Open jhh-ncurity opened 2 days ago
Code=1 "Operation not permitted" UserInfo={NSLocalizedDescription=Launchd job spawn failed}
Looks like your app is trying to do something that it doesn't have Entitlements for? That and/or the provisioning profile could be misconfigured.
I believe that provisioning profile is for development purpose only, isn't it? I don't have any explicit settings for the profile. Here is what I did:
electron-builder
's internal process doesn't recognize my env var properly so I disabled its process by setting notarize: false
, then I notarized my app using old-fashioned afterSign
hook.
scripts/notarize.cjs
const { notarize } = require("@electron/notarize")
const path = require("node:path")
module.exports = async (context) => {
if (process.platform !== 'darwin') {
return;
}
await notarize({
appPath: path.join(context.appOutDir, `${context.packager.appInfo.productFilename}.app`),
appleId: "XXX",
appleIdPassword: "XXX",
teamId: "XXX"
})
console.log(`(scripts/notarize.cjs) Notarization complete.`)
};
(credentials are hard-coded only for test purpose, did not upload to any repository)
Did I miss something here?
here is my electron-builder's setting. (json5)
// @see - https://www.electron.build/configuration/configuration
{
"$schema": "https://raw.githubusercontent.com/electron-userland/electron-builder/master/packages/app-builder-lib/scheme.json",
"appId": "...",
"asar": true,
"directories": {
"output": "release/${version}"
},
"files": [
"dist",
"dist-electron"
],
"mac": {
"target": { "target": "default", "arch": "x64" },
"artifactName": "${productName}-${version}-Installer.${ext}",
"notarize": false
},
"afterSign": "scripts/notarize.cjs",
"win": {
"requestedExecutionLevel": "requireAdministrator",
"target": { "target": "nsis", "arch": "x64" },
"artifactName": "${productName}-${version}-Setup.${ext}",
"certificateSubjectName": "..."
},
"nsis": {
"oneClick": false,
"perMachine": true,
"allowToChangeInstallationDirectory": false,
"deleteAppDataOnUninstall": false
},
"extraResources": ["vpn", "!vpn/*.ovpn"],
"protocols": { "name": "SSO Redirect", "schemes": [ "..." ] },
"publish": { "provider": "generic", "url": "http://localhost:8443/downloads/", "timeout": 30000 }
}
I believe in recent electron-builder
, necessary settings such as, hardenedRuntime
etc... are set by default.
And here is my entitlements:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-jit</key>
<true/>
</dict>
</plist>
fyi, my app is custom openvpn GUI app. Is there anything weird in my settings that I can dig into?
Not sure what the name of your entitlements file is, so I felt it worth mentioning. If the entitlements file isn't located in your build resources (expecting <build resources dir>/entitlements.mac.plist
), then it isn't automatically being used by electron-builder. You can configure the path manually via: https://www.electron.build/mac#entitlements
I had to add specific node_modules to my asarUnpack for my app to work as it couldn't find the node_modules: https://github.com/electron-userland/electron-builder/issues/6200#issuecomment-907830847
For me specifically it was:
asarUnpack:
- "**/node_modules/sharp/**"
- "**/node_modules/semver/functions/coerce/**"
- "**/node_modules/yargs/helpers/**"
Electron Version: 32.1.2 Electron-Builder Version: 25.0.5 Node Version: 22.1.0
...ok, upon further inspection, my "postinstall": "electron-builder install-app-deps",
in the package.json was failing the rebuild, I fixed it by downgrading to the matching Node version for Electron 32.1.2 (https://www.electronjs.org/blog/electron-32-0) which is Node 20.16.0... after fixing it, I didn't have to specifically specify node_modules for asarUnpack 🥇
Sorry, false alarm; it works with electron-builder 24.13.3
Does anyone has same phenomenon, where all builds succeeds but then, can't be opened on other macOS?
It is code-signed, and notarized successfully... (
spctl
command result captured)When I run it on terminal using
open
command, I get following error: