[Bug]: MacOS signing and notarization instructions don't work

[ryanhugh]

Checks before filing an issue

• [X] This issue doesn't reproduce on web browsers (such as in Chrome). If it does, issue reports go to the Mattermost Server repository.
• [X] I have checked the issue tracker and have not found an issue that matches the one I'm filing.
• [X] This issue is not a troubleshooting question. Troubleshooting questions go here: https://forum.mattermost.com/c/trouble-shoot/16.
• [X] This issue is not a feature request. You can request features and make product suggestions here: https://mattermost.com/suggestions/.
• [X] This issue reproduces on the most recent stable version, or the most recent prerelease version of the Mattermost Desktop App.
• [X] I have read the contribution guidelines.

Mattermost Desktop Version

release-5.9

Operating System

MacOS M2 15.1.1 (24B91)

Mattermost Server Version

No response

Steps to reproduce

We are running into an issue notarizing and signing the MacOS application.

npm run package:mac does not work. It throw an error. We are unable to launch the binary that is produced.

Full details here: https://rose-piranha-ec2.notion.site/Bounty-Electron-MacOS-Signing-Issue-1435eaeefd2180da87acebd500bdd884?pvs=74

Happy to pay if you help solve this for us thanks.

Expected behavior

I expect npm run package:mac to be able to compile, notarize and sign the MacOS application such that we can share the build app and run it on other Mac computers with no issues.

Observed behavior

npm run package:mac fails to build the Mac app. It produces a binary, but the binary refuses to launch. Mac OS says

Log Output

webpack 5.90.3 compiled with 10 warnings in 5970 ms
  • electron-builder  version=24.13.3 os=24.1.0
  • loaded configuration  file=/Users/ryanhughes/Desktop/code/mattermost-desktop/electron-builder.json
  • writing effective config  file=release/builder-effective-config.yaml
  • rebuilding native dependencies  dependencies=macos-notification-state@3.0.0, windows-focus-assist@1.4.0 platform=darwin arch=x64
  • packaging       platform=darwin arch=x64 electron=33.0.2 appOutDir=release/mac
  • signing         file=release/mac/Mattermost.app platform=darwin type=distribution identity=ED56A83F68CA0082422ADB37940C1057CA2E69E3 provisioningProfile=./mac.provisionProfile
Error: Failed to notarize via notarytool

{"status":"Invalid","message":"Processing complete","id":"b2d66f44-52bc-4286-b6b0-94f481f43dfe"}

    at /Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/@electron/notarize/src/notarytool.ts:95:13
    at Generator.next (<anonymous>)
    at fulfilled (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/@electron/notarize/lib/notarytool.js:28:58)
    at processTicksAndRejections (node:internal/process/task_queues:105:5)
From previous event:
    at processImmediate (node:internal/timers:491:21)
From previous event:
    at readDirectoryAndSign (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/macPackager.ts:479:28)
    at MacPackager.signApp (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/macPackager.ts:496:5)
    at MacPackager.doSignAfterPack (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/platformPackager.ts:336:21)
    at MacPackager.doPack (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/platformPackager.ts:321:7)
    at MacPackager.pack (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/macPackager.ts:198:9)
    at Packager.doBuild (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/packager.ts:445:9)
    at executeFinally (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/builder-util/src/promise.ts:12:14)
    at Packager._build (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/packager.ts:379:31)
    at Packager.build (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/packager.ts:340:12)
    at executeFinally (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/builder-util/src/promise.ts:12:14)
  ⨯ Failed to notarize via notarytool

{"status":"Invalid","message":"Processing complete","id":"b2d66f44-52bc-4286-b6b0-94f481f43dfe"}
  failedTask=build stackTrace=Error: Failed to notarize via notarytool
                                                                                                                                            {"status":"Invalid","message":"Processing complete","id":"b2d66f44-52bc-4286-b6b0-94f481f43dfe"}
                                                                                                                                                at /Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/@electron/notarize/src/notarytool.ts:95:13
    at Generator.next (<anonymous>)
    at fulfilled (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/@electron/notarize/lib/notarytool.js:28:58)
    at processTicksAndRejections (node:internal/process/task_queues:105:5)
From previous event:
    at processImmediate (node:internal/timers:491:21)
From previous event:
    at readDirectoryAndSign (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/macPackager.ts:479:28)
    at MacPackager.signApp (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/macPackager.ts:496:5)
    at MacPackager.doSignAfterPack (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/platformPackager.ts:336:21)
    at MacPackager.doPack (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/platformPackager.ts:321:7)
    at MacPackager.pack (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/macPackager.ts:198:9)
    at Packager.doBuild (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/packager.ts:445:9)
    at executeFinally (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/builder-util/src/promise.ts:12:14)
    at Packager._build (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/packager.ts:379:31)
    at Packager.build (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/app-builder-lib/src/packager.ts:340:12)
    at executeFinally (/Users/ryanhughes/Desktop/code/mattermost-desktop/node_modules/builder-util/src/promise.ts:12:14)

{
  "logFormatVersion": 1,
  "jobId": "7a654253-c890-46d7-8f85-6d55d4478c61",
  "status": "Invalid",
  "statusSummary": "Archive contains critical validation errors",
  "statusCode": 4000,
  "archiveFilename": "Mattermost.zip",
  "uploadDate": "2024-11-19T22:46:37.875Z",
  "sha256": "14c4002d8187a59647e82ec24aaeeaaff142df55bbacca66b4efa755f4ca46a8",
  "ticketContents": null,
  "issues": [
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/MacOS/Mattermost",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Resources/app.asar.unpacked/node_modules/macos-notification-state/build/Release/focuscenter.node",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Resources/app.asar.unpacked/node_modules/macos-notification-state/build/Release/notificationstate.node",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Resources/app.asar.unpacked/node_modules/windows-focus-assist/build/Release/focusassist.node",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libEGL.dylib",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libvk_swiftshader.dylib",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libGLESv2.dylib",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libffmpeg.dylib",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Helpers/chrome_crashpad_handler",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/ReactiveObjC.framework/Versions/A/ReactiveObjC",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Mattermost Helper (Renderer).app/Contents/MacOS/Mattermost Helper (Renderer)",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Squirrel.framework/Versions/A/Squirrel",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Squirrel.framework/Versions/A/Resources/ShipIt",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Mattermost Helper (Plugin).app/Contents/MacOS/Mattermost Helper (Plugin)",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Mattermost Helper.app/Contents/MacOS/Mattermost Helper",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Mantle.framework/Versions/A/Mantle",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "Mattermost.zip/Mattermost.app/Contents/Frameworks/Mattermost Helper (GPU).app/Contents/MacOS/Mattermost Helper (GPU)",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    }
  ]
}

Additional Information

No response

[devinbinnie]

May I first ask why you need to sign your own binary? Are there modifications to the app that you intend to distribute?

Looking at the error, The binary is not signed with a valid Developer ID certificate.. Do you have one of these issued by Apple for your organization?

[ryanhugh]

We made some changes to the app yeah.

Looking at the error, The binary is not signed with a valid Developer ID certificate.. Do you have one of these issued by Apple for your organization?

We have a valid Apple Developer ID and made a new profile for this. Here's a screenshot showing the profile is valid. There's a lot of options in the Apple Developer portal though, so the issue may be with how the profile was made.