MAS build Invalid Code Signing. The executable must be signed with the certificate that is contained in the provisioning profile

[MartinBarker]

• Electron-Builder Version: 24.12.0
• Electron-Builder-notarize Version: 1.5.1
• Node Version: v15.14.0
• Electron Version: 11.3.0
• Electron-updater version: ^4.3.5

• Target: Mac Apple Store (mas)

Hello, I am trying to build and sign a new version of my electron app for the mac apple store (mas), but when I get to the final step of uploading the RenderTune.pkg file to the mac transporter app, I get a failed status with 22 errors all the same formatting like so:

Asset validation failed (90284)
Invalid Code Signing. The executable 'com.martinbarker.digifyunique.pkg/Payload/RenderTune.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/etc....dylib' must be signed with the certificate that is contained in the provisioning profile. (ID: abc-abc-abc-abc-abc)

In order to build and sign this RenderTune.pkg file, first I run the command npm run build-mas locally while on branch v1.1.5 ( code here )

Which runs the following command:

"build-mas": "electron-builder build --mac && sh signmasscript.sh",

So first it runs electron-builder build --mac and gives this output:

Martins-MacBook-Air:rendertune-v1.1.5-feb-24 martinbarker$ npm run build-mas

> rendertune@1.1.5 build-mas
> electron-builder build --mac && sh signmasscript.sh

  • electron-builder  version=24.12.0 os=20.6.0
  • loaded configuration  file=package.json ("build" field)
  • writing effective config  file=dist/builder-effective-config.yaml
  • packaging       platform=darwin arch=x64 electron=11.3.0 appOutDir=dist/mac
  • signing         file=dist/mac/RenderTune.app platform=darwin type=distribution identity=ACBACBACBACBACBACBACBACBACB provisioningProfile=none
  • skipped macOS notarization  reason=`notarize` options were not provided
  • building        target=DMG arch=x64 file=dist/RenderTune-mac.dmg
  • building        target=macOS zip arch=x64 file=dist/RenderTune-mac.zip
  • building block map  blockMapFile=dist/RenderTune-mac.dmg.blockmap
  • building block map  blockMapFile=dist/RenderTune-mac.zip.blockmap

Completes without issue. The next part is running the signmasscript.sh file, which does complete but gives these errors:

Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
productbuild: Adding component at /Users/martinbarker/Documents/projects/rendertune-v1.1.5-feb-24/dist/mas/RenderTune.app
productbuild: Signing product with identity "3rd Party Mac Developer Installer: Martin Barker (LV6WXG529F)" from keychain /Users/martinbarker/Library/Keychains/login.keychain-db
productbuild: Adding certificate "Apple Worldwide Developer Relations Certification Authority"
productbuild: Adding certificate "Apple Root CA"
productbuild: Wrote product to /Users/martinbarker/Documents/projects/rendertune-v1.1.5-feb-24/RenderTune.pkg
productbuild: Supported OS versions: [10.10.0, )

The final output RenderTune.pkg file gives 22 error messages saying `` when I try to deliver it via the mac os transport app.

Asset validation failed (90284)
Invalid Code Signing. The executable must be signed with the certificate that is contained in the provisioning profile

Is my app even being signed correctly? Or is there just one file that I need to fix? Please help me out !

[mmaietta]

Are you able to reproduce this on earlier versions of electron-builder? This line confuses me in particular as I don't recognize that error from anything before

Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1

[MartinBarker]

Are you able to reproduce this on earlier versions of electron-builder? This line confuses me in particular as I don't recognize that error from anything before

Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1

I was getting this same error / log output using electron-builder "electron-builder": "^22.10.5",. I updated to the most recent version in hopes it would fix it but no luck.

The important error text I think is:

Asset validation failed (90284) Invalid Code Signing. The executable must be signed with the certificate that is contained in the provisioning profile. (ID: abc-abc-abc-abc-abc)

Plus line 1 of all the entitlements xml files are valid xml such as this:

<?xml version="1.0" encoding="UTF-8"?>

[mmaietta]

Hmmm if that's the case, then I doubt this is a widespread issue with electron-builder. Can you try re-exporting your certificate and provisioning profile via Xcode?

[MartinBarker]

I've been trying to re-export my provisioning profile with xcode but don't think I've done it successfully just yet. First attempt I tried was by doing these steps:

• Open Xcode -> preferences -> download manual profiles
• Cd ~/Library/MobileDevices/
• Five files with filenames with long ID's and '.provisionprofile' are there, such as asdasdasd-asdasd-adasd-adasdasd-adsadasdasd.provisionprofile
• Copied one of these files, renamed as embedded.provisionprofile, dropped into my project, reran npm run build-mas
• Uploaded to transporter, got same errors

Is there a different way to export my provisioning profile with Xcode? The other method I found ( see 3. in below image ) I have not gotten working yet, but seems promising, going to keep torubleshooting this xcode page a little more

[idoodler]

It appears as if notarization is not skipped anymore. The notarize flag is also ignored when setting it to false.

[mmaietta]

@idoodler please open a separate issue for that and tag me in it, ill investigate it this week

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.

[github-actions[bot]]

This issue was closed because it has been stalled for 30 days with no activity.