MAS build signing error

• Version: 22.9.1

• Electron Version: 8.5.3
• Electron Type (current, beta, nightly): current

• electron-updater Type (current, beta, nightly): 4.3.5

• Target: mas

I have an open-sourced app, so every file you can found there. For example here are entitlements: https://github.com/ubergrape/grape-electron/tree/master/build electron-builder config here: https://github.com/ubergrape/grape-electron/blob/master/package.json#L49 Please mention that when I’m building the MAS app, I’m setting hardenedRuntime to false.

So, my problem is that I have signature problems for MAS build. When Apple doing code review they’re reporting that on start-up this window is popping up.

App previously was in the app store and passed review somehow, but now we decided to delete it because we can’t update it any more due to signature error.

Basically, there’s no difference between the latest release to Mac Store and the current latest release except for some basic code logic changes.

Also, this error wasn’t reproducible for me when the app was in store, but some of our customers reported it. Don’t know how this can happen, as I can successfully upload the app throw Transporter and send in to review.

With help of taccy, I can see that app really having some errors.

Here is a log for the app from taccy:

App path: /Users/aleshaoleg/Documents/Projects/grape-electron/dist/mas/Grape.app
app ID: com.ChatGrape
version: 3.3.0
build: 169
SDK version: macosx10.15

Usage Descriptions:
NSMicrophoneUsageDescription : We need access to your microphone so people you talk to in a Grape Call can hear you.
NSCameraUsageDescription : Allow your conversational partners to see you in a Grape Call. You can turn off your video anytime during a call.

Entitlements:
com.apple.security.network.client : 1
com.apple.security.device.audio-input : 1
com.apple.developer.team-identifier : Y8DPE6DGC7
com.apple.security.app-sandbox : 1
com.apple.security.files.user-selected.read-write : 1
com.apple.security.device.camera : 1
com.apple.security.device.microphone : 1
com.apple.security.application-groups : (
    "Y8DPE6DGC7.com.ChatGrape"
)
com.apple.application-identifier : Y8DPE6DGC7.com.ChatGrape
com.apple.security.cs.allow-unsigned-executable-memory : 1
com.apple.security.network.server : 1

App signature check:
⛔️ spctl error 3
/Users/aleshaoleg/Documents/Projects/grape-electron/dist/mas/Grape.app: rejected
origin=3rd Party Mac Developer Application: UberGrape GmbH (Y8DPE6DGC7)


codesign check:
Executable=/Users/aleshaoleg/Documents/Projects/grape-electron/dist/mas/Grape.app/Contents/MacOS/Grape
Identifier=com.ChatGrape
Format=app bundle with Mach-O thin (x86_64)
CodeDirectory v=20200 size=1709 flags=0x0(none) hashes=46+5 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha1=e872c9c832e1a2e816217974d615d8006971b2cf
CandidateCDHashFull sha1=e872c9c832e1a2e816217974d615d8006971b2cf
CandidateCDHash sha256=05ca6b86c4594a7380cf045748a244ea34fee6a3
CandidateCDHashFull sha256=05ca6b86c4594a7380cf045748a244ea34fee6a346a79c7f97bfe7dfaf95e959
Hash choices=sha1,sha256
CMSDigest=c60d8bda543db60724c66c61932c3c6f38905586e480827e0c8a39ef950814db
CMSDigestType=2
CDHash=05ca6b86c4594a7380cf045748a244ea34fee6a3
Signature size=9126
Authority=3rd Party Mac Developer Application: UberGrape GmbH (Y8DPE6DGC7)
Authority=Apple Worldwide Developer Relations Certification Authority
Authority=Apple Root CA
Timestamp=07.11.2020 at 02:38:13
Info.plist entries=29
TeamIdentifier=********C7
Sealed Resources version=2 rules=13 files=9
Internal requirements count=1 size=196

Basically, all of these I can receive with the codesign -dvvv mas/Grape.app command, but it’s easier for me test like this.

Also, there’s a log for codesign --verify --deep --strict --verbose=2 mas/Grape.app:

--prepared:/Users/aleshaoleg/Desktop/mas.app/Contents/Frameworks/Grape Helper (GPU).app
--prepared:/Users/aleshaoleg/Desktop/mas.app/Contents/Library/LoginItems/Grape Login Helper.app
--validated:/Users/aleshaoleg/Desktop/mas.app/Contents/Library/LoginItems/Grape Login Helper.app
--validated:/Users/aleshaoleg/Desktop/mas.app/Contents/Frameworks/Grape Helper (GPU).app
--prepared:/Users/aleshaoleg/Desktop/mas.app/Contents/Frameworks/Grape Helper (Plugin).app
--validated:/Users/aleshaoleg/Desktop/mas.app/Contents/Frameworks/Grape Helper (Plugin).app
--prepared:/Users/aleshaoleg/Desktop/mas.app/Contents/Frameworks/Grape Helper (Renderer).app
--validated:/Users/aleshaoleg/Desktop/mas.app/Contents/Frameworks/Grape Helper (Renderer).app
--prepared:/Users/aleshaoleg/Desktop/mas.app/Contents/Frameworks/Electron Framework.framework/Versions/Current/.
--validated:/Users/aleshaoleg/Desktop/mas.app/Contents/Frameworks/Electron Framework.framework/Versions/Current/.
--prepared:/Users/aleshaoleg/Desktop/mas.app/Contents/Frameworks/Grape Helper.app
--validated:/Users/aleshaoleg/Desktop/mas.app/Contents/Frameworks/Grape Helper.app
/Users/aleshaoleg/Desktop/mas.app/: valid on disk
/Users/aleshaoleg/Desktop/mas.app/: satisfies its Designated Requirement

As you can see I’m receiving error: spctl error 3. Are any ways to fix it?

Tried almost everything already what I found in Google, like resigning app, updating related packages (electron, electron-builder, electron-updater) to the latest versions, used different entitlements, etc. And mas-dev build works for me totally fine, without any issues.

So, is somebody having the same issue? Can somebody help me to resolve this one? Please ping me, if you need any assistance with debugging or running some commands on my machine as I have certificates.

I think that’s all of the information I have.