Apple notarize returns multiple errors on the pkg #6607

daniboomerang · 2022-02-03T07:04:28Z

Electron-Builder Version: 22.14.5

Node Version: v16.8.0

Electron Version:
Electron Type (current, beta, nightly):

Target: mac - pkg

The pkg file built is not accepted by apple notarise service

Electron builder creates a pkg file (That works perfectly fine)
The apple notarise service is perfectly called after the build
Then the apple notarize service returns the following error

{
  "logFormatVersion": 1,
  "jobId": "995c77d4-5d5d-4284-b6a8-b5af85bc8aba",
  "status": "Invalid",
  "statusSummary": "Archive contains critical validation errors",
  "statusCode": 4000,
  "archiveFilename": "Elixir Gaming.setup.pkg",
  "uploadDate": "2022-02-02T05:14:03.823Z",
  "sha256": "923624a1ec3e38f88d748a922a20007d25dfe72bfcd6fe953edb389957c7e9e8",
  "ticketContents": null,
  "issues": [
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/MacOS/Elixir Gaming",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/MacOS/Elixir Gaming",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/MacOS/Elixir Gaming",
      "message": "The executable does not have the hardened runtime enabled.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Elixir Gaming Helper (GPU).app/Contents/MacOS/Elixir Gaming Helper (GPU)",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Elixir Gaming Helper (GPU).app/Contents/MacOS/Elixir Gaming Helper (GPU)",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Elixir Gaming Helper (GPU).app/Contents/MacOS/Elixir Gaming Helper (GPU)",
      "message": "The executable does not have the hardened runtime enabled.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libEGL.dylib",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libEGL.dylib",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libswiftshader_libEGL.dylib",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libswiftshader_libEGL.dylib",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libvk_swiftshader.dylib",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libvk_swiftshader.dylib",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libGLESv2.dylib",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libGLESv2.dylib",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libswiftshader_libGLESv2.dylib",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libswiftshader_libGLESv2.dylib",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libffmpeg.dylib",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libffmpeg.dylib",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Helpers/chrome_crashpad_handler",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Helpers/chrome_crashpad_handler",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Helpers/chrome_crashpad_handler",
      "message": "The executable does not have the hardened runtime enabled.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/ReactiveObjC.framework/Versions/A/ReactiveObjC",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/ReactiveObjC.framework/Versions/A/ReactiveObjC",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Squirrel.framework/Versions/A/Squirrel",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Squirrel.framework/Versions/A/Squirrel",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Squirrel.framework/Versions/A/Resources/ShipIt",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Squirrel.framework/Versions/A/Resources/ShipIt",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Squirrel.framework/Versions/A/Resources/ShipIt",
      "message": "The executable does not have the hardened runtime enabled.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Elixir Gaming Helper (Renderer).app/Contents/MacOS/Elixir Gaming Helper (Renderer)",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Elixir Gaming Helper (Renderer).app/Contents/MacOS/Elixir Gaming Helper (Renderer)",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Elixir Gaming Helper (Renderer).app/Contents/MacOS/Elixir Gaming Helper (Renderer)",
      "message": "The executable does not have the hardened runtime enabled.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Elixir Gaming Helper.app/Contents/MacOS/Elixir Gaming Helper",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Elixir Gaming Helper.app/Contents/MacOS/Elixir Gaming Helper",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Elixir Gaming Helper.app/Contents/MacOS/Elixir Gaming Helper",
      "message": "The executable does not have the hardened runtime enabled.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Mantle.framework/Versions/A/Mantle",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Mantle.framework/Versions/A/Mantle",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Elixir Gaming Helper (Plugin).app/Contents/MacOS/Elixir Gaming Helper (Plugin)",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Elixir Gaming Helper (Plugin).app/Contents/MacOS/Elixir Gaming Helper (Plugin)",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Elixir Gaming.setup.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Elixir Gaming Helper (Plugin).app/Contents/MacOS/Elixir Gaming Helper (Plugin)",
      "message": "The executable does not have the hardened runtime enabled.",
      "docUrl": null,
      "architecture": "x86_64"
    }
  ]
}

This is how the build section looks like

"build": {
    "appId": "launcher.elixir.app",
    "productName": "Elixir Gaming",
    "target": [
      "nsis"
    ],
    "copyright": "Copyright © year ${author}",
    "asar": true,
    "nsis": {
      "artifactName": "Elixir Gaming.setup.${ext}",
      "uninstallDisplayName": "Elixir Gaming"
    },
    "afterSign": "scripts/notarize.js",
    "linux": {
      "target": [
        "deb",
        "rpm",
        "AppImage"
      ],
      "category": "Gaming"
    },
    "mac": {
      "category": "public.app-category.games",
      "icon": "build/icon.png",
      "entitlements": "build/entitlements.mac.plist",
      "entitlementsInherit": "build/entitlements.mac.plist",
      "hardenedRuntime": true,
      "gatekeeperAssess": false,
      "target": [
        "pkg"
      ]
    },
    "pkg": {
      "artifactName": "Elixir Gaming.setup.${ext}",
      "installLocation": "/Applications",
      "background": {
        "file": "build/pkg-background.png",
        "alignment": "bottomleft"
      },
      "allowAnywhere": true,
      "allowCurrentUserHome": true,
      "allowRootDirectory": true,
      "isVersionChecked": true,
      "isRelocatable": false,
      "overwriteAction": "upgrade"
    },

The text was updated successfully, but these errors were encountered:

mmaietta · 2022-02-04T01:10:19Z

Not sure I can help much here, electron-builder uses the core package https://github.com/electron/electron-osx-sign underneath, so we're just running that on top of the packaged dist. And not sure how you've set up your electron-notarize either

What build machine are you using? Apple Silicon/M1?

daniboomerang · 2022-02-21T07:21:30Z

Hi @mmaietta.
Thanks a lot for your answer

ABOUT THE SIGNATURE

The *.pkg file generated by electron-builder is correctly signed
The problem is at the time of notarising. Something is wrong with the built code that doesn't pass the notarization process

In order to check that the pkg is actually signed I've used the macOS pkgutil as follows

pkgutil --check-signature Elixir\ Gaming.setup.pkg 
Package "Elixir Gaming.setup.pkg":
   Status: signed by a developer certificate issued by Apple for distribution
   Signed with a trusted timestamp on: 2022-02-02 05:09:03 +0000
   Certificate Chain:
    1. Developer ID Installer: Satoshis Games, SL (xxxxxxxx)
       Expires: 2027-01-29 07:25:34 +0000
       SHA256 Fingerprint:
           9E 09 6E 49 54 1A 6F A6 28 48 37 37 C9 80 61 5B E3 C6 8B 08 85 2A 
           BB E5 81 25 D2 7B CD 16 24 86
       ------------------------------------------------------------------------
    2. Developer ID Certification Authority
       Expires: 2027-02-01 22:12:15 +0000
       SHA256 Fingerprint:
           7A FC 9D 01 A6 2F 03 A2 DE 96 37 93 6D 4A FE 68 09 0D 2D E1 8D 03 
           F2 9C 88 CF B0 B1 BA 63 58 7F
       ------------------------------------------------------------------------
    3. Apple Root CA
       Expires: 2035-02-09 21:40:36 +0000
       SHA256 Fingerprint:
           B0 B1 73 0E CB C7 FF 45 05 14 2C 49 F1 29 5E 6E DA 6B CA ED 7E 2C 
           68 C5 BE 91 B5 A1 10 01 F0 24

However when trying to notarize I get the requiest as denied, and the logs presented above in the description of the issue.
It seems that electron-builder properly signs the pkg but the code that outputs isn't fulfilling the notatization requirements of apple

ABOUT ELECTRON NOTARIZE CODE

Highly inspired in the post you point out in your own docs -> https://kilianvalkhof.com/2019/electron/notarizing-your-electron-application/

After the build is done I invoke notarize.js ("afterSign": "scripts/notarize.js",)

notarize.js

require('dotenv').config()
const { notarize } = require('electron-notarize')

exports.default = async function notarizing (context) {
  const { electronPlatformName, appOutDir } = context
  if (electronPlatformName !== 'darwin') {
    return
  }
  const appName = context.packager.appInfo.productFilename
  const password = '@keychain:ELIXIR_LAUNCHER'

  return await notarize({
    appBundleId: 'launcher.elixir.app',
    appPath: `${appOutDir}/${appName}.app`,
    appleId: '[email protected]',
    appleIdPassword: password,
    teamId: 'xxxxxxxxx'
  })
}

ABOUT MY COMPUTER

My computer is Apple silicon -> 2,3 GHz Quad-Core Intel Core i7

SUMARIZING

The signing works
The notarization code that submits the code to the apple notarization service works

But there is something wrong in the built process
Maybe some info missing in the electron-builder configuration?

Thanks a lot for looking into that

mmaietta · 2022-02-25T16:18:59Z

Hmmm, I have the same notarization setup.

If you use patch-package you can create this patch to force all packages to be signed. It'd at least unblock you for the interim. I don't know why (or how) the signing works on pkg dists, but force signing deep should do the trick.
electron-osx-sign+0.5.0.patch

diff --git a/node_modules/electron-osx-sign/sign.js b/node_modules/electron-osx-sign/sign.js
index e227c0e..2aedc85 100644
--- a/node_modules/electron-osx-sign/sign.js
+++ b/node_modules/electron-osx-sign/sign.js
@@ -145,7 +145,8 @@ function signApplicationAsync (opts) {
 
       var args = [
         '--sign', opts.identity.hash || opts.identity.name,
-        '--force'
+        '--force',
+        '--deep'
       ]
       if (opts.keychain) {
         args.push('--keychain', opts.keychain)

daniboomerang · 2022-02-28T06:24:18Z

Hi @mmaietta thank you very much for your answer

I just applied the patch
However apple notarization service still complains. Here the logs of my notarization:

https://osxapps-ssl.itunes.apple.com/itunes-assets/Enigma116/v4/05/62/40/056240bb-1cfb-1b53-c685-dbde8f010327/developer_log.json?accessKey=1646223510_4202343623139599939_8WIlgJeVlIlc5kP%2By07Q0zNr0sZrNvWKw534jf%2BP0n7xZnTnwmUSEta%2B9EPbw4hpW7TjDEN0wa3ZNke8Punhh2Xkp0kyRpcQpMayfM8TN3WemuzIn3zqiXbQlSvQnxWakcKlp9oAJ8NlTh3mBwh%2BWCKGjJqEKMSW3pPPbW9imS8%3D

I first would like to be sure that I've applied the patch correctly
What I did

Run

npx patch-package electron-osx-sign                                                         
patch-package 6.4.7
• Creating temporary folder
• Installing [email protected] with npm
• Diffing your files with clean files
✔ Created file patches/electron-osx-sign+0.5.0.patch

💡 electron-osx-sign is on GitHub! To draft an issue based on your patch run

    npx patch-package electron-osx-sign --create-issue

A new folder patches with a file inside it called eletron-osx-sign+0.5.0.patch was created in my project
I just deployed a new build of my electron project, expecting/assuming the new --force --deep was going to apply.

Was my assumption right? Is there something else I had to do?

daniboomerang · 2022-02-28T06:25:19Z

Also I wonder...have you ever tested notarizing a pkg file?
Is notarization working for you? in that case...what are you signing/notarizing?

daniboomerang · 2022-03-17T07:31:39Z

Hi @mmaietta
Getting crazy with this...

I've tried notarizing a pkg file

Manually using the notary tool
Manually using the Altool
Using electron-notarize

So far I have no other conclusion than electron builder is building the pkg file in a way is not accepted by apple notarise service.
May be I'm missing some config in my package.json? something in the info.plist? in the entitlements ???

3 solutions sign the pkg and upload the signed file to apple notarise service ✅

3 solutions fail in exact the same way 🐛 🐛 🐛 👇 👇 👇 👇 👇 👇 👇

{
  "logFormatVersion": 1,
  "jobId": "7754bca6-df08-4de6-bef8-ae0e84d94d73",
  "status": "Invalid",
  "statusSummary": "Archive contains critical validation errors",
  "statusCode": 4000,
  "archiveFilename": "launcher_signed.pkg",
  "uploadDate": "2022-03-17T07:08:21Z",
  "sha256": "987fd83f462d206798a1f5cdf1d3c0ca014d971d2e79b704c5a3464998733cdf",
  "ticketContents": null,
  "issues": [
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/MacOS/Elixir Gaming",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/MacOS/Elixir Gaming",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/MacOS/Elixir Gaming",
      "message": "The executable does not have the hardened runtime enabled.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Elixir Gaming Helper (GPU).app/Contents/MacOS/Elixir Gaming Helper (GPU)",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Elixir Gaming Helper (GPU).app/Contents/MacOS/Elixir Gaming Helper (GPU)",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Elixir Gaming Helper (GPU).app/Contents/MacOS/Elixir Gaming Helper (GPU)",
      "message": "The executable does not have the hardened runtime enabled.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libEGL.dylib",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libEGL.dylib",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libswiftshader_libEGL.dylib",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libswiftshader_libEGL.dylib",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libvk_swiftshader.dylib",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libvk_swiftshader.dylib",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libGLESv2.dylib",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libGLESv2.dylib",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libswiftshader_libGLESv2.dylib",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libswiftshader_libGLESv2.dylib",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libffmpeg.dylib",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libffmpeg.dylib",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Helpers/chrome_crashpad_handler",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Helpers/chrome_crashpad_handler",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Helpers/chrome_crashpad_handler",
      "message": "The executable does not have the hardened runtime enabled.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/ReactiveObjC.framework/Versions/A/ReactiveObjC",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/ReactiveObjC.framework/Versions/A/ReactiveObjC",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Squirrel.framework/Versions/A/Squirrel",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Squirrel.framework/Versions/A/Squirrel",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Squirrel.framework/Versions/A/Resources/ShipIt",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Squirrel.framework/Versions/A/Resources/ShipIt",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Squirrel.framework/Versions/A/Resources/ShipIt",
      "message": "The executable does not have the hardened runtime enabled.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Elixir Gaming Helper (Renderer).app/Contents/MacOS/Elixir Gaming Helper (Renderer)",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Elixir Gaming Helper (Renderer).app/Contents/MacOS/Elixir Gaming Helper (Renderer)",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Elixir Gaming Helper (Renderer).app/Contents/MacOS/Elixir Gaming Helper (Renderer)",
      "message": "The executable does not have the hardened runtime enabled.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Elixir Gaming Helper.app/Contents/MacOS/Elixir Gaming Helper",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Elixir Gaming Helper.app/Contents/MacOS/Elixir Gaming Helper",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Elixir Gaming Helper.app/Contents/MacOS/Elixir Gaming Helper",
      "message": "The executable does not have the hardened runtime enabled.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Mantle.framework/Versions/A/Mantle",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Mantle.framework/Versions/A/Mantle",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Elixir Gaming Helper (Plugin).app/Contents/MacOS/Elixir Gaming Helper (Plugin)",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Elixir Gaming Helper (Plugin).app/Contents/MacOS/Elixir Gaming Helper (Plugin)",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Elixir Gaming Helper (Plugin).app/Contents/MacOS/Elixir Gaming Helper (Plugin)",
      "message": "The executable does not have the hardened runtime enabled.",
      "docUrl": null,
      "architecture": "x86_64"
    }
  ]
}

Talked with electron-notarize but no success so far
electron/notarize#60 (comment)

Any ideas?

mmaietta · 2022-03-19T16:52:22Z

Also I wonder...have you ever tested notarizing a pkg file?
Is notarization working for you? in that case...what are you signing/notarizing?

I've never released a .pkg before, so I'm starting to think that either electron-notarize or electron-osx-sign don't support it?

daniboomerang · 2022-04-20T03:57:16Z

@mmaietta I'm starting to think it's an issue on electron-builder and the pkg file that builds

Could you read this comment?
electron/notarize#60 (comment)

In short generate a pkg file with electron builder

Try the whole thing manually

I sign it manually correctly
I send it to notarisation manually using xcrun altool --notarize-app
and I get a series of errors from apple notarise service

Try the whole thing automatically

I use electron-builder to sign it
I use electron-notarise to send the file for notarisation
and I get a THE SAME series of errors from apple notarise service

What do you guys think is happening? Isn't it the common factor here the pkg file?
@mmaietta

mmaietta · 2022-04-20T17:49:44Z

If you're signing it manually and manually notarizing with the same errors that signing via electron-builder is, then that sounds pretty affirming that it isn't related to electron-builder. How did you send to notarization manually? Did you use ditto for compressing the app?

daniboomerang · 2022-04-21T05:35:44Z

Hi @mmaietta thanks for your answer

But....Whether

I sign the app manually or it's automatically signed by electron-builder
I send the PKG file by myself or it's automatically sent

I get the same series of errors from apple notarisation service

Doesn't this mean that there is something wrong with the PKG?

It looks to me that it doesn't matter what I do or how I do it. The approach I follow, the result from apple notarisation service is always the same (Look at #6607 (comment))

 ...
 {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Elixir Gaming Helper (Renderer).app/Contents/MacOS/Elixir Gaming Helper (Renderer)",
      "message": "The binary is not signed.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Elixir Gaming Helper (Renderer).app/Contents/MacOS/Elixir Gaming Helper (Renderer)",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "launcher_signed.pkg/launcher.elixir.app.pkg Contents/Payload/Applications/Elixir Gaming.app/Contents/Frameworks/Elixir Gaming Helper (Renderer).app/Contents/MacOS/Elixir Gaming Helper (Renderer)",
      "message": "The executable does not have the hardened runtime enabled.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    ...

To answer your question

How did you send to notarisation manually? Did you use ditto for compressing the app?

I Followed these steps to do the whole manual process of Signing + Notarising the PKG file
https://www.davidebarranca.com/2019/04/notarizing-installers-for-macos-catalina/
Didn't use any compressor when uploading the pkg file

mmaietta · 2022-04-21T15:21:25Z

I'm sorry to say, I don't understand what is going wrong. If it happens both manually and automatically (via electron-builder), then there isn't much I can assist with.

daniboomerang · 2022-04-21T16:16:31Z

But...it happens with the PKG generated by electron builder
Isn't is worrying that a PKG file generated by electron builder can't be notarised? 🤔

walkthunder · 2023-01-03T06:16:23Z

Electron builder system is just a toy and not supposed to be used under production.
And you can see most cases are just for distribution outside of MAS.

For example there's NOT even one VALID example or toturial to show how to submit to MAS.

So drop it and dont waste your time on it.

github-actions bot added critical nsis labels Feb 3, 2022

daniboomerang mentioned this issue Feb 28, 2022

Support notarizing Apple's "installer packages" (.pkg files). electron/notarize#60

Closed

daniboomerang mentioned this issue Apr 20, 2022

Feat: Notarize app daniboomerang/test-notarize-electron-app#1

Open

daniboomerang changed the title ~~Apple notarize returns multiple errors about the pkg~~ Apple notarize returns multiple errors on the pkg Apr 20, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Apple notarize returns multiple errors on the pkg #6607

Apple notarize returns multiple errors on the pkg #6607

daniboomerang commented Feb 3, 2022 •

edited

Loading

mmaietta commented Feb 4, 2022

daniboomerang commented Feb 21, 2022 •

edited

Loading

mmaietta commented Feb 25, 2022 •

edited

Loading

daniboomerang commented Feb 28, 2022

daniboomerang commented Feb 28, 2022

daniboomerang commented Mar 17, 2022

mmaietta commented Mar 19, 2022

daniboomerang commented Apr 20, 2022 •

edited

Loading

mmaietta commented Apr 20, 2022

daniboomerang commented Apr 21, 2022 •

edited

Loading

mmaietta commented Apr 21, 2022

daniboomerang commented Apr 21, 2022

walkthunder commented Jan 3, 2023

Apple notarize returns multiple errors on the pkg #6607

Apple notarize returns multiple errors on the pkg #6607

Comments

daniboomerang commented Feb 3, 2022 • edited Loading

mmaietta commented Feb 4, 2022

daniboomerang commented Feb 21, 2022 • edited Loading

ABOUT THE SIGNATURE

ABOUT ELECTRON NOTARIZE CODE

ABOUT MY COMPUTER

SUMARIZING

mmaietta commented Feb 25, 2022 • edited Loading

daniboomerang commented Feb 28, 2022

daniboomerang commented Feb 28, 2022

daniboomerang commented Mar 17, 2022

mmaietta commented Mar 19, 2022

daniboomerang commented Apr 20, 2022 • edited Loading

mmaietta commented Apr 20, 2022

daniboomerang commented Apr 21, 2022 • edited Loading

mmaietta commented Apr 21, 2022

daniboomerang commented Apr 21, 2022

walkthunder commented Jan 3, 2023

daniboomerang commented Feb 3, 2022 •

edited

Loading

daniboomerang commented Feb 21, 2022 •

edited

Loading

mmaietta commented Feb 25, 2022 •

edited

Loading

daniboomerang commented Apr 20, 2022 •

edited

Loading

daniboomerang commented Apr 21, 2022 •

edited

Loading