Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Code sign failed; please retry manually #259

Open
joanx opened this issue Apr 2, 2022 · 1 comment
Open

Code sign failed; please retry manually #259

joanx opened this issue Apr 2, 2022 · 1 comment

Comments

@joanx
Copy link

joanx commented Apr 2, 2022
edited
Loading

I've seen a few other issue reports along these lines, but none that seem to address my situation specifically.

When attempting to code-sign my (development) app using electron-packager, I see:

WARNING: Code sign failed; please retry manually. Error: Command failed: spctl --assess --type execute --verbose --ignore-cache --no-cache /var/folders/gq/n2kpn6jd6sq_0prjv3vp8cgh0000gp/T/electron-packager/darwin-x64/electron-quick-start-apns-darwin-x64/electron-quick-start-apns.app
/var/folders/gq/n2kpn6jd6sq_0prjv3vp8cgh0000gp/T/electron-packager/darwin-x64/electron-quick-start-apns-darwin-x64/electron-quick-start-apns.app: rejected

The same issue appears if I use the osx-sign command line utilities.

I'm at a bit of a loss re: how to debug further. I've revisited code-signing requirements and have confirmed that the provisioning profile matches the bundle ID and developer certificate. Here are the options I'm passing into electron-packager/osx-sign (via electron-forge) (w/ some redactions):

"packagerConfig": {
        "appBundleId": "com.sample-bundle-id",
        "osxSign": {
          "identity": "Mac Developer: [name] (XXXXXXXX)",
          "entitlements": "entitlements-dev.plist",
          "type": "development"
        }
      }

I've attempted to bundle the provisioning profile into the project + explicitly specify the path via the provisioningProfile option as well - no luck.

The strange bit - I was able to sign a previous project with similar options; but it's now failing when I attempt to newly sign a different project (with an updated bundle ID + provisioning profile).

Any thoughts on what might be happening here?
@MarshallOfSound
Copy link
Member

New provisioning profiles / certificates require notarization to pass spctl checks. You need to set gatekeeperAssess to false. The new @electron/osx-sign which will be integrated into packager Soon ™️ takes that into account. In fact I think newer already released versions of electron-osx-sign take that into account as well 🤔 so maybe try updating packager / osx-sign

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joanx @MarshallOfSound