search

electron / notarize

Notarize your macOS Electron Apps
MIT License
138 stars 33 forks source link

Error: Failed to staple your application with code: 66. Cannot download ticket. CDHash must be set. #138

Closed bihellzin closed 1 year ago

bihellzin commented 1 year ago

I'm facing the error below when building and signing the application. 

$ electron-forge make
✔ Checking your system
✔ Loading configuration
✔ Resolving make targets
  › Making for the following targets: zip, dmg, pkg
❯ Running package command
  ✔ Preparing to package application
✔ Loading configuration
✔ Resolving make targets
  › Making for the following targets: zip, dmg, pkg
❯ Running package command
  ✔ Preparing to package application
  ✔ Running packaging hooks
    ✔ Running generateAssets hook
    ✔ Running prePackage hook
      ✔ [plugin-webpack] Preparing native dependencies
      ✔ [plugin-webpack] Building webpack bundles
  ❯ Packaging application
    ❯ Packaging for x64 on darwin
      ✔ Copying files
      ✔ Preparing native dependencies [0.3s]
      ✖ Finalizing package
        › Failed to staple your application with code: 66
          Processing: /private/var/folders/64/73k0p2zd5nl8_mybklz01k640000gp/T/electron-packager/darwin-x64/Project/Project.app
          Properties are {
          NSURLIsDirectoryKey = 1;
          NSURLIsPackageKey = 1;
          NSURLIsSymbolicLinkKey = 0;
          NSURLLocalizedTypeDescriptionKey = Application;
          NSURLTypeIdentifierKey = "com.apple.application-bundle";
          "_NSURLIsApplicationKey" = 1;
          }
          Props are {
          }
          Cannot download ticket. CDHash must be set.
  ◼ Running postPackage hook
◼ Running preMake hook
◼ Making distributables
◼ Running postMake hook

An unhandled rejection has occurred inside Forge:
Error: Failed to staple your application with code: 66

Processing: /private/var/folders/64/73k0p2zd5nl8_mybklz01k640000gp/T/electron-packager/darwin-x64/Project/Project.app
Properties are {
    NSURLIsDirectoryKey = 1;
    NSURLIsPackageKey = 1;
    NSURLIsSymbolicLinkKey = 0;
    NSURLLocalizedTypeDescriptionKey = Application;
    NSURLTypeIdentifierKey = "com.apple.application-bundle";
    "_NSURLIsApplicationKey" = 1;
}
Props are {
}
Cannot download ticket. CDHash must be set.
at Object.<anonymous> (/project_path/node_modules/@electron/notarize/lib/staple.js:22:19)
    at Generator.next (<anonymous>)
    at fulfilled (/project_path/node_modules/@electron/notarize/lib/staple.js:4:58)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.

My packagerConfig value in forge.config.js looks like this. 

packagerConfig: {
  ...,
  osxSign: {
      "identity": "Developer ID Application: Name Name (code)"
    },
    osxNotarize: {
      tool: 'notarytool',
      appleId: process.env.APPLE_ID,
      appleIdPassword: process.env.APPLE_PASSWORD,
      teamId: process.env.APPLE_TEAM_ID,
    },
  ...
}

It looks like there's nothing missing from the configuration, my guess is that it could be related to certification/provisioning profile.

wdzierson commented 1 year ago

I ran in to this issue as well and it turned out that I wasn't correctly specifying my certificate. You may want to try running

security find-identity -p codesigning -v

to see which certificates you have installed on your development machine, and if there's more than one, be sure you're providing the details for the correct identity.

If that's all looking fine, you may want to check to see if you've specified your entitlements. That would look something like

     osxSign: {
      identity: "Developer ID Application: xxx (xxx)",
      hardenedRuntime : true,
      gatekeeperAssess: false,
      entitlements: "build/entitlements.mac.plist",
      entitlementsInherit: "build/entitlements.mac.plist",
    },

and your entitlements.mac.plist file at minimum will probably contain something like

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
    <true/>
    <key>com.apple.security.cs.allow-jit</key>
    <true/>
  </dict>
</plist>

Some additional helpful resources: https://til.simonwillison.net/electron/sign-notarize-electron-macos https://kilianvalkhof.com/2019/electron/notarizing-your-electron-application/

bihellzin commented 1 year ago

The issue was really related to the certificates, not the notarize itself. I'm closing the issue.

tinhnvc-gadget commented 1 year ago

@bihellzin hi, I ran the security find-identity -p codesigning -v command, my certificate does not appear in the list, but when opening Keychain Access it is in Login/Certificate. In My Certificate it is not there, is the reason here?

hysasuke commented 11 months ago

The issue was really related to the certificates, not the notarize itself. I'm closing the issue.

Hi, I'm facing the same issue. Have you found the solution? Thanks!