Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

App does not launch after sign - macOS 10.14.5 (Code Signature Invalid)

See original GitHub issue

Development app does not launch after sign - macOS 10.14.5 It runs fine before signing.

Signing:

DEBUG=electron-osx-sign* electron-osx-sign "dist_electron/mas-dev/AppName.app" --platform=mas --type=development --identity="***@gmail.com (***)" --entitlements="entitlements.mas.plist" --entitlements-inherit="entitlements.mas.inherit.plist" --provisioning-profile="development.provisionprofile" --hardened-runtime                                                                                                                                                              electron-osx-sign electron-osx-sign@0.4.11 +0ms
  electron-osx-sign `identity` passed in arguments. +12ms
  electron-osx-sign Executing... security find-identity -v +0ms
  electron-osx-sign Identity: 
 > Name: Mac Developer: ***@gmail.com (***) 
 > Hash: F9E676C025F153B486DECA3F69881B389C905FAC +157ms
  electron-osx-sign Found 1 identity. +0ms
  electron-osx-sign Pre-sign operation enabled for provisioning profile: 
 * Disable by setting `pre-embed-previsioning-profile` to `false`. +1ms
  electron-osx-sign Pre-sign operation enabled for entitlements automation with versions >= `1.1.1`: 
 * Disable by setting `pre-auto-entitlements` to `false`. +0ms
  electron-osx-sign `provisioning-profile` passed in arguments. +0ms
  electron-osx-sign Executing... security cms -D -i development.provisionprofile +1ms
  electron-osx-sign Provisioning profile: 
 > Name: development 
 > Platforms: [ 'darwin', 'mas' ] 
 > Type: development 
 > Path: development.provisionprofile 
 > Message: { AppIDName: 'AppName Desktop Application',
  ApplicationIdentifierPrefix: [ 'xxx' ],
  CreationDate: 2019-07-19T16:37:31.000Z,
  Platform: [ 'OSX' ],
  IsXcodeManaged: false,
  DeveloperCertificates:
   [ <Buffer 30 82 05 8b 30 82 04 73 a0 03 02 01 02 02 08 61 3d dd 51 06 9a 11 6b 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 81 96 31 0b 30 09 06 03 55 04 06 ... 1373 more bytes> ],
  Entitlements:
   { 'com.apple.application-identifier': 'xxx.com.appname.AppName',
     'keychain-access-groups': [ 'xxx.*' ],
     'com.apple.developer.team-identifier': 'xxx' },
  ExpirationDate: 2020-07-18T16:37:31.000Z,
  Name: 'development',
  ProvisionedDevices: [ 'xxx' ],
  TeamIdentifier: [ 'xxx' ],
  TeamName: 'AppName AS',
  TimeToLive: 365,
  UUID: 'xxx',
  Version: 1 } +54ms
  electron-osx-sign Looking for existing provisioning profile... +5ms
  electron-osx-sign Found embedded provisioning profile: 
 * Please manually remove the existing file if not wanted. 
 * Current file at: dist_electron/mas-dev/AppName.app/Contents/embedded.provisionprofile +0ms
  electron-osx-sign Automating entitlement app group... 
 > Info.plist: dist_electron/mas-dev/AppName.app/Contents/Info.plist 
 > Entitlements: entitlements.mas.plist +0ms
  electron-osx-sign `ElectronTeamID` found in `Info.plist`: xxx +5ms
  electron-osx-sign `com.apple.application-identifier` found in entitlements file: xxx.com.appname.AppName +0ms
  electron-osx-sign `com.apple.developer.team-identifier` found in entitlements file: xxx +0ms
  electron-osx-sign `com.apple.security.application-groups` found in entitlements file: xxx.com.appname.AppName +0ms
  electron-osx-sign Entitlements file updated: 
 > Entitlements: /var/folders/zh/7d9c784d5mb2wd4tmmw6jj0m0000gn/T/tmp-entitlements-1c70-0.plist +7ms
  electron-osx-sign Signing application... 
 > Application: dist_electron/mas-dev/AppName.app 
 > Platform: mas 
 > Entitlements: /var/folders/zh/7d9c784d5mb2wd4tmmw6jj0m0000gn/T/tmp-entitlements-1c70-0.plist 
 > Child entitlements: entitlements.mas.inherit.plist 
 > Additional binaries: [] 
 > Identity: { name: 'Mac Developer: ***@gmail.com (***)',
  hash: 'F9E676C025F153B486DECA3F69881B389C905FAC' } +0ms
  electron-osx-sign Walking... dist_electron/mas-dev/AppName.app/Contents +12ms
  electron-osx-sign Signing... dist_electron/mas-dev/AppName.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework +20ms
  electron-osx-sign Executing... codesign --sign F9E676C025F153B486DECA3F69881B389C905FAC --force --options runtime --entitlements entitlements.mas.inherit.plist dist_electron/mas-dev/AppName.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework +0ms
  electron-osx-sign Signing... dist_electron/mas-dev/AppName.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libffmpeg.dylib +3s
  electron-osx-sign Executing... codesign --sign F9E676C025F153B486DECA3F69881B389C905FAC --force --options runtime --entitlements entitlements.mas.inherit.plist dist_electron/mas-dev/AppName.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libffmpeg.dylib +1ms
  electron-osx-sign Signing... dist_electron/mas-dev/AppName.app/Contents/Frameworks/Electron Framework.framework +170ms
  electron-osx-sign Executing... codesign --sign F9E676C025F153B486DECA3F69881B389C905FAC --force --options runtime --entitlements entitlements.mas.inherit.plist dist_electron/mas-dev/AppName.app/Contents/Frameworks/Electron Framework.framework +0ms
  electron-osx-sign Signing... dist_electron/mas-dev/AppName.app/Contents/Frameworks/AppName Helper.app/Contents/MacOS/AppName Helper +2s
  electron-osx-sign Executing... codesign --sign F9E676C025F153B486DECA3F69881B389C905FAC --force --options runtime --entitlements entitlements.mas.inherit.plist dist_electron/mas-dev/AppName.app/Contents/Frameworks/AppName Helper.app/Contents/MacOS/AppName Helper +0ms
  electron-osx-sign Signing... dist_electron/mas-dev/AppName.app/Contents/Frameworks/AppName Helper.app +121ms
  electron-osx-sign Executing... codesign --sign F9E676C025F153B486DECA3F69881B389C905FAC --force --options runtime --entitlements entitlements.mas.inherit.plist dist_electron/mas-dev/AppName.app/Contents/Frameworks/AppName Helper.app +0ms
  electron-osx-sign Signing... dist_electron/mas-dev/AppName.app/Contents/Library/LoginItems/AppName Login Helper.app/Contents/MacOS/AppName Login Helper +118ms
  electron-osx-sign Executing... codesign --sign F9E676C025F153B486DECA3F69881B389C905FAC --force --options runtime --entitlements entitlements.mas.inherit.plist dist_electron/mas-dev/AppName.app/Contents/Library/LoginItems/AppName Login Helper.app/Contents/MacOS/AppName Login Helper +1ms
  electron-osx-sign Signing... dist_electron/mas-dev/AppName.app/Contents/Library/LoginItems/AppName Login Helper.app +111ms
  electron-osx-sign Executing... codesign --sign F9E676C025F153B486DECA3F69881B389C905FAC --force --options runtime --entitlements entitlements.mas.inherit.plist dist_electron/mas-dev/AppName.app/Contents/Library/LoginItems/AppName Login Helper.app +0ms
  electron-osx-sign Signing... dist_electron/mas-dev/AppName.app/Contents/MacOS/AppName +114ms
  electron-osx-sign Executing... codesign --sign F9E676C025F153B486DECA3F69881B389C905FAC --force --options runtime --entitlements entitlements.mas.inherit.plist dist_electron/mas-dev/AppName.app/Contents/MacOS/AppName +1ms
  electron-osx-sign Signing... dist_electron/mas-dev/AppName.app +317ms
  electron-osx-sign Executing... codesign --sign F9E676C025F153B486DECA3F69881B389C905FAC --force --options runtime --entitlements /var/folders/zh/7d9c784d5mb2wd4tmmw6jj0m0000gn/T/tmp-entitlements-1c70-0.plist dist_electron/mas-dev/AppName.app +0ms
  electron-osx-sign Verifying... +295ms
  electron-osx-sign Verifying application bundle with codesign... +1ms
  electron-osx-sign Executing... codesign --verify --deep --strict --verbose=2 dist_electron/mas-dev/AppName.app +0ms
  electron-osx-sign Verified. +896ms
  electron-osx-sign Displaying entitlements... +0ms
  electron-osx-sign Executing... codesign --display --entitlements :- dist_electron/mas-dev/AppName.app +0ms
  electron-osx-sign Entitlements: 
 <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.application-identifier</key>
    <string>xxx.com.appname.AppName</string>
    <key>com.apple.developer.team-identifier</key>
    <string>xxx</string>
    <key>com.apple.security.application-groups</key>
    <array>
      <string>xxx.com.appname.AppName</string>
    </array>
    <key>com.apple.security.network.client</key>
    <true/>
  </dict>
</plist> +34ms
  electron-osx-sign Application signed. +1ms
  electron-osx-sign Application signed: dist_electron/mas-dev/AppName.app +0ms
Application signed: dist_electron/mas-dev/AppName.app

entitlements.mas.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.application-identifier</key>
    <string>XXX.com.appname.AppName</string>
    <key>com.apple.developer.team-identifier</key>
    <string>XXX</string>
    <key>com.apple.security.application-groups</key>
    <array>
      <string>XXX.com.appname.AppName</string>
    </array>
    <key>com.apple.security.network.client</key>
    <true/>
  </dict>
</plist>

entitlements.mas.inherit.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.inherit</key>
    <true/>
  </dict>
</plist>

Crash log:

Process:               AppName [7616]
Path:                  /Users/USER/Documents/*/AppName.app/Contents/MacOS/AppName
Identifier:            com.appname.AppName
Version:               ???
Code Type:             X86-64 (Native)
Parent Process:        ??? [1]
Responsible:           AppName [7616]
User ID:               501

Date/Time:             2019-07-19 20:40:41.462 +0200
OS Version:            Mac OS X 10.14.5 (18F132)
Report Version:        12
Anonymous UUID:        xxx-xxx-xxx-xxx-xxx


Time Awake Since Boot: 100000 seconds

System Integrity Protection: enabled

Crashed Thread:        0

Exception Type:        EXC_CRASH (Code Signature Invalid)
Exception Codes:       0x0000000000000000, 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Termination Reason:    Namespace CODESIGNING, Code 0x1

kernel messages:

VM Regions Near 0 (cr2):
--> 
    __TEXT                 00000001052d8000-0000000105301000 [  164K] r-x/rwx SM=COW  

Thread 0 Crashed:
0                                 	0x0000000112688000 _dyld_start + 0

Thread 0 crashed with X86 Thread State (64-bit):
  rax: 0x0000000000000000  rbx: 0x0000000000000000  rcx: 0x0000000000000000  rdx: 0x0000000000000000
  rdi: 0x0000000000000000  rsi: 0x0000000000000000  rbp: 0x0000000000000000  rsp: 0x00007ffeea927b08
   r8: 0x0000000000000000   r9: 0x0000000000000000  r10: 0x0000000000000000  r11: 0x0000000000000000
  r12: 0x0000000000000000  r13: 0x0000000000000000  r14: 0x0000000000000000  r15: 0x0000000000000000
  rip: 0x0000000112688000  rfl: 0x0000000000000200  cr2: 0x0000000000000000
  
Logical CPU:     0
Error Code:      0x00000000
Trap Number:     0


Binary Images:
       0x1052d8000 -        0x105300ff7 + (0) <3788637B-0A53-3737-B3B6-C827ABF3E314> 
       0x112687000 -        0x1126f16ef + (655.1.1) <CE635DB2-D47E-3C05-A0A3-6BD982E7E750> 

External Modification Summary:
  Calls made by other processes targeting this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by all processes on this machine:
    task_for_pid: 3857626
    thread_create: 0
    thread_set_state: 0

VM Region Summary:
ReadOnly portion of Libraries: Total=776K resident=0K(0%) swapped_out_or_unallocated=776K(100%)
Writable regions: Total=8404K written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=8404K(100%)
 
                                VIRTUAL   REGION 
REGION TYPE                        SIZE    COUNT (non-coalesced) 
===========                     =======  ======= 
STACK GUARD                       56.0M        1 
Stack                             8192K        1 
__DATA                             244K        4 
__LINKEDIT                         184K        2 
__TEXT                             592K        2 
shared memory                        8K        2 
===========                     =======  ======= 
TOTAL                             65.0M       12 

Model: Macmini6,2, BootROM 278.0.0.0.0, 4 processors, Intel Core i7, 2,6 GHz, 12 GB, SMC 2.8f1
Graphics: kHW_IntelHD4000Item, Intel HD Graphics 4000, spdisplays_builtin
Memory Module: BANK 0/DIMM0, 8 GB, DDR3, 1600 MHz, 0x859B, 0x43543130323436344246313630422E433136
Memory Module: BANK 1/DIMM0, 4 GB, DDR3, 1600 MHz, 0x80CE, 0x4D34373142353137334442302D594B302020
AirPort: spairport_wireless_card_type_airport_extreme (0x14E4, 0x10E), Broadcom BCM43xx 1.0 (7.21.190.33 AirPortDriverBrcm4360-1325.2)
Bluetooth: Version 6.0.12f1, 3 services, 27 devices, 1 incoming serial ports
Network Service: Wi-Fi, AirPort, en1
Serial ATA Device: APPLE SSD SM256E, 251 GB
USB Device: USB 2.0 Bus
USB Device: Hub
USB Device: Keyboard Hub
USB Device: USB Receiver
USB Device: Apple Keyboard
USB Device: USB 2.0 Bus
USB Device: Hub
USB Device: Hub
USB Device: IR Receiver
USB Device: BRCM20702 Hub
USB Device: Bluetooth USB Host Controller
USB Device: USB 3.0 Bus
USB Device: Hub
USB Device: Hub
USB Device: SHANG CHEN HID
USB Device: Hub
USB Device: Hub
Thunderbolt Bus: Mac mini, Apple Inc., 23.4

All certs and provisioning profile is just created:

Skjermbilde 2019-07-19 kl 20 19 08

When trying to do the same with a plain project, I got another error: https://github.com/electron/electron-osx-sign/issues/199

But the plain project (electron-quick-start) without manual sign gives the same crash log as this one.

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Reactions:11
  • Comments:41 (7 by maintainers)

github_iconTop GitHub Comments

6reactions
sethlucommented, Oct 26, 2019

While you are trying with the asar unpack things… I think it may be nice to summarize the discussion above:

  • For distribution inside the Mac App Store
    • App sandbox required
    • No need for notarization (probably just don’t bother doing this) – the app review process will check for the suspicious code, so there’s no need to check that manually again
  • For distribution outside the Mac App Store
    • App sandbox not required (probably just don’t bother doing this)
    • Notarization required (therefore hardened runtime as a requirement) – this checks for suspicious code (link to Apple documentation)
      • Since we’re in hardened runtime, there are exception entitlements we need to add for Electron, otherwise the app will break upon launch (note: no need to include the app sandbox entitlement entries if you’re not making thee app sandboxed)
      • I haven’t confirmed this yet… but since we’re doing a custom codesigning workflow, we will need to include --timestamp when using codesign (electron-osx-sign --timestamp in the latest release should do this too)
6reactions
steffanhalvcommented, Jul 21, 2019

This worked for me, which I used now temorarily instead of electron-osx-sign, all of these files should be placed in root of project.

Replace AppName, CompanyName (xxx) and /dist_electron/mas/$APP.app with your own.

sign-mas.sh

#!/bin/bash

CURRENT_PATH="$( cd "$(dirname "$0")" ; pwd -P )"

# Name of your app.
APP="AppName"
COMPANY_DEVELOPER_ID="CompanyName (xxx)"
# The path of your app to sign.
APP_PATH="$CURRENT_PATH/dist_electron/mas/$APP.app"
# The path to the location you want to put the signed package.
RESULT_PATH="$CURRENT_PATH/dist_electron/mas/$APP-Publish-Ready.pkg"

# The name of certificates you requested.
APP_KEY="3rd Party Mac Developer Application: $COMPANY_DEVELOPER_ID"
INSTALLER_KEY="3rd Party Mac Developer Installer: $COMPANY_DEVELOPER_ID"
# The path of your plist files.
CHILD_PLIST="$CURRENT_PATH/entitlements.mas.inherit.plist"
PARENT_PLIST="$CURRENT_PATH/entitlements.mas.plist"
LOGINHELPER_PLIST="$CURRENT_PATH/entitlements.mas.loginhelper.plist"

FRAMEWORKS_PATH="$APP_PATH/Contents/Frameworks"

codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$FRAMEWORKS_PATH/Electron Framework.framework/Versions/A/Electron Framework"
codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$FRAMEWORKS_PATH/Electron Framework.framework/Versions/A/Libraries/libffmpeg.dylib"
codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$FRAMEWORKS_PATH/Electron Framework.framework/Versions/A/Libraries/libnode.dylib"
codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$FRAMEWORKS_PATH/Electron Framework.framework"
codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$FRAMEWORKS_PATH/$APP Helper.app/Contents/MacOS/$APP Helper"
codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$FRAMEWORKS_PATH/$APP Helper.app/"
codesign -s "$APP_KEY" -f --entitlements "$LOGINHELPER_PLIST" "$APP_PATH/Contents/Library/LoginItems/$APP Login Helper.app/Contents/MacOS/$APP Login Helper"
codesign -s "$APP_KEY" -f --entitlements "$LOGINHELPER_PLIST" "$APP_PATH/Contents/Library/LoginItems/$APP Login Helper.app/"
codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$APP_PATH/Contents/MacOS/$APP"
codesign -s "$APP_KEY" -f --entitlements "$PARENT_PLIST" "$APP_PATH"

productbuild --component "$APP_PATH" /Applications --sign "$INSTALLER_KEY" "$RESULT_PATH"

entitlements.mas.loginhelper.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
  </dict>
</plist>

entitlements.mas.inherit.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.inherit</key>
    <true/>
  </dict>
</plist>

entitlements.mas.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.application-groups</key>
    <array>
      <string>XXX.com.appname.AppName</string>
    </array>
    <key>com.apple.security.network.client</key>
    <true/>
  </dict>
</plist>

Then run sh sign-mas.shto create a valid file for publishment.

Read more comments on GitHub >

github_iconTop Results From Across the Web

macOS 10.14.5 (Code Signature Invalid) · Issue #200 ... - GitHub
Development app does not launch after sign - macOS 10.14.5 It runs fine before signing. Signing: DEBUG=electron-osx-sign* electron-osx-sign ...
Read more >
Error of invalid code signature | Apple Developer Forums
Recently I run my project that is made on swift and for macos platform is show error releated to invalid code signature when...
Read more >
What to do when you can't launch an app
There are now many reasons that macOS may refuse to open an app normally, ranging from damage to the ... EXC_CRASH (Code Signature...
Read more >
The code signature version is no longer supported
General advice · This got my application onto the iPhone (iOS 15), but now it says all my cocoapods have invalid signatures. Anyone...
Read more >
EXC_CRASH (Code Signature Invalid) - FileZilla Forums
I've done that. No change. I still get the same error and the app doesn't launch. It looks like the key signing the...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

macOS Store Crash: Entitlements as Binary Plist instead of Plist

Next page

Gatekeeper assessment no longer valid on mac 10.14.5