CodeSigned App from template will not open if `hardenedRuntime: true`

DevonPeroutky commented 3 years ago

Preflight Checklist

[x] I have read the contribution documentation for this project.
[x] I agree to follow the code of conduct that this project follows, as appropriate.
[x] I have searched the issue tracker for a bug that matches the one I want to file, without success.

Issue Details

Electron Forge Version: 6.0.0-beta.53
Electron Version: v11.2.3
Operating System: mac 10.15.7
Last Known Working Electron Forge version:: Unknown

Expected Behavior

After creating a new project using yarn create electron-app my-new-app --template=typescript-webpack and running yarn make with the following osxSign config:

    packagerConfig: {
        "osxSign": {
            identity: process.env.APPLE_DEVELOPER_IDENTITY,
            hardenedRuntime: true,
            'gatekeeper-assess': false,
            entitlements: './entitlements.mac.plist',
            entitlements-inherits: './entitlements.mac.plist',
            'signature-flags': 'library'
        },
        packageManager: 'yarn'
    },

the app will open up and start successfully.

The contents of my entitlements.mac.plist is the following (but I have experimented with a lot of different entitlements):

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.cs.allow-jit</key>
    <true/>
    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
    <true/>
    <key>com.apple.security.cs.allow-dyld-environment-variables</key>
    <true/>
    <key>com.apple.security.files.user-selected.read-only</key>
    <true/>
  </dict>
</plist>

Actual Behavior

If I open up the app it will just hang on a blank white screen. The app will run successfully with hardenedRuntime: false

To Reproduce

yarn create electron-app my-new-app --template=typescript-webpack

Set the packagerConfig in package.json to be the following:

"packagerConfig": {
    "osxSign": {
      "identity": "Developer ID Application: {COMPANY_NAME} ({DEVELOPER_ID})",
      "hardened-runtime": true,
      "gatekeeper-assess": false,
      "entitlements": "./entitlements.mac.plist",
      "entitlements-inherits": "./entitlements.mac.plist"
    }
  },

./entitlements.mac.plist should be

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
<true/>
<key>com.apple.security.files.user-selected.read-only</key>
<true/>
</dict>
</plist>

yarn make
Open up the app

malept commented 3 years ago

Duplicate of https://github.com/electron/electron-packager/issues/1221

richmengsix commented 5 months ago

Hitting the same issue..

richmengsix commented 5 months ago

Solved this by using 6.0.0-beta.68 Electron Forge version

electron / forge