search

beeware / briefcase

Tools to support converting a Python project into a standalone native application.
https://briefcase.readthedocs.io/
BSD 3-Clause "New" or "Revised" License
2.57k stars 363 forks source link

macOS - Unable to code sign .../PACKAGE.app #1079

Closed dynobo closed 1 year ago

dynobo commented 1 year ago

Describe the bug

Hi, I'm trying to upgrade from briefcase v0.3.9 to v0.3.12, but with the new version the briefcase build step fails for the macOS .app-package. It ad-hoc signs a lot of dependencies successfully, but then fails on the app itself: 

Signing macOS/app/NormCap/NormCap.app
   - ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╸ 99.5% • 00:01

Unable to code sign /Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app.

Note: After the briefcase create command went through, I copy tesseract as an external dependency into the app directory, as I couldn't find another option to include it into the package. Might this be related?

Any ideas how to fix this? Thanks!

Steps to reproduce

  1. Create a PySide6 package
  2. Run briefcase create and briefcase build on a macOS 11 gh-action runner
  3. See error

Expected behavior

The ad-hoc signing should complete without an error

Environment

Logs

Date/Time:       2023-02-04 12:06:10 
Command line:    /Users/runner/Library/Caches/pypoetry/virtualenvs/normcap-IfoJSxBz-py3.10/bin/briefcase build

OS Release:      Darwin 20.6.0
OS Version:      Darwin Kernel Version 20.6.0: Fri Dec 16 00:35:00 PST 2022; root:xnu-7195.141.49~1/RELEASE_X86_64
Architecture:    x86_64
Platform:        macOS-11.7.3-x86_64-i386-64bit

Python exe:      /Users/runner/Library/Caches/pypoetry/virtualenvs/normcap-IfoJSxBz-py3.10/bin/python
Python version:  3.10.9 (main, Dec  7 2022, 08:16:53) [Clang 13.0.0 (clang-1300.0.29.30)]
Virtual env:     True
Conda env:       False

Briefcase:       0.3.12
Target platform: macOS
Target format:   app

Environment Variables:
    AGENT_TOOLSDIRECTORY=/Users/runner/hostedtoolcache
    ANDROID_HOME=/Users/runner/Library/Android/sdk
    ANDROID_NDK=/Users/runner/Library/Android/sdk/ndk/25.1.8937393
    ANDROID_NDK_HOME=/Users/runner/Library/Android/sdk/ndk/25.1.8937393
    ANDROID_NDK_LATEST_HOME=/Users/runner/Library/Android/sdk/ndk/25.1.8937393
    ANDROID_NDK_ROOT=/Users/runner/Library/Android/sdk/ndk/25.1.8937393
    ANDROID_SDK_ROOT=/Users/runner/Library/Android/sdk
    BOOTSTRAP_HASKELL_INSTALL_NO_STACK_HOOK=1export
    BOOTSTRAP_HASKELL_NONINTERACTIVE=1
    CHROMEWEBDRIVER=/usr/local/Caskroom/chromedriver/109.0.5414.74
    CI=true
    CONDA=/usr/local/miniconda
    DOTNET_MULTILEVEL_LOOKUP=0
    DOTNET_ROOT=/Users/runner/.dotnet
    EDGEWEBDRIVER=/usr/local/share/edge_driver
    GECKOWEBDRIVER=/usr/local/opt/geckodriver/bin
    GITHUB_ACTION=__run_13
    GITHUB_ACTIONS=true
    GITHUB_ACTION_REF=
    GITHUB_ACTION_REPOSITORY=
    GITHUB_ACTOR=dynobo
    GITHUB_ACTOR_ID=11071876
    GITHUB_API_URL=********************
    GITHUB_BASE_REF=main
    GITHUB_ENV=/Users/runner/work/_temp/_runner_file_commands/set_env_df82166a-fbd8-44a4-ad0b-15dffb570953
    GITHUB_EVENT_NAME=pull_request
    GITHUB_EVENT_PATH=/Users/runner/work/_temp/_github_workflow/event.json
    GITHUB_GRAPHQL_URL=https://api.github.com/graphql
    GITHUB_HEAD_REF=feature/update-briefcase
    GITHUB_JOB=test
    GITHUB_OUTPUT=/Users/runner/work/_temp/_runner_file_commands/set_output_df82166a-fbd8-44a4-ad0b-15dffb570953
    GITHUB_PATH=/Users/runner/work/_temp/_runner_file_commands/add_path_df82166a-fbd8-44a4-ad0b-15dffb570953
    GITHUB_REF=refs/pull/377/merge
    GITHUB_REF_NAME=377/merge
    GITHUB_REF_PROTECTED=false
    GITHUB_REF_TYPE=branch
    GITHUB_REPOSITORY=dynobo/normcap
    GITHUB_REPOSITORY_ID=202401693
    GITHUB_REPOSITORY_OWNER=dynobo
    GITHUB_REPOSITORY_OWNER_ID=11071876
    GITHUB_RETENTION_DAYS=90
    GITHUB_RUN_ATTEMPT=1
    GITHUB_RUN_ID=4091457773
    GITHUB_RUN_NUMBER=1757
    GITHUB_SERVER_URL=https://github.com
    GITHUB_SHA=2a38cc21049006a36d61c8bce1b2649d2fc5c01c
    GITHUB_STATE=/Users/runner/work/_temp/_runner_file_commands/save_state_df82166a-fbd8-44a4-ad0b-15dffb570953
    GITHUB_STEP_SUMMARY=/Users/runner/work/_temp/_runner_file_commands/step_summary_df82166a-fbd8-44a4-ad0b-15dffb570953
    GITHUB_TRIGGERING_ACTOR=dynobo
    GITHUB_WORKFLOW=Build
    GITHUB_WORKFLOW_REF=dynobo/normcap/.github/workflows/python.yaml@refs/pull/377/merge
    GITHUB_WORKFLOW_SHA=2a38cc21049006a36d61c8bce1b2649d2fc5c01c
    GITHUB_WORKSPACE=/Users/runner/work/normcap/normcap
    GOROOT_1_17_X64=/Users/runner/hostedtoolcache/go/1.17.13/x64
    GOROOT_1_18_X64=/Users/runner/hostedtoolcache/go/1.18.10/x64
    GOROOT_1_19_X64=/Users/runner/hostedtoolcache/go/1.19.5/x64
    GRAALVM_11_ROOT=/Library/Java/JavaVirtualMachines/graalvm-ce-java11-22.3.1/Contents/Home/bin
    HOME=/Users/runner
    HOMEBREW_CASK_OPTS=--no-quarantine
    HOMEBREW_CLEANUP_PERIODIC_FULL_DAYS=3650
    HOMEBREW_NO_AUTO_UPDATE=1
    ImageOS=macos11
    ImageVersion=20230125.1
    JAVA_HOME=/Users/runner/hostedtoolcache/Java_Temurin-Hotspot_jdk/8.0.362-9/x64/Contents/Home/
    JAVA_HOME_11_X64=/Users/runner/hostedtoolcache/Java_Temurin-Hotspot_jdk/11.0.18-10/x64/Contents/Home/
    JAVA_HOME_17_X64=/Users/runner/hostedtoolcache/Java_Temurin-Hotspot_jdk/17.0.6-10/x64/Contents/Home/
    JAVA_HOME_8_X64=/Users/runner/hostedtoolcache/Java_Temurin-Hotspot_jdk/8.0.362-9/x64/Contents/Home/
    LANG=en_US.UTF-8
    LC_ALL=en_US.UTF-8
    LC_CTYPE=en_US.UTF-8
    LOGNAME=runner
    NUNIT3_PATH=/Library/Developer/nunit/3.6.0
    NUNIT_BASE_PATH=/Library/Developer/nunit
    NVM_CD_FLAGS=
    NVM_DIR=/Users/runner/.nvm
    PATH=/Users/runner/Library/Caches/pypoetry/virtualenvs/normcap-IfoJSxBz-py3.10/bin:/usr/local/lib/ruby/gems/2.7.0/bin:/usr/local/opt/ruby@2.7/bin:/usr/local/opt/pipx_bin:/Users/runner/.cargo/bin:/usr/local/opt/curl/bin:/usr/local/bin:/usr/local/sbin:/Users/runner/bin:/Users/runner/.yarn/bin:/Users/runner/Library/Android/sdk/tools:/Users/runner/Library/Android/sdk/platform-tools:/Library/Frameworks/Python.framework/Versions/Current/bin:/Library/Frameworks/Mono.framework/Versions/Current/Commands:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Library/Apple/usr/bin:/Library/Frameworks/Mono.framework/Versions/Current/Commands:/Users/runner/hostedtoolcache/Python/3.10.9/x64/bin:/Users/runner/hostedtoolcache/Python/3.10.9/x64:/usr/local/lib/ruby/gems/2.7.0/bin:/usr/local/opt/ruby@2.7/bin:/usr/local/opt/pipx_bin:/Users/runner/.cargo/bin:/usr/local/opt/curl/bin:/usr/local/sbin:/Users/runner/bin:/Users/runner/.yarn/bin:/Users/runner/Library/Android/sdk/tools:/Users/runner/Library/Android/sdk/platform-tools:/Library/Frameworks/Python.framework/Versions/Current/bin:/Users/runner/.dotnet/tools:/Users/runner/.ghcup/bin:/Users/runner/hostedtoolcache/stack/2.9.3/x64:/Users/runner/.dotnet/tools:/Users/runner/.ghcup/bin:/Users/runner/hostedtoolcache/stack/2.9.3/x64
    PERFLOG_LOCATION_SETTING=RUNNER_PERFLOG
    PIPX_BIN_DIR=/usr/local/opt/pipx_bin
    PIPX_HOME=/usr/local/opt/pipx
    PKG_CONFIG_PATH=/Users/runner/hostedtoolcache/Python/3.10.9/x64/lib/pkgconfig
    POWERSHELL_DISTRIBUTION_CHANNEL=GitHub-Actions-macos11
    ***
    Python2_ROOT_DIR=/Users/runner/hostedtoolcache/Python/3.10.9/x64
    Python3_ROOT_DIR=/Users/runner/hostedtoolcache/Python/3.10.9/x64
    Python_ROOT_DIR=/Users/runner/hostedtoolcache/Python/3.10.9/x64
    RCT_NO_LAUNCH_PACKAGER=1
    RUNNER_ARCH=X64
    RUNNER_NAME=GitHub Actions 6
    RUNNER_OS=macOS
    RUNNER_PERFLOG=/usr/local/opt/runner/perflog
    RUNNER_TEMP=/Users/runner/work/_temp
    RUNNER_TOOL_CACHE=/Users/runner/hostedtoolcache
    RUNNER_TRACKING_ID=github_8e5790ab-e583-4faf-aaa9-350805db3b8b
    RUNNER_WORKSPACE=/Users/runner/work/normcap
    SHELL=/bin/bash
    SHLVL=3
    SSH_AUTH_SOCK=/private/tmp/com.apple.launchd.PjDHl1Wslg/Listeners
    STATS_RDCL=true
    TMPDIR=/var/folders/24/8k48jl6d249_n_qfxwsl6xvm0000gn/T/
    USER=runner
    VCPKG_INSTALLATION_ROOT=/usr/local/share/vcpkg
    VIRTUAL_ENV=/Users/runner/Library/Caches/pypoetry/virtualenvs/normcap-IfoJSxBz-py3.10
    VM_ASSETS=/usr/local/opt/runner/scripts
    XCODE_11_DEVELOPER_DIR=/Applications/Xcode_11.7.app/Contents/Developer
    XCODE_12_DEVELOPER_DIR=/Applications/Xcode_12.5.1.app/Contents/Developer
    XCODE_13_DEVELOPER_DIR=/Applications/Xcode_13.2.1.app/Contents/Developer
    XPC_FLAGS=0x0
    XPC_SERVICE_NAME=0
    _=/Users/runner/Library/Caches/pypoetry/virtualenvs/normcap-IfoJSxBz-py3.10/bin/briefcase
    __CF_USER_TEXT_ENCODING=0x1F5:0:0
    pythonLocation=/Users/runner/hostedtoolcache/Python/3.10.9/x64

Briefcase Log:
[12:05:22]                                                                                                                                                                 app.py:59
           [normcap] Adhoc signing app...                                                                                                                                  app.py:59
           Signing macOS/app/NormCap/NormCap.app/Contents/Resources/support/python-stdlib/lib-dynload/zlib.cpython-310-darwin.so                                     __init__.py:280
                                                                                                                                                                   subprocess.py:664
           >>> Running Command:                                                                                                                                    subprocess.py:665
           >>>     codesign                                                                                                                                        subprocess.py:666
           /Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app/Contents/Resources/support/python-stdlib/lib-dynload/zlib.cpython-310-darwin.so --sign                  
           - --force --entitlements /Users/runner/work/normcap/normcap/macOS/app/NormCap/Entitlements.plist                                                                         
           >>> Working Directory:                                                                                                                                  subprocess.py:673
           >>>     /Users/runner/work/normcap/normcap                                                                                                              subprocess.py:674
[12:05:23] >>> Return code: 0                                                                                                                                      subprocess.py:701
           Signing macOS/app/NormCap/NormCap.app/Contents/Resources/support/python-stdlib/lib-dynload/unicodedata.cpython-310-darwin.so                              __init__.py:280
                                                                                                                                                                   subprocess.py:664
           >>> Running Command:                                                                                                                                    subprocess.py:665
           >>>     codesign                                                                                                                                        subprocess.py:666
           /Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app/Contents/Resources/support/python-stdlib/lib-dynload/unicodedata.cpython-310-darwin.so                  
           --sign - --force --entitlements /Users/runner/work/normcap/normcap/macOS/app/NormCap/Entitlements.plist                                                                  
           >>> Working Directory:                                                                                                                                  subprocess.py:673
           >>>     /Users/runner/work/normcap/normcap                                                                                                              subprocess.py:674
           >>> Return code: 0                                                                                                                                      subprocess.py:701

[... A LOT MORE SUCCESSFUL SIGNINGS ...] 
                                                                                                                                 subprocess.py:701
           Signing macOS/app/NormCap/NormCap.app/Contents/Resources/app_packages/PIL/.dylibs/libXau.6.0.0.dylib                                                      __init__.py:280
                                                                                                                                                                   subprocess.py:664
           >>> Running Command:                                                                                                                                    subprocess.py:665
           >>>     codesign /Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app/Contents/Resources/app_packages/PIL/.dylibs/libXau.6.0.0.dylib --sign subprocess.py:666
           - --force --entitlements /Users/runner/work/normcap/normcap/macOS/app/NormCap/Entitlements.plist                                                                         
           >>> Working Directory:                                                                                                                                  subprocess.py:673
           >>>     /Users/runner/work/normcap/normcap                                                                                                              subprocess.py:674
           >>> Return code: 0                                                                                                                                      subprocess.py:701
           Signing macOS/app/NormCap/NormCap.app                                                                                                                     __init__.py:280
                                                                                                                                                                   subprocess.py:664
           >>> Running Command:                                                                                                                                    subprocess.py:665
           >>>     codesign /Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app --sign - --force --entitlements                                       subprocess.py:666
           /Users/runner/work/normcap/normcap/macOS/app/NormCap/Entitlements.plist                                                                                                  
           >>> Working Directory:                                                                                                                                  subprocess.py:673
           >>>     /Users/runner/work/normcap/normcap                                                                                                              subprocess.py:674
[12:06:09] >>> Return code: 1                                                                                                                                      subprocess.py:701
                                                                                                                                                                      __main__.py:30
           Unable to code sign /Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app.                                                                      __main__.py:31

Main thread traceback:
╭─────────────────────────────────────────────────────────────────────── Traceback (most recent call last) ────────────────────────────────────────────────────────────────────────╮
│ /Users/runner/Library/Caches/pypoetry/virtualenvs/normcap-IfoJSxBz-py3.10/lib/python3.10/site-packages/briefcase/platforms/macOS/__init__.py:282 in sign_file                    │
│                                                                                                                                                                                  │
│   279 │   │                                                                                                                                                                      │
│   280 │   │   self.logger.info(f"Signing {Path(path).relative_to(self.base_path)}")                                                                                              │
│   281 │   │   try:                                                                                                                                                               │
│ ❱ 282 │   │   │   self.tools.subprocess.run(                                                                                                                                     │
│   283 │   │   │   │   process_command,                                                                                                                                           │
│   284 │   │   │   │   stderr=subprocess.PIPE,                                                                                                                                    │
│   285 │   │   │   │   check=True,                                                                                                                                                │
│                                                                                                                                                                                  │
│ ╭───────────────────────────────────────────────── locals ─────────────────────────────────────────────────╮                                                                     │
│ │    entitlements = PosixPath('/Users/runner/work/normcap/normcap/macOS/app/NormCap/Entitlements.plist')   │                                                                     │
│ │          errors = '/Applications/Xcode_13.2.1.app/Contents/Developer/Toolchains/XcodeDefault.xctool'+388 │                                                                     │
│ │        identity = '-'                                                                                    │                                                                     │
│ │         options = None                                                                                   │                                                                     │
│ │            path = PosixPath('/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app')          │                                                                     │
│ │ process_command = [                                                                                      │                                                                     │
│ │                   │   'codesign',                                                                        │                                                                     │
│ │                   │   '/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app',                │                                                                     │
│ │                   │   '--sign',                                                                          │                                                                     │
│ │                   │   '-',                                                                               │                                                                     │
│ │                   │   '--force',                                                                         │                                                                     │
│ │                   │   '--entitlements',                                                                  │                                                                     │
│ │                   │   '/Users/runner/work/normcap/normcap/macOS/app/NormCap/Entitlements.plist'          │                                                                     │
│ │                   ]                                                                                      │                                                                     │
│ │            self = <briefcase.platforms.macOS.app.macOSAppBuildCommand object at 0x10ae77f40>             │                                                                     │
│ ╰──────────────────────────────────────────────────────────────────────────────────────────────────────────╯                                                                     │
│                                                                                                                                                                                  │
│ /Users/runner/Library/Caches/pypoetry/virtualenvs/normcap-IfoJSxBz-py3.10/lib/python3.10/site-packages/briefcase/integrations/subprocess.py:117 in inner                         │
│                                                                                                                                                                                  │
│   114 │   │   """                                                                                                                                                                │
│   115 │   │   # Just run the command if no dynamic elements are active                                                                                                           │
│   116 │   │   if not sub.tools.input.is_console_controlled:                                                                                                                      │
│ ❱ 117 │   │   │   return sub_method(sub, args, **kwargs)                                                                                                                         │
│   118 │   │                                                                                                                                                                      │
│   119 │   │   remove_dynamic_elements = False                                                                                                                                    │
│   120                                                                                                                                                                            │
│                                                                                                                                                                                  │
│ ╭────────────────────────────────────────── locals ──────────────────────────────────────────╮                                                                                   │
│ │       args = [                                                                             │                                                                                   │
│ │              │   'codesign',                                                               │                                                                                   │
│ │              │   '/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app',       │                                                                                   │
│ │              │   '--sign',                                                                 │                                                                                   │
│ │              │   '-',                                                                      │                                                                                   │
│ │              │   '--force',                                                                │                                                                                   │
│ │              │   '--entitlements',                                                         │                                                                                   │
│ │              │   '/Users/runner/work/normcap/normcap/macOS/app/NormCap/Entitlements.plist' │                                                                                   │
│ │              ]                                                                             │                                                                                   │
│ │     kwargs = {'stderr': -1, 'check': True}                                                 │                                                                                   │
│ │        sub = <briefcase.integrations.subprocess.Subprocess object at 0x10c1ec910>          │                                                                                   │
│ │ sub_method = <function Subprocess.run at 0x10c1948b0>                                      │                                                                                   │
│ ╰────────────────────────────────────────────────────────────────────────────────────────────╯                                                                                   │
│                                                                                                                                                                                  │
│ /Users/runner/Library/Caches/pypoetry/virtualenvs/normcap-IfoJSxBz-py3.10/lib/python3.10/site-packages/briefcase/integrations/subprocess.py:386 in run                           │
│                                                                                                                                                                                  │
│   383 │   │   # caller sets stream_output=False, then ensure_console_is_safe() will                                                                                              │
│   384 │   │   # disable any dynamic console elements while the command runs.                                                                                                     │
│   385 │   │   if stream_output:                                                                                                                                                  │
│ ❱ 386 │   │   │   return self._run_and_stream_output(args, **kwargs)                                                                                                             │
│   387 │   │                                                                                                                                                                      │
│   388 │   │   # Otherwise, invoke run() normally.                                                                                                                                │
│   389 │   │   self._log_command(args)                                                                                                                                            │
│                                                                                                                                                                                  │
│ ╭─────────────────────────────────────────── locals ────────────────────────────────────────────╮                                                                                │
│ │          args = [                                                                             │                                                                                │
│ │                 │   'codesign',                                                               │                                                                                │
│ │                 │   '/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app',       │                                                                                │
│ │                 │   '--sign',                                                                 │                                                                                │
│ │                 │   '-',                                                                      │                                                                                │
│ │                 │   '--force',                                                                │                                                                                │
│ │                 │   '--entitlements',                                                         │                                                                                │
│ │                 │   '/Users/runner/work/normcap/normcap/macOS/app/NormCap/Entitlements.plist' │                                                                                │
│ │                 ]                                                                             │                                                                                │
│ │        kwargs = {'stderr': -1, 'check': True}                                                 │                                                                                │
│ │          self = <briefcase.integrations.subprocess.Subprocess object at 0x10c1ec910>          │                                                                                │
│ │ stream_output = True                                                                          │                                                                                │
│ ╰───────────────────────────────────────────────────────────────────────────────────────────────╯                                                                                │
│                                                                                                                                                                                  │
│ /Users/runner/Library/Caches/pypoetry/virtualenvs/normcap-IfoJSxBz-py3.10/lib/python3.10/site-packages/briefcase/integrations/subprocess.py:452 in _run_and_stream_output        │
│                                                                                                                                                                                  │
│   449 │   │   self._log_return_code(return_code)                                                                                                                                 │
│   450 │   │                                                                                                                                                                      │
│   451 │   │   if check and return_code:                                                                                                                                          │
│ ❱ 452 │   │   │   raise subprocess.CalledProcessError(return_code, args, stderr=stderr)                                                                                          │
│   453 │   │                                                                                                                                                                      │
│   454 │   │   return subprocess.CompletedProcess(args, return_code, stderr=stderr)                                                                                               │
│   455                                                                                                                                                                            │
│                                                                                                                                                                                  │
│ ╭─────────────────────────────────────────────── locals ───────────────────────────────────────────────╮                                                                         │
│ │        args = [                                                                                      │                                                                         │
│ │               │   'codesign',                                                                        │                                                                         │
│ │               │   '/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app',                │                                                                         │
│ │               │   '--sign',                                                                          │                                                                         │
│ │               │   '-',                                                                               │                                                                         │
│ │               │   '--force',                                                                         │                                                                         │
│ │               │   '--entitlements',                                                                  │                                                                         │
│ │               │   '/Users/runner/work/normcap/normcap/macOS/app/NormCap/Entitlements.plist'          │                                                                         │
│ │               ]                                                                                      │                                                                         │
│ │       check = True                                                                                   │                                                                         │
│ │      kwargs = {'stderr': -1, 'stdout': -1, 'bufsize': 1}                                             │                                                                         │
│ │     process = <Popen: returncode: 1 args: ['codesign', '/Users/runner/work/normcap/normcap...>       │                                                                         │
│ │ return_code = 1                                                                                      │                                                                         │
│ │        self = <briefcase.integrations.subprocess.Subprocess object at 0x10c1ec910>                   │                                                                         │
│ │      stderr = '/Applications/Xcode_13.2.1.app/Contents/Developer/Toolchains/XcodeDefault.xctool'+388 │                                                                         │
│ ╰──────────────────────────────────────────────────────────────────────────────────────────────────────╯                                                                         │
╰──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
CalledProcessError: Command '['codesign', '/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app', '--sign', '-', '--force', '--entitlements', '/Users/runner/work/normcap/normcap/macOS/app/NormCap/Entitlements.plist']' returned non-zero exit status 1.

During handling of the above exception, another exception occurred:

╭─────────────────────────────────────────────────────────────────────── Traceback (most recent call last) ────────────────────────────────────────────────────────────────────────╮
│ /Users/runner/Library/Caches/pypoetry/virtualenvs/normcap-IfoJSxBz-py3.10/lib/python3.10/site-packages/briefcase/__main__.py:20 in main                                          │
│                                                                                                                                                                                  │
│   17 │   │   command = Command(logger=logger, console=console)                                                                                                                   │
│   18 │   │   options = command.parse_options(extra=extra_cmdline)                                                                                                                │
│   19 │   │   command.parse_config(Path.cwd() / "pyproject.toml")                                                                                                                 │
│ ❱ 20 │   │   command(**options)                                                                                                                                                  │
│   21 │   except HelpText as e:                                                                                                                                                   │
│   22 │   │   logger.info()                                                                                                                                                       │
│   23 │   │   logger.info(str(e))                                                                                                                                                 │
│                                                                                                                                                                                  │
│ ╭────────────────────────────────────────────────────────────── locals ──────────────────────────────────────────────────────────────╮                                           │
│ │       command = <briefcase.platforms.macOS.app.macOSAppBuildCommand object at 0x10ae77f40>                                         │                                           │
│ │       Command = <class 'briefcase.platforms.macOS.app.macOSAppBuildCommand'>                                                       │                                           │
│ │       console = <briefcase.console.Console object at 0x10aebc1f0>                                                                  │                                           │
│ │             e = BriefcaseCommandError('Unable to code sign /Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app.')     │                                           │
│ │ extra_cmdline = []                                                                                                                 │                                           │
│ │        logger = <briefcase.console.Log object at 0x10aa670a0>                                                                      │                                           │
│ │       options = {'update': False, 'update_requirements': False, 'update_resources': False, 'no_update': False, 'test_mode': False} │                                           │
│ │        result = 200                                                                                                                │                                           │
│ ╰────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯                                           │
│                                                                                                                                                                                  │
│ /Users/runner/Library/Caches/pypoetry/virtualenvs/normcap-IfoJSxBz-py3.10/lib/python3.10/site-packages/briefcase/commands/build.py:121 in __call__                               │
│                                                                                                                                                                                  │
│   118 │   │   else:                                                                                                                                                              │
│   119 │   │   │   state = None                                                                                                                                                   │
│   120 │   │   │   for app_name, app in sorted(self.apps.items()):                                                                                                                │
│ ❱ 121 │   │   │   │   state = self._build_app(                                                                                                                                   │
│   122 │   │   │   │   │   app,                                                                                                                                                   │
│   123 │   │   │   │   │   update=update,                                                                                                                                         │
│   124 │   │   │   │   │   update_requirements=update_requirements,                                                                                                               │
│                                                                                                                                                                                  │
│ ╭───────────────────────────────────────────── locals ─────────────────────────────────────────────╮                                                                             │
│ │                 app = <eu.dynobo.normcap v0.4.0 AppConfig>                                       │                                                                             │
│ │            app_name = 'normcap'                                                                  │                                                                             │
│ │           no_update = False                                                                      │                                                                             │
│ │             options = {}                                                                         │                                                                             │
│ │                self = <briefcase.platforms.macOS.app.macOSAppBuildCommand object at 0x10ae77f40> │                                                                             │
│ │               state = None                                                                       │                                                                             │
│ │           test_mode = False                                                                      │                                                                             │
│ │              update = False                                                                      │                                                                             │
│ │ update_requirements = False                                                                      │                                                                             │
│ │    update_resources = False                                                                      │                                                                             │
│ ╰──────────────────────────────────────────────────────────────────────────────────────────────────╯                                                                             │
│                                                                                                                                                                                  │
│ /Users/runner/Library/Caches/pypoetry/virtualenvs/normcap-IfoJSxBz-py3.10/lib/python3.10/site-packages/briefcase/commands/build.py:70 in _build_app                              │
│                                                                                                                                                                                  │
│    67 │   │                                                                                                                                                                      │
│    68 │   │   self.verify_app_tools(app)                                                                                                                                         │
│    69 │   │                                                                                                                                                                      │
│ ❱  70 │   │   state = self.build_app(app, test_mode=test_mode, **full_options(state, options))                                                                                   │
│    71 │   │                                                                                                                                                                      │
│    72 │   │   qualifier = " (test mode)" if test_mode else ""                                                                                                                    │
│    73 │   │   self.logger.info(                                                                                                                                                  │
│                                                                                                                                                                                  │
│ ╭───────────────────────────────────────────── locals ─────────────────────────────────────────────╮                                                                             │
│ │                 app = <eu.dynobo.normcap v0.4.0 AppConfig>                                       │                                                                             │
│ │           no_update = False                                                                      │                                                                             │
│ │             options = {}                                                                         │                                                                             │
│ │                self = <briefcase.platforms.macOS.app.macOSAppBuildCommand object at 0x10ae77f40> │                                                                             │
│ │               state = None                                                                       │                                                                             │
│ │         target_file = PosixPath('/Users/runner/work/normcap/normcap/macOS/app/NormCap')          │                                                                             │
│ │           test_mode = False                                                                      │                                                                             │
│ │              update = False                                                                      │                                                                             │
│ │ update_requirements = False                                                                      │                                                                             │
│ │    update_resources = False                                                                      │                                                                             │
│ ╰──────────────────────────────────────────────────────────────────────────────────────────────────╯                                                                             │
│                                                                                                                                                                                  │
│ /Users/runner/Library/Caches/pypoetry/virtualenvs/normcap-IfoJSxBz-py3.10/lib/python3.10/site-packages/briefcase/platforms/macOS/app.py:60 in build_app                          │
│                                                                                                                                                                                  │
│   57 │   │   # adhoc signing identity. Apply an adhoc signing identity to the                                                                                                    │
│   58 │   │   # app bundle.                                                                                                                                                       │
│   59 │   │   self.logger.info("Adhoc signing app...", prefix=app.app_name)                                                                                                       │
│ ❱ 60 │   │   self.sign_app(app=app, identity="-")                                                                                                                                │
│   61                                                                                                                                                                             │
│   62                                                                                                                                                                             │
│   63 class macOSAppRunCommand(macOSRunMixin, macOSAppMixin, RunCommand):                                                                                                         │
│                                                                                                                                                                                  │
│ ╭────────────────────────────────────── locals ───────────────────────────────────────╮                                                                                          │
│ │    app = <eu.dynobo.normcap v0.4.0 AppConfig>                                       │                                                                                          │
│ │ kwargs = {'test_mode': False}                                                       │                                                                                          │
│ │   self = <briefcase.platforms.macOS.app.macOSAppBuildCommand object at 0x10ae77f40> │                                                                                          │
│ ╰─────────────────────────────────────────────────────────────────────────────────────╯                                                                                          │
│                                                                                                                                                                                  │
│ /Users/runner/Library/Caches/pypoetry/virtualenvs/normcap-IfoJSxBz-py3.10/lib/python3.10/site-packages/briefcase/platforms/macOS/__init__.py:353 in sign_app                     │
│                                                                                                                                                                                  │
│   350 │   │   task_id = progress_bar.add_task("Signing App", total=len(sign_targets))                                                                                            │
│   351 │   │   with progress_bar:                                                                                                                                                 │
│   352 │   │   │   for path in sorted(sign_targets, reverse=True):                                                                                                                │
│ ❱ 353 │   │   │   │   self.sign_file(                                                                                                                                            │
│   354 │   │   │   │   │   path,                                                                                                                                                  │
│   355 │   │   │   │   │   entitlements=self.entitlements_path(app),                                                                                                              │
│   356 │   │   │   │   │   identity=identity,                                                                                                                                     │
│                                                                                                                                                                                  │
│ ╭────────────────────────────────────────────────────────────────────── locals ──────────────────────────────────────────────────────────────────────╮                           │
│ │             app = <eu.dynobo.normcap v0.4.0 AppConfig>                                                                                             │                           │
│ │     bundle_path = PosixPath('/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app')                                                    │                           │
│ │          folder = PosixPath('/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app/Contents/Frameworks')                                │                           │
│ │ frameworks_path = PosixPath('/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app/Contents/Frameworks')                                │                           │
│ │        identity = '-'                                                                                                                              │                           │
│ │            path = PosixPath('/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app')                                                    │                           │
│ │    progress_bar = <rich.progress.Progress object at 0x10abeb700>                                                                                   │                           │
│ │  resources_path = PosixPath('/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app/Contents/Resources')                                 │                           │
│ │            self = <briefcase.platforms.macOS.app.macOSAppBuildCommand object at 0x10ae77f40>                                                       │                           │
│ │    sign_targets = [                                                                                                                                │                           │
│ │                   │   PosixPath('/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app/Contents/Resources/bin/liblept.5.dylib'),        │                           │
│ │                   │   PosixPath('/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app/Contents/Resources/bin/libpng16.16.dylib'),      │                           │
│ │                   │   PosixPath('/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app/Contents/Resources/bin/tesseract'),              │                           │
│ │                   │   PosixPath('/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app/Contents/Resources/bin/libsharpyuv.0.dylib'),    │                           │
│ │                   │   PosixPath('/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app/Contents/Resources/bin/libgif.7.2.0.dylib'),     │                           │
│ │                   │   PosixPath('/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app/Contents/Resources/bin/libwebp.7.dylib'),        │                           │
│ │                   │   PosixPath('/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app/Contents/Resources/bin/libzstd.1.5.2.dylib'),    │                           │
│ │                   │   PosixPath('/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app/Contents/Resources/bin/libtesseract.5.dylib'),   │                           │
│ │                   │   PosixPath('/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app/Contents/Resources/bin/libwebpmux.3.dylib'),     │                           │
│ │                   │   PosixPath('/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app/Contents/Resources/bin/libopenjp2.2.5.0.dylib'), │                           │
│ │                   │   ... +190                                                                                                                     │                           │
│ │                   ]                                                                                                                                │                           │
│ │         task_id = 0                                                                                                                                │                           │
│ ╰────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯                           │
│                                                                                                                                                                                  │
│ /Users/runner/Library/Caches/pypoetry/virtualenvs/normcap-IfoJSxBz-py3.10/lib/python3.10/site-packages/briefcase/platforms/macOS/__init__.py:316 in sign_file                    │
│                                                                                                                                                                                  │
│   313 │   │   │   │   self.logger.info("... no signature required")                                                                                                              │
│   314 │   │   │   │   return                                                                                                                                                     │
│   315 │   │   │   else:                                                                                                                                                          │
│ ❱ 316 │   │   │   │   raise BriefcaseCommandError(f"Unable to code sign {path}.")                                                                                                │
│   317 │                                                                                                                                                                          │
│   318 │   def sign_app(self, app, identity):                                                                                                                                     │
│   319 │   │   """Sign an entire app with a specific identity.                                                                                                                    │
│                                                                                                                                                                                  │
│ ╭───────────────────────────────────────────────── locals ─────────────────────────────────────────────────╮                                                                     │
│ │    entitlements = PosixPath('/Users/runner/work/normcap/normcap/macOS/app/NormCap/Entitlements.plist')   │                                                                     │
│ │          errors = '/Applications/Xcode_13.2.1.app/Contents/Developer/Toolchains/XcodeDefault.xctool'+388 │                                                                     │
│ │        identity = '-'                                                                                    │                                                                     │
│ │         options = None                                                                                   │                                                                     │
│ │            path = PosixPath('/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app')          │                                                                     │
│ │ process_command = [                                                                                      │                                                                     │
│ │                   │   'codesign',                                                                        │                                                                     │
│ │                   │   '/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app',                │                                                                     │
│ │                   │   '--sign',                                                                          │                                                                     │
│ │                   │   '-',                                                                               │                                                                     │
│ │                   │   '--force',                                                                         │                                                                     │
│ │                   │   '--entitlements',                                                                  │                                                                     │
│ │                   │   '/Users/runner/work/normcap/normcap/macOS/app/NormCap/Entitlements.plist'          │                                                                     │
│ │                   ]                                                                                      │                                                                     │
│ │            self = <briefcase.platforms.macOS.app.macOSAppBuildCommand object at 0x10ae77f40>             │                                                                     │
│ ╰──────────────────────────────────────────────────────────────────────────────────────────────────────────╯                                                                     │
╰──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
BriefcaseCommandError: Unable to code sign /Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app.

Additional context

pyproject.toml: https://github.com/dynobo/normcap/blob/feature/update-briefcase/pyproject.toml failed gh-action job: https://github.com/dynobo/normcap/actions/runs/4091457773/jobs/7055548947 full logs: https://github.com/dynobo/normcap/commit/dd5dd080f5ac85118d0d9c2f8c06e3d95bc9d998/checks/11108274751/logs

EDIT: The exact same script works locally, in a VM with macOS Monterey. So it seems to be related to GHs action runner setup.

dynobo commented 1 year ago

Seems like it is a macOS Big Sur issue. I switched to macOS-12 runner and the build went through.

Any downsides of using macOS 12 over macOS 11? Will the app more likely crash, when being installed on an older system now?

freakboy3742 commented 1 year ago

Quite the opposite - macOS 12 is preferred. The general Apple philosophy appears to be that developers will always be on the latest macOS and Xcode, and tools on that platform (such as the signing tools) will produce backwards-compatible artefacts; the same tools aren't always updated on "older" platforms.

I've seen versions of this problem myself; it is for this reason that we use macOS-12 for Briefcase's own CI. I've never been able to get a good explanation of the failure, though; all you get is a nebulous "unable to code sign", and an error code of 1 (which means... unable to code sign).

One suggestion I've seen is that the issue may be with extended attributes on files; running:

xattr -rc macOS/app/YourApp/YourApp.app

to remove the attributes before signing may address the issue (it might be interesting to run xattr -r first to see what the extended attributes are...).

dynobo commented 1 year ago

@freakboy3742 , thanks a lot for your detailed explanation, it was really helpful. I printed the xattr like you suggested, but TBH I don't really understand the output (see below). I tried clearing the attributes before the signing, but that didn't change the outcome. I also noticed that the xattr output only contains Qt tools bundled in PySide (Designer, Assistant, Linguist), which I anyway don't want to have in my bundle, so I removed them via Briefcase's new cleanup_paths feature (:+1:), but that also didn't change the error.

But since you explained that building on a newer macOS version is actually the preferred way, I'm totally fine with just avoiding the error by building on the macOS 12 runner.

Again, thanks for your efforts and your awesome work!! :slightly_smiling_face:

$ xattr -r /Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app
/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app/Contents/Resources/app_packages/PySide6/Assistant.app/Contents/MacOS/Assistant.dSYM/Contents/Resources/DWARF/Assistant: com.apple.cs.CodeDirectory
/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app/Contents/Resources/app_packages/PySide6/Assistant.app/Contents/MacOS/Assistant.dSYM/Contents/Resources/DWARF/Assistant: com.apple.cs.CodeEntitlements
/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app/Contents/Resources/app_packages/PySide6/Assistant.app/Contents/MacOS/Assistant.dSYM/Contents/Resources/DWARF/Assistant: com.apple.cs.CodeRequirements
/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app/Contents/Resources/app_packages/PySide6/Assistant.app/Contents/MacOS/Assistant.dSYM/Contents/Resources/DWARF/Assistant: com.apple.cs.CodeRequirements-1
/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app/Contents/Resources/app_packages/PySide6/Assistant.app/Contents/MacOS/Assistant.dSYM/Contents/Resources/DWARF/Assistant: com.apple.cs.CodeSignature
/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app/Contents/Resources/app_packages/PySide6/Designer.app/Contents/MacOS/Designer.dSYM/Contents/Resources/DWARF/Designer: com.apple.cs.CodeDirectory
/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app/Contents/Resources/app_packages/PySide6/Designer.app/Contents/MacOS/Designer.dSYM/Contents/Resources/DWARF/Designer: com.apple.cs.CodeEntitlements
/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app/Contents/Resources/app_packages/PySide6/Designer.app/Contents/MacOS/Designer.dSYM/Contents/Resources/DWARF/Designer: com.apple.cs.CodeRequirements
/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app/Contents/Resources/app_packages/PySide6/Designer.app/Contents/MacOS/Designer.dSYM/Contents/Resources/DWARF/Designer: com.apple.cs.CodeRequirements-1
/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app/Contents/Resources/app_packages/PySide6/Designer.app/Contents/MacOS/Designer.dSYM/Contents/Resources/DWARF/Designer: com.apple.cs.CodeSignature
/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app/Contents/Resources/app_packages/PySide6/Linguist.app/Contents/MacOS/Linguist.dSYM/Contents/Resources/DWARF/Linguist: com.apple.cs.CodeDirectory
/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app/Contents/Resources/app_packages/PySide6/Linguist.app/Contents/MacOS/Linguist.dSYM/Contents/Resources/DWARF/Linguist: com.apple.cs.CodeEntitlements
/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app/Contents/Resources/app_packages/PySide6/Linguist.app/Contents/MacOS/Linguist.dSYM/Contents/Resources/DWARF/Linguist: com.apple.cs.CodeRequirements
/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app/Contents/Resources/app_packages/PySide6/Linguist.app/Contents/MacOS/Linguist.dSYM/Contents/Resources/DWARF/Linguist: com.apple.cs.CodeRequirements-1
/Users/runner/work/normcap/normcap/macOS/app/NormCap/NormCap.app/Contents/Resources/app_packages/PySide6/Linguist.app/Contents/MacOS/Linguist.dSYM/Contents/Resources/DWARF/Linguist: com.apple.cs.CodeSignature