hnmzZqMw -T /usr/bin/codesign -T /usr/bin/pkgbuild -T /usr/bin/productbuild`
1 identity imported.
Running [tauri_bundler::bundle::common] Command `security set-keychain-settings -t 3600 -u tauri-build.keychain`
Running [tauri_bundler::bundle::common] Command `security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k tauri-build tauri-build.keychain`
keychain: "/Users/Dev/Library/Keychains/tauri-build.keychain-db"
version: 512
class: 0x00000010
attributes:
0x00000000 <uint32>=0x00000010
0x00000001 <blob>="Huakun"
0x00000002 <blob>=<NULL>
0x00000003 <uint32>=0x00000001
0x00000004 <uint32>=0x00000000
0x00000005 <uint32>=0x00000000
0x00000006 <blob>=0x79848897D86A4FC16950E5CBB71680D3AE9AB4C4 "y\204\210\227\330jO\301iP\345\313\267\026\200\323\256\232\264\304"
0x00000007 <blob>=<NULL>
0x00000008 <blob>=0x7B38373139316361322D306663392D313164342D383439612D3030303530326235323132327D00 "{87191ca2-0fc9-11d4-849a-000502b52122}\000"
0x00000009 <uint32>=0x0000002A "\000\000\000*"
0x0000000A <uint32>=0x00000800
0x0000000B <uint32>=0x00000800
0x0000000C <blob>=0x0000000000000000
0x0000000D <blob>=0x0000000000000000
0x0000000E <uint32>=0x00000001
0x0000000F <uint32>=0x00000001
0x00000010 <uint32>=0x00000001
0x00000011 <uint32>=0x00000000
0x00000012 <uint32>=0x00000001
0x00000013 <uint32>=0x00000001
0x00000014 <uint32>=0x00000001
0x00000015 <uint32>=0x00000001
0x00000016 <uint32>=0x00000001
0x00000017 <uint32>=0x00000001
0x00000018 <uint32>=0x00000001
0x00000019 <uint32>=0x00000001
0x0000001A <uint32>=0x00000001
Running [tauri_bundler::bundle::common] Command `security list-keychain -d user -s /Users/Dev/Library/Keychains/login.keychain-db tauri-build.keychain`
Info [tauri_bundler::bundle::macos::sign] Signing app bundle...
Signing [tauri_bundler::bundle::macos::sign] /Users/Dev/Dev/projects/Jarvis/target/release/bundle/macos/jarvis.app/Contents/MacOS/jarvis
Running [tauri_bundler::bundle::common] Command `codesign --force -s Developer ID Application: <User> (<Team ID>) --keychain tauri-build.keychain --options runtime /Users/Dev/Dev/projects/Jarvis/target/release/bundle/macos/jarvis.app/Contents/MacOS/jarvis`
Developer ID Application: <User> (<Team ID>): ambiguous (matches "Developer ID Application: <User> (<Team ID>)" and "Developer ID Application: <User> (<Team ID>)" in /Users/Dev/Library/Keychains/login.keychain-db)
Error [tauri_cli_node] failed to bundle project: failed to sign app
ELIFECYCLE Command failed with exit code 1.
I just noticed these two lines:
Running [tauri_bundler::bundle::common] Command `codesign --force -s Developer ID Application: <User> (<Team ID>) --keychain tauri-build.keychain --options runtime /Users/Dev/Dev/projects/Jarvis/target/release/bundle/macos/jarvis.app/Contents/MacOS/jarvis`
Developer ID Application: <User> (<Team ID>): ambiguous (matches "Developer ID Application: <User> (<Team ID>)" and "Developer ID Application: <User> (<Team ID>)" in /Users/Dev/Library/Keychains/login.keychain-db)
Are there two certificates with the same name in your keychain?
Yeah, it is using the name to get the certificate. It can’t decide which one to use if there are two identical names.
I removed the certificates on my mac, also reset keychain, now getting new error.
Warning: unable to build chain to self-signed root for signer
keychain tauri-build.keychain --options runtime /Users/user/Dev/projects/devclean/devclean-ui/src-tauri/target/release/bundle/macos/devclean-ui.app/Contents/MacOS/devclean-ui`
/Users/user/Dev/projects/devclean/devclean-ui/src-tauri/target/release/bundle/macos/devclean-ui.app/Contents/MacOS/devclean-ui: replacing existing signature
Warning: unable to build chain to self-signed root for signer "Developer ID Application: <User> (<Team ID>)"
/Users/user/Dev/projects/devclean/devclean-ui/src-tauri/target/release/bundle/macos/devclean-ui.app/Contents/MacOS/devclean-ui: errSecInternalComponent
Error [tauri_cli_node] failed to bundle project: failed to sign app
I am not familiar with the code signing process.
Do I have to install some certificate for this to work?
I also tried to code sign in a clean macos VM also didn't work, and there is no meaningful error message.
Bundling devclean-ui.app (/Users/<user>/Downloads/devclean-main/devclean-ui/src-tauri/target/release/bundle/macos/devclean-ui.app)
Signing with identity "Developer ID Application: <User> (<Team ID>)"
Info setup keychain from environment variables...
Info Signing app bundle...
Signing /Users/<user>/Downloads/devclean-main/devclean-ui/src-tauri/target/release/bundle/macos/devclean-ui.app/Contents/MacOS/devclean-ui
Error failed to bundle project: failed to sign app
Did you use the certificate that was downloaded from Apple Developer > Certificates?
Can you bundle the app by using APPLE_SIGNING_IDENTITY="-" pnpm tauri build?
To be able to sign your app, your certificate has to be valid, You can check that by selecting your imported certificate in keychain access for the following:
For your certificate to be considered valid, when you creating a new certificate, you have to import these certificates into your system keychains, before creating your certificate:
A simpler way is to create a certificate using xcode, following this guide: https://developer.apple.com/documentation/Xcode/sharing-your-teams-signing-certificates#Create-a-new-code-signing-identity
It'll be valid by default
Thank you! I solved the problem a while ago. Didn't remember how it was solved, probably reinstalled MacOS and the certificates.