电子应用程序公证但未打开。 [电子制造商] [macOS Big Sur]

Posted

技术标签:

【中文标题】电子应用程序公证但未打开。 [电子制造商] [macOS Big Sur]【英文标题】:Electron App Notarized but not opening. [electron-builder] [macOS Big Sur] 【发布时间】:2021-09-15 17:22:46 【问题描述】:

我成功公证了应用程序,它给出了以下error

我检查了签名和公证,它给了我以下信息:

> pkgutil --check-signature ./path/to/app/XXXX.app
Package "XXX":
   Status: signed by a certificate trusted by macOS
   Certificate Chain:
    1. Developer ID Application: ...


> spctl -a -t exec -vvv ./path/to/app/XXXX.app
./path/to/app/XXXX.app: accepted
source=Notarized Developer ID
origin=Developer ID Application: XXXXXX (XXXXXX)

电子公证版本是^1.0.0

这表明它已成功公证,这是我的配置文件(如果有帮助,请签署 js 文件):

package.json

"build": 
    "asar": true,
    "appId": "redacted",
    "files": [
      ...
    ],
    "afterSign": "./build/afterSignHook.js",
    "directories": 
      "buildResources": "./build/resources"
    ,
    "publish": [
      
        "provider": "github",
        "owner": "redacted",
        "repo": "redacted"
      
    ],
    "mac": 
      "category": "public.app-category.music",
      "icon": "assets/appIcons/DJFlame Logo.icns",
      "hardenedRuntime": true,
      "entitlements": "./build/resources/entitlements.mac.plist",
      "asarUnpack": "**/*.node"
    ,
    "dmg": 
      "background": null,
      "icon": "assets/appIcons/DJFlame Logo.icns",
      "backgroundColor": "#202020",
      "window": 
        ...
      ,
      "contents": [
        ...
      ]
    ,
    "nsis": 
      "oneClick": false,
      "perMachine": false,
      "installerIcon": "assets/appIcons/DJFlame Logo.ico",
      "license": "license.txt"
    ,
    "linux": 
      "target": "AppImage",
      "icon": "assets/DJFlame Logo.png"

entitlements.mac.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.application-groups</key>
    <array>
      <string>XXYYZZ112233.com.redacted.redacted</string>
    </array>

    <key>com.apple.security.network.client</key>
    <true/>
    <key>com.apple.security.network.server</key>
    <true/>
    <key>com.apple.security.files.user-selected.read-write</key>
    <true/>
  </dict>
</plist>

afterSignHook.js(公证文件)

const fs = require('fs');
const path = require('path');
var electron_notarize = require('electron-notarize');
const config = require('../package.json')
require('dotenv').config();
module.exports = async function (params) 
  // Only notarize the app on Mac OS only.  
  if (process.platform !== 'darwin' || path.join(params.appOutDir, `$params.packager.appInfo.productFilename.app`) == '/Users/siddharth/dev/DJTorsten/dist/win-unpacked/DJFlame.app') 
    return;
  
  // Same appId in electron-builder.  
  let appId = config.build.appId
  let appPath = path.join(params.appOutDir, `$params.packager.appInfo.productFilename.app`);
  if (!fs.existsSync(appPath)) 
    throw new Error(`Cannot find application at: $appPath`);
  
  const startNoteTime = new Date()
  console.log(`Notarizing $appId found at $appPath. Started Notarizing at $new Date().toLocaleTimeString(), expected max finish time $new Date(new Date().getTime() + 300000).toLocaleTimeString()`);
  try 
    await electron_notarize.notarize(
      appBundleId: appId,
      appPath: appPath,
      appleId: process.env.APPLE_ID, // this is your apple ID it should be stored in an .env file  
      appleIdPassword: process.env.APPLE_ID_PASSWORD, // this is NOT your apple ID password. You need to   
      //create an application specific password from https://appleid.apple.com under "security" you can generate  
      //such a password   
      //   ascProvider: process.env.appleIdProvider // this is only needed if you have multiple developer  
      // profiles linked to your apple ID.   
    );
   catch (error) 
    console.error(error);
    throw error;
  
  console.log(`Done notarizing $appId! Time Finished: $new Date().toLocaleTimeString(), Time Elasped: $Math.floor(new Date() / 1000) - Math.floor(startNoteTime / 1000)s`);
;

编辑我将其缩小到以下几行:

"afterSign": "./build/afterSignHook.js",
"directories": 
    "buildResources": "./build/resources"
,
...
"mac": 
    ...
    "hardenedRuntime": true,
    "entitlements": "./build/resources/entitlements.mac.plist",
    "asarUnpack": "**/*.node"

当我没有收到该错误时,它也没有经过公证。我将编辑上面的 sn-p,直到找到错误的确切原因。

【问题讨论】:

【参考方案1】:

我尝试了很多方法来解决这个问题,但我认为以下是答案:

#1 给 package.json 添加一个值

添加"entitlements": "./build/resources/entitlements.mac.plist" 时,添加指向同一文件的继承。还将gatekeeperAsses 添加到false。代码看起来像

"mac": 
      ...
      "hardenedRuntime": true,
      "gatekeeperAssess": false,
      "entitlements": "./build/resources/entitlements.mac.plist",
      "entitlementsInherit": "./build/resources/entitlements.mac.plist",
      "asarUnpack": "**/*.node"

#2 将entitlements.mac.plist 剥离到最低限度

显然,拥有太多权利可能会导致此错误,因此将其剥离为您需要的权利。我的看起来像这样:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.files.user-selected.read-write</key>
    <true/>
    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
    <true/>
    <key>com.apple.security.device.audio-input</key>
    <true/>
    <key>com.apple.security.files.user-selected.read-only</key>
    <true/>
</dict>
</plist>

【讨论】:

以上是关于电子应用程序公证但未打开。 [电子制造商] [macOS Big Sur]的主要内容,如果未能解决你的问题,请参考以下文章

如何使用适用于 macOS 的 Visual Studio 代码为外部 Mac 应用商店签署和公证电子应用程序构建?

什么是电子数据保管?有什么用?

电子制造商:EACCES:权限被拒绝

错误 ITMS-90283:配置文件无效。捆绑包中包含的配置文件无效 [缺少代码签名证书]

构建电子 linux 发行版:找到了 SUID 沙箱助手二进制文件,但未正确配置

Firebase 身份验证:通过特殊电子邮件地址(例如 *@gmx.at)发送但未收到的电子邮件