Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error when trying to notarize universal macOS app #158

Closed
alectrocute opened this issue May 20, 2023 · 1 comment
Closed

Error when trying to notarize universal macOS app #158

alectrocute opened this issue May 20, 2023 · 1 comment

Comments

@alectrocute
Copy link

alectrocute commented May 20, 2023
edited
Loading

We're unable to notarize our Universal app. When attempting to notarize, the following error is thrown:

Error: Failed to staple your application with code: 65

Processing: /Users/alec/Desktop/random/apps/heliumlift/dist_electron/mac-universal/Lift.app
Properties are {
    NSURLIsDirectoryKey = 1;
    NSURLIsPackageKey = 1;
    NSURLIsSymbolicLinkKey = 0;
    NSURLLocalizedTypeDescriptionKey = Application;
    NSURLTypeIdentifierKey = "com.apple.application-bundle";
    "_NSURLIsApplicationKey" = 1;
}
Props are {
    cdhash = {length = 20, bytes = 0x4852cd4018094f93007efcf602d5e4b3d91f416b};
    digestAlgorithm = 2;
    flags = 65536;
    secureTimestamp = "2023-05-20 19:39:38 +0000";
    signingId = "com.sofriendly.lift";
    teamId = 2H66PPM438;
}
JSON Data is {
    records =     (
                {
            recordName = "2/2/4852cd4018094f93007efcf602d5e4b3d91f416b";
        }
    );
}
 Headers: {
    "Content-Type" = "application/json";
}
Domain is api.apple-cloudkit.com
Response is <NSHTTPURLResponse: 0x128612640> { URL: https://api.apple-cloudkit.com/database/1/com.apple.gk.ticket-delivery/production/public/records/lookup } { Status Code: 200, Headers {
    Connection =     (
        "keep-alive"
    );
    "Content-Encoding" =     (
        gzip
    );
    "Content-Type" =     (
        "application/json; charset=UTF-8"
    );
    Date =     (
        "Sat, 20 May 2023 19:43:07 GMT"
    );
    Server =     (
        "AppleHttpServer/3faf4ee9434b"
    );
    "Strict-Transport-Security" =     (
        "max-age=31536000; includeSubDomains;"
    );
    "Transfer-Encoding" =     (
        Identity
    );
    Via =     (
        "xrail:st53p00ic-qujn15041902.me.com:8301:22R1064:grp60,631194250daa17e24277dea86cf30319:f534c1d535f01911c8d01409c2d0f21f:usmia1"
    );
    "X-Apple-CloudKit-Version" =     (
        "1.0"
    );
    "X-Apple-Edge-Response-Time" =     (
        28
    );
    "X-Apple-Request-UUID" =     (
        "491cf61c-d037-4740-ab54-a3c0c7fb8d99"
    );
    "X-Responding-Instance" =     (
        "ckdatabasews:16306401:st42p63ic-ztfb05112901:8807:2315B343:1bdbea4716468b6ab95fe004522984916a3398ca"
    );
    "access-control-expose-headers" =     (
        "X-Apple-Request-UUID,X-Responding-Instance,Via"
    );
    "x-apple-user-partition" =     (
        63
    );
} }
Size of data is 165
JSON Response is: {
    records =     (
                {
            reason = "Record not found";
            recordName = "2/2/4852cd4018094f93007efcf602d5e4b3d91f416b";
            serverErrorCode = "NOT_FOUND";
        }
    );
}
CloudKit query for Lift.app (2/4852cd4018094f93007efcf602d5e4b3d91f416b) failed due to "Record not found".
Could not find base64 encoded ticket in response for 2/4852cd4018094f93007efcf602d5e4b3d91f416b
The staple and validate action failed! Error 65.

Here's the relevant config:

afterPack.js:

exports.default = function (context) {
  const {
    execSync
  } = require('child_process')

  const fs = require('fs')

  // mac
  const archs = ['ia32', 'x64', 'armv7l', 'arm64', 'universal'];
  const arch = 'macos ' + archs[context.arch];

  console.log(`Castlabs signing start for ${arch}`);
  execSync('python3 -m castlabs_evs.vmp sign-pkg ' + context.appOutDir);
  console.log(`Castlabs signing complete!`);

  const sigPath = `${context.appOutDir}/Lift.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Resources/Electron Framework.sig`;
  console.log('Removing `Electron Framework.sig` from bundle...', sigPath);
  fs.unlinkSync(sigPath);
  console.log('Removed `Electron Framework.sig` from bundle!');
}

afterSign.js:

require("dotenv").config();
const {
  notarize
} = require("@electron/notarize");
const {
  execSync
} = require('child_process')

exports.default = async function notarizing(context) {
  const {
    electronPlatformName,
    appOutDir
  } = context;

  // mac notarize
  if (electronPlatformName === "darwin") {

    const archs = ['ia32', 'x64', 'armv7l', 'arm64', 'universal'];
    const arch = 'macos ' + archs[context.arch];

    // electron-builder completely skips universal builds when calling the afterPack hook
    // so we have to manually re-sign everything (both castlabs and codesign) before notarizing
    if (arch === 'macos universal') {
      console.log(`Castlabs signing start for ${arch}`);
      execSync('python3 -m castlabs_evs.vmp sign-pkg ' + context.appOutDir);
      console.log(`Castlabs signing complete for ${arch}`);

      console.log(`Codesigning start for ${arch}`);
      execSync(`codesign -fv --deep -s <identity-hash> ./dist_electron/mac-universal/Lift.app`);
      console.log(`Codesigning complete!`);
    }

    console.info("Notarizing with Apple... This may take awhile.")

    await notarize({
      tool: 'notarytool',
      appBundleId: process.env.VUE_APP_IS_SETAPP ? "com.sofriendly.lift-setapp" : "com.sofriendly.lift",
      appPath: `${appOutDir}/${context.packager.appInfo.productFilename}.app`,
      appleId: process.env.APPLEID,
      appleIdPassword: process.env.APPLEIDPASS,
      ascProvider: process.env.APPLETEAMID,
      teamId: process.env.APPLETEAMID,
    });

    console.info("Finished! App bundle ready for distribution.")
    console.info("Verify with `yarn run check-widevine`, `yarn run check-signing` and `yarn run check-notarization`.")
  }
};

package.json:

{
  "name": "lift",
  "version": "1.0.18",
  "private": true,
  "description": "A floating transparent browser for macOS",
  "author": "SoFriendly LLC",
  "scripts": {
    "check-notarization": "spctl -a -vvv -t install ./dist_electron/mac-universal/Lift.app",
    "check-signing": "codesign -dv --verbose=4 ./dist_electron/mac-universal/Lift.app",
    "check-widevine": "python3 -m castlabs_evs.vmp verify-pkg ./dist_electron/mac-universal",
    "serve": "vue-cli-service serve",
    "build": "vue-cli-service build",
    "electron:build": "vue-cli-service electron:build",
    "electron:build-universal": "source .env && vue-cli-service electron:build -m --universal -p never",
    "electron:serve": "vue-cli-service electron:serve",
  },
  "dependencies": {
...
  },
  "devDependencies": {
    "@electron/notarize": "^1.2.3",
    "@vue/cli-service": "~4.5.0",
    "electron": "github:castlabs/electron-releases#v24.3.1+wvcus",
    "electron-builder": "^23.6.0",
    "electron-devtools-installer": "^3.1.0",
    "native-ext-loader": "^2.3.0",
    "vue-cli-plugin-electron-builder": "^3.0.0-alpha.4",
    "vue-template-compiler": "^2.6.11"
  },
  "overrides": {
    "vue-cli-plugin-electron-builder": {
      "electron-builder": "^23.6.0"
    }
  },
  "browserslist": [
    "> 1%",
    "last 2 versions",
    "not dead"
  ],
  "productName": "Lift"
}

Any idea how to resolve this? Thanks so much!
@alectrocute
Copy link
Author

Disregard, I didn't include proper entitlements.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@alectrocute