search

electron / osx-sign

Codesign Electron macOS apps
BSD 2-Clause "Simplified" License
565 stars 96 forks source link

[TestFlight] MAS Build not available for Testing #251

Closed idoodler closed 2 years ago

idoodler commented 2 years ago

Apple Released TestFlight for macOS. But somehow our macOS builds are not available for testing in AppStoreConnect.

As stated in the "Meet TestFlight on Mac" WWDC Session Native mac Apps require a provisioning profile to be embedded, but as we don't use automatic code signing by xcode but rather electron-builder we have to supply the provisioning profile our selfs.

I don't quite understand what provisioning profile is required and where to get it?

Does anyone have informations on how to archive this?

I am planing on utilizing fastlane, thus I also created an issue here: https://github.com/fastlane/fastlane/pull/19296

MarshallOfSound commented 2 years ago

You make provisioning profiles in the Apple Developer Center --> https://developer.apple.com/membercenter

MarshallOfSound commented 2 years ago

You make provisioning profiles in the Apple Developer Center --> https://developer.apple.com/membercenter

spChief commented 2 years ago

I create new provision profile yesterday and upload several builds to appstore, all of them has "Not available for testing" status. But I can send it to review and release. Building pkg with command: electron-builder --mac=mas -c.mac.provisioningProfile=./embedded.provisionprofile Uploading with Transporter. Maybe I need any additional actions for TestFlight availability? image

idoodler commented 2 years ago

I do have the same issue as @spChief shows. I can submit the app to the AppStore, but not to TestFlight. There is no further information about the issue in AppStoreConnect. However I am just trying out this. I will keep you updated

spChief commented 2 years ago

@idoodler Thanks, it's work for me, now I can send builds to TestFlight

idoodler commented 2 years ago

@spChief Did you recreate your certificate or your profile?

spChief commented 2 years ago

@idoodler Yes, I recreated cert and profile, but just cause it was expiring. I don't know, does it help or not.

idoodler commented 2 years ago

@spChief Yesterday I created a new Mac App Distribution certificate and a new Provisioning Profile with the newly created Certificate. Created a new all-certs.p12 imported all certs in my keychain and removed the old.

No change 👎

spChief commented 2 years ago

@idoodler Mac App Installer cert I was recreated too. What command do you use for building? Mine looks like this:

CSC_NAME='3rd Party Mac Developer Application:...' electron-builder --mac=mas -c.mac.provisioningProfile=./embedded.provisionprofile

and after that finishes I use some custom sign bash script. I need it for sign some native node modules.

idoodler commented 2 years ago

I will generate all certificates after my holidays. I also use a bash script that resigns all the native node modules.

My command looks like this: electron-builder -m -c './build/electron-build-mac-mas.json' && sh ./build/resignAndPackage.sh the electron-build-mac-mas.json is generated before each build to have a more granular control of the properties. In there is the 'provisioningProfile' property set to the newly generated file.

spChief commented 2 years ago

@idoodler And you also add these 4 lines to entitlements from Fastlane thread?

idoodler commented 2 years ago

@spChief Yes, but I didn't recreate the installer cert. I will simply recreate all certificates after my holidays. I will keep you updated

alariej commented 2 years ago

Same problem here. I've tried the suggestion by @spChief at https://github.com/fastlane/fastlane/pull/19296#issuecomment-964835146 (btw the XXXXXXX in the suggestion is the Development Team ID) but no luck, build is still "not available for testing". I am uploading the app to AppStoreConnect via Transporter and can submit the build for release without problem.

idoodler commented 2 years ago

@alariej Maybe it depends on the Electron Version? We still use a fairly old one: 9.1.0 (😳 Yes, I know)

goodhyun commented 2 years ago

I don't know why, but I just deleted hardenedRuntime and gatekeeperAssess options and specifically assigned entitlementsLoginHelper and it worked. 🤪

const osxConfig = {
  category: 'public.app-category.productivity',
  icon: 'app/app.icns',  
  // hardenedRuntime: false,
  // gatekeeperAssess: false,
  entitlements: 'parent.plist',
  entitlementsInherit: 'child.plist',
  entitlementsLoginHelper: 'loginhelper.plist',
  target: {
    target: 'mas',
    // arch: ['x64', 'arm64']
    arch: 'universal'
  },
Thomas-Vos commented 2 years ago

@idoodler did you figure out how to get TestFlight working?

idoodler commented 2 years ago

I finally upgraded to Electron v17.1.0, now I get an error regarding a missing Provisioning Profile, i am investigating...

devinbinnie commented 2 years ago

Has anyone been able to get around this? I read in the docs that it requires Xcode 13: https://help.apple.com/app-store-connect/#/devdc42b26b8. Wasn't sure if that's an issue.

I'm also using electron-builder. I've tried with both the 3rd Party Mac Developer Application and Apple Distribution certs, neither have worked. I seem to be able to submit just fine for a regular App Store build.

idoodler commented 2 years ago

I created an issue at Apple to finally solve this

devinbinnie commented 2 years ago

I don't know why, but I just deleted hardenedRuntime and gatekeeperAssess options and specifically assigned entitlementsLoginHelper and it worked. 🤪

const osxConfig = {
  category: 'public.app-category.productivity',
  icon: 'app/app.icns',  
  // hardenedRuntime: false,
  // gatekeeperAssess: false,
  entitlements: 'parent.plist',
  entitlementsInherit: 'child.plist',
  entitlementsLoginHelper: 'loginhelper.plist',
  target: {
    target: 'mas',
    // arch: ['x64', 'arm64']
    arch: 'universal'
  },

This is what finally solved it for me :)

idoodler commented 2 years ago

So I contacted Apple Support and according to them I need to add the property "application-identifier".

Thats all, no information where or about the value. I contacted them again for some further infos :)

Deveosys commented 2 years ago

@idoodler Same here, I'm still waiting for them to come back to me. I have the "application-identifier" key in all my .plist files but no more luck.

<key>com.apple.application-identifier</key>
<string>XXXX.com.company.app</string>

Where XXXX is your TeamID

idoodler commented 2 years ago

@Deveosys Same here, key and value is set, now the support guy told me the following:

I have checked the new build uploaded and, although it includes a valid identifier, it’s lacking of a provisioning profile. So the solution seems to pass by added the required provisioning profile and submit a new build.

I checked the .app and there is a file called embedded.provisionprofile present. So I sent him a reply.

Deveosys commented 2 years ago

@idoodler Hey, I got the exact same reply today. I checked with MD5 the embedded.provisionprofile in .app and the .provisionprofile I created and downloaded from "Certificates, Identifiers & Profiles" web page. It's the same.

idoodler commented 2 years ago

@devinbinnie Does your entitlement files include the com.apple.application-identifier key? Also does your app include the embedded.provisionprofile?

devinbinnie commented 2 years ago

@devinbinnie Does your entitlement files include the com.apple.application-identifier key? Also does your app include the embedded.provisionprofile?

Yes to both. I'm doing my build through electron-builder which allows me to specify the provisioning profile, and I've added the application-identifier line that matches the AppID and the OrgID for my organization.

You can have a look at my configuration here if you wish.

idoodler commented 2 years ago

So I made it🎉

What did the trick:

My next task is how to detect if the app is installed via TestFlight...

idoodler commented 2 years ago

@devinbinnie Have you been able to submit the app to an external TestFlight group? Mine gets rejected due to the following error. Internal groups or MacAppStore submissions are fine tho.

This build is using a beta version of Xcode and can't be submitted. Make sure you're using the
latest version of Xcode or the latest seed release found on the releases tab in a
href="https://developer.apple.com/news/releases/" target=" blank">News and Updates

Same issue as this: https://github.com/electron-userland/electron-builder/issues/6665

Deveosys commented 2 years ago

@idoodler Hey, I got the same scenario, you have to wait and TestFlight will detect your build as valid.

idoodler commented 2 years ago

@idoodler Hey, I got the same scenario, you have to wait and TestFlight will detect your build as valid.

What do you mean. The app has been uploaded yesterday evening, Internal Testing works fine, but when I want to add the External group I get the error. The status of the build is Ready to Submit. How long do you usually need to wait until the app is available for external testing?

devinbinnie commented 2 years ago

@idoodler I've run into the same issue, it's being tracked by Electron here: https://github.com/electron/electron/issues/33054

Unfortunately waiting won't help, there seems to be an issue with the version of Xcode if I'm understanding correctly. Something will likely need to be fixed on the Electron side/a workaround will need to be found.

Deveosys commented 2 years ago

@idoodler I didn't understood the problem was with external testers ! Didn't try externals tests so far...

arslankaleem7229 commented 2 years ago

did you got any solution for this ???

idoodler commented 2 years ago

did you got any solution for this ???

The issue is, that Electron binaries are created with an older version of Xcode, thus we have to wait for them to utilize a newer version.

There appears to be a workaround which I have not tested yet: https://github.com/electron/electron/issues/33054#issuecomment-1142144127

arslankaleem7229 commented 2 years ago

I don't know why, but I just deleted hardenedRuntime and gatekeeperAssess options and specifically assigned entitlementsLoginHelper and it worked. 🤪

const osxConfig = {
  category: 'public.app-category.productivity',
  icon: 'app/app.icns',  
  // hardenedRuntime: false,
  // gatekeeperAssess: false,
  entitlements: 'parent.plist',
  entitlementsInherit: 'child.plist',
  entitlementsLoginHelper: 'loginhelper.plist',
  target: {
    target: 'mas',
    // arch: ['x64', 'arm64']
    arch: 'universal'
  },

can you please send the file loginhelper.plist here???

idoodler commented 2 years ago

I don't know why, but I just deleted hardenedRuntime and gatekeeperAssess options and specifically assigned entitlementsLoginHelper and it worked. 🤪


const osxConfig = {

  category: 'public.app-category.productivity',

  icon: 'app/app.icns',  

  // hardenedRuntime: false,

  // gatekeeperAssess: false,

  entitlements: 'parent.plist',

  entitlementsInherit: 'child.plist',

  entitlementsLoginHelper: 'loginhelper.plist',

  target: {

    target: 'mas',

    // arch: ['x64', 'arm64']

    arch: 'universal'

  },

can you please send the file loginhelper.plist here???

This only allows Internal TestFlight testing.

arslankaleem7229 commented 2 years ago

Thanks @idoodler

Ali-Albaker commented 2 years ago

So I made it🎉

What did the trick:

  • Adopting the entitlements file

    • entitlements.mas.plist

    • Must include com.apple.application-identifier an com.apple.developer.team-identifier

    • entitlements.mas.inherit.plist and entitlements.mas.loginhelper.plist

    • Must not contain com.apple.application-identifier or com.apple.developer.team-identifier

  • Setting the hardenedRuntime and gatekeeperAssess (properties will be inherited if not present here)

    • mac

    • hardenedRuntime: true

    • gatekeeperAssess: true

    • mas

    • hardenedRuntime: false

My next task is how to detect if the app is installed via TestFlight...

That does not work for me. Here's what I have.

  mac: {
    hardenedRuntime: true,
    gatekeeperAssess: true,
    category: 'public.app-category.utilities',
    entitlements: 'electron-build/entitlements.mac.plist',
    entitlementsInherit: 'electron-build/entitlements.mac.plist',
    target: {
      target: 'mas',
      arch: 'universal'
    },
  },
  mas: {
    hardenedRuntime: false,
    entitlements: "electron-build/entitlements.mas.plist",
    entitlementsInherit: "electron-build/entitlements.mas.inherit.plist",
    entitlementsLoginHelper: "electron-build/entitlements.mas.loginhelper.plist",
    provisioningProfile: './embedded.provisionprofile',
    asarUnpack: [],
    // type: "distribution",
    icon: 'electron-build/icon.icns',
    electronLanguages: ['en'],
    extendInfo: {
      ITSAppUsesNonExemptEncryption: false
    },
    singleArchFiles: "*",
    // strictVerify: false,
  },
idoodler commented 2 years ago

@Ali-Baker What are you trying to archive? As I mentioned the fix only enables internal TestFlight releases.

Ali-Albaker commented 2 years ago

I am trying to submit to App Store Connect for TestFlight but getting Not Available for Testing with the above config using electron-builder to build and Transporter App to upload the .pkg file.