Question: electron-packager versus pty.node native modules

[starpit]

Hello,

We are using electron-packager to assist with signing and notarizing. Our app includes a few native modules, including pty.node (from https://www.npmjs.com/package/node-pty).

We notice that electron-packager intentionally scrubs the binaries array we pass in [1]. As a result, pty.node is not signed, and thus macOS refuses to load it, for quarantined apps.

What is the suggested strategy here? Do we have to avoid using electron-packager's sign+notarize capability, and instead use those two facilities manually?

---

[1] https://github.com/electron/electron-packager/pull/459 To be honest, I don't understand the reasoning behind this; e.g.

I guess we could ignore opts.binaries because electron-osx-sign should discover this files by default. However, if anyone really encounters such issue where binaries are not addressed automatically, they could file it under electron-osx-sign... We should be able to resolve it then.

Does this mean that electron-osx-sign needs to be updated to scan for .node binaries in all of node_modules? And, what, sign all of them? It seems awfully simpler to let me specify the binary node modules I need to be signed... but for some reason electron-packager does not let me do this.

[starpit]

Ah, this is probably due to (incorrectly) not placing assets that need to be signed in asar.unpacked.