Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

App rejected when Mac Developer certificate is in keychain

See original GitHub issue
  • Version: 7.25.0
  • Target: macOS

I wanted to get auto updates working by signing the macOS app so I installed Xcode and created a Mac Development certificate in the Preferences/Accounts panel on my Apple ID (don’t have a real Developer ID yet). Now electron-builder gives me an error in the build process. If I revoke the certificate the error goes away. It actually creates a working .app, but no .dmg or .zip as before.

⚠️  Application icon is not set, default Electron icon will be used
⚠️  Mac Developer is used to sign app — it is only for development and testing, not for production
Signing app (identity: Mac Developer: ****@**.** (LFH******))

Error: Exit code: 3. Command failed: spctl --assess --type execute --verbose --ignore-cache --no-cache /Users/el/code/electron/autotron/dist/mac/Autotron.app
/Users/el/code/electron/autotron/dist/mac/Autotron.app: rejected

/Users/el/code/electron/autotron/dist/mac/Autotron.app: rejected

    at /Users/el/code/electron/autotron/node_modules/electron-osx-sign-tf/util.js:69:16
    at ChildProcess.exithandler (child_process.js:213:5)
    at emitTwo (events.js:106:13)
    at ChildProcess.emit (events.js:191:7)
    at maybeClose (internal/child_process.js:877:16)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:226:5)
From previous event:
    at module.exports.execFileAsync (/Users/el/code/electron/autotron/node_modules/electron-osx-sign-tf/util.js:48:10)
    at /Users/el/code/electron/autotron/node_modules/electron-osx-sign-tf/sign.js:99:16
From previous event:
    at verifySignApplicationAsync (/Users/el/code/electron/autotron/node_modules/electron-osx-sign-tf/sign.js:97:8)
    at /Users/el/code/electron/autotron/node_modules/electron-osx-sign-tf/sign.js:181:25
    at runCallback (timers.js:574:20)
    at tryOnImmediate (timers.js:554:5)
    at processImmediate [as _immediateCallback] (timers.js:533:5)
From previous event:
    at /Users/el/code/electron/autotron/node_modules/electron-osx-sign-tf/sign.js:178:10
From previous event:
    at signApplicationAsync (/Users/el/code/electron/autotron/node_modules/electron-osx-sign-tf/sign.js:121:6)
    at /Users/el/code/electron/autotron/node_modules/electron-osx-sign-tf/sign.js:330:14
From previous event:
    at module.exports.signAsync (/Users/el/code/electron/autotron/node_modules/electron-osx-sign-tf/sign.js:322:6)
    at /Users/el/code/electron/autotron/node_modules/electron-builder/src/macPackager.ts:196:12
    at next (native)
    at MacPackager.doSign (/Users/el/code/electron/autotron/node_modules/electron-builder/out/macPackager.js:262:11)
    at /Users/el/code/electron/autotron/node_modules/electron-builder/src/macPackager.ts:169:56
    at next (native)
    at runCallback (timers.js:574:20)
    at tryOnImmediate (timers.js:554:5)
    at processImmediate [as _immediateCallback] (timers.js:533:5)

Issue Analytics

  • State:closed
  • Created 7 years ago
  • Comments:22 (17 by maintainers)

github_iconTop GitHub Comments

2reactions
TimNZcommented, Apr 6, 2017

Developer signing is fine for apps distributed out of stores.

The gatekeeper check that electron-builder runs in the pipeline fails though because of it with default OS settings.

Running ‘spctl --master-disable’ gets past that point.

electron-builder needs an option to disable setting gatekeeper-assess = true for electron-osx-sign, in macPackager.js

1reaction
akashnimarecommented, Apr 6, 2017

I just successfully signed one of my electron app to distribute it outside the Mac store. Let me know if you guys need any help. It took me months to completely understand the whole code sign process.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Signed app prompts for keychain password - Apple Developer
We were using “3rd Party Mac Developer Application” certificate to sign our app which stores some sensitive data in a separate custom keychain....
Read more >
App Rejected for Revoked Certificate - Ohanaware.com
Tryign to submit an update of Iconographer Mini was failing because of a revoked certificate, yet according to Keychain Access and App Wrapper, ......
Read more >
A Step-by-Step Guide for iOS App Store Submission in 2022
First, you need a so-called .p12 certificate which needs to be generated in both the keychain app and the Apple developer account.
Read more >
Can an Apple Dev Team have one member and have two ...
It looks like this issue can be fixed by adding the certificate directly to the Login keychain. Share.
Read more >
Creating the iOS Distribution Certificate
Sign in to your Apple Developer account and navigate to ... In the menu bar, navigate to Keychain Access > Certificate Assistant >...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Add option to wrap AppImage in tarball

Next page

NSIS with oneClick set to true does not relaunch the app after update