Hard Crashes During Notarization Step

Bug-Reaper commented 2 months ago

Pre-flight checklist

[X] I have read the contribution documentation for this project.
[X] I agree to follow the code of conduct that this project uses.
[X] I have searched the issue tracker for a bug that matches the one I want to file, without success.

Electron Forge version

7.4.0

Electron version

29.X

Operating system

Ventura 13.5

Last known working Electron Forge version

N/A

Expected behavior

App Gets Notarized

Actual behavior

Hard crashes on a notary step:

An unhandled rejection has occurred inside Forge:
Error: Failed to notarize via notarytool.  Failed with unexpected result: 

Error: SoundSafari.zip must be a zip archive (.zip), flat installer package (.pkg), or UDIF disk image (.dmg)
Usage: notarytool <subcommand>
  See 'notarytool --help' for more information.
at /Users/llama/Sorcery/releaseday/soundsafari/node_modules/@electron/notarize/lib/notarytool.js:120:23
    at Generator.next (<anonymous>)
    at fulfilled (/Users/llama/Sorcery/releaseday/soundsafari/node_modules/@electron/notarize/lib/notarytool.js:28:58)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)

Steps to reproduce

This is the forge.config.js I was using, it's practically vanilla.

const { FusesPlugin } = require('@electron-forge/plugin-fuses');
const { FuseV1Options, FuseVersion } = require('@electron/fuses');

module.exports = {
  packagerConfig: {
    name: 'SoundSafari',
    buildVersion:"0.0.1",
    icon:"./build/SoundSafari",
    osxSign: {},
    osxNotarize:{
      tool: 'notarytool',
      keychainProfile: '**************i' 
    },
    asar: true,
    dir:"./",
    appCategoryType: 'public.app-category.developer-tools',
    appBundleId:"SoundSafari",
    appCategoryType:"public.app-category.music",
    overwrite:"true",
    junk:"true",
  },
  rebuildConfig: {},
  makers: [
    {
      name: '@electron-forge/maker-squirrel',
      config: {
        setupIcon:"./build/SoundSafari.icn"
      },
    },
    {
      name: '@electron-forge/maker-dmg',
      config: {
        background: './build/SoundSafariDmg.png'
      }
    },
    {
      name: '@electron-forge/maker-deb',
      config: {},
    },
    {
      name: '@electron-forge/maker-rpm',
      config: {},
    },
  ],
  plugins: [
    {
      name: '@electron-forge/plugin-auto-unpack-natives',
      config: {},
    },
    // Fuses are used to enable/disable various Electron functionality
    // at package time, before code signing the application
    new FusesPlugin({
      version: FuseVersion.V1,
      [FuseV1Options.RunAsNode]: false,
      [FuseV1Options.EnableCookieEncryption]: true,
      [FuseV1Options.EnableNodeOptionsEnvironmentVariable]: false,
      [FuseV1Options.EnableNodeCliInspectArguments]: false,
      [FuseV1Options.EnableEmbeddedAsarIntegrityValidation]: true,
      [FuseV1Options.OnlyLoadAppFromAsar]: true,
    }),
  ],
};

Personal Debug Notes

I'm doing this on an M1 Macbook Pro using electron-forge make.

✅ Problem still occurs if I target ZIP Instead of DMG.
✅ Problem still occurs if I run as sudo.
✅ Builds fine as DMG or ZIP if I remove osxNotarize:{} from config.

Doesn't appear to be a malformed path -- I forced a thrown error from @electron/notarize/lib/notarytool.js to get the array used to execute the notarytool command and the result is below.

An unhandled rejection has occurred inside Forge:
Error: notarytool,submit,/var/folders/lx/3zfzg6xd4_l1lzqbl04kb22h0000gn/T/electron-notarize-8Nl1Ck/SoundSafari.zip,--keychain-profile,***********,--wait,--output-format,json
at /Users/llama/Sorcery/releaseday/soundsafari/node_modules/@electron/notarize/lib/notarytool.js:112:19
    at Generator.next (<anonymous>)
    at fulfilled (/Users/llama/Sorcery/releaseday/soundsafari/node_modules/@electron/notarize/lib/notarytool.js:28:58)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)

Conclusion

My best guess at this point is the forge is trying to send it for notarization before it's fully copied into tmp storage or is otherwise causing the file to be malformed. It is a rather beefy app (~4Gib). Happy to assist if I have time w/a PR to fix.

Bug-Reaper commented 2 months ago

I was able to notarize my DMG/App manually via notarytool which confirms this appears to be a forge error.

erickzhao commented 2 months ago

Hi @Bug-Reaper, thanks for the confirmation! I found an Apple Developer Forum thread that seems to point out that this might be a problem with the size of the app and how we compress it in @electron/notarize with ditto:

https://github.com/electron/notarize/blob/a38ba021b47385542cb2b1fadbf6484552761754/src/notarytool.ts#L61

According to a second Apple Developer Forum thread, there are a few workarounds listed (including moving off of ditto), but the official solution seems to be to upgrade to XCode 15.

Do you know what XCode version you're running?

erickzhao commented 2 months ago

Also moved this issue into the correct upstream repo :)

Bug-Reaper commented 2 months ago

Hey @erickzhao thanks for moving me around.

Just to clarify I don't think the size of my DMG was an issue. More-so that electron-forge tried to notarize it from a tmp folder before it was finished copying or something like that (thus we get the malformed zip file error)?

When I built the DMG w/no notarization via forge it built fine and I was able to manually notarize via xcrun notary-tool no issue. Something appears awry with the automatic notary action built into forge.

Again this doesn't appear to be apple-tools failing but :

Xcode 14.1
Build version 14B47b

electron / notarize