Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Packaged MacOS app fails to ask for permission to administer computer (likely due to misconfigured code signature resources) #3754

Closed
3 tasks done
hichemfantar opened this issue Nov 10, 2024 · 3 comments

Comments

@hichemfantar
Copy link

hichemfantar commented Nov 10, 2024

Pre-flight checklist

  • I have read the contribution documentation for this project.
  • I agree to follow the code of conduct that this project uses.
  • I have searched the issue tracker for a bug that matches the one I want to file, without success.

Electron Forge version

7.5.0

Electron version

v33.0.2

Operating system

macOS Sonoma Version 14.3.1

Last known working Electron Forge version

No response

Expected behavior

app should for permission to administer computer in both the bundled version and dev mode

Actual behavior

app fails to ask for permission in bundled version

Steps to reproduce

  1. buidl the app from https://github.com/hichemfantar/shutdown-scheduler and try to run it

Additional information

My app runs some commands with child_process.exec which prompt the user to accept some permissions like

Image

this popup shows up in dev mode but fails to show up when the app is packaged.

running codesign verification fails on the generated app bundle

command codesign --verify --deep --strict --verbose=2 ./Shutdown\ Scheduler.app
result:

./Shutdown Scheduler.app: invalid Info.plist (plist or signature have been modified)
In architecture: arm64

the problem is fixed by manually running codesign on the generated app.
command: codesign --force --deep --sign - ./Shutdown\ Scheduler.app
result: ./Shutdown Scheduler.app: replacing existing signature

verify again:

command: codesign --verify --deep --strict --verbose=2 ./Shutdown\ Scheduler.app
result:

./Shutdown Scheduler.app: valid on disk
./Shutdown Scheduler.app: satisfies its Designated Requirement

now the app correctly asks for permissions.

i debugged and found that resigning makes a few changes.

in Shutdown Scheduler.app/Contents/_CodeSignature/CodeResources the keys below are deleted:

		<key>Frameworks/Electron Helper (GPU).app</key>
		<dict>
			<key>cdhash</key>
			<data>
			bBSRTdbO1umqD3s49LoLZxg8iJg=
			</data>
			<key>requirement</key>
			<string>cdhash H"6c14914dd6ced6e9aa0f7b38f4ba0b67183c8898"</string>
		</dict>
		<key>Frameworks/Electron Helper (Plugin).app</key>
		<dict>
			<key>cdhash</key>
			<data>
			QwJSFFLgG515VBStI/BhCXC+VLo=
			</data>
			<key>requirement</key>
			<string>cdhash H"4302521452e01b9d795414ad23f0610970be54ba"</string>
		</dict>
		<key>Frameworks/Electron Helper (Renderer).app</key>
		<dict>
			<key>cdhash</key>
			<data>
			41DtDFFEFFITznxH1REM/mhIAuU=
			</data>
			<key>requirement</key>
			<string>cdhash H"e350ed0c5144145213ce7c47d5110cfe684802e5"</string>
		</dict>
		<key>Frameworks/Electron Helper.app</key>
		<dict>
			<key>cdhash</key>
			<data>
			95xP7836OfvGVKQdY4KDqo+adK8=
			</data>
			<key>requirement</key>
			<string>cdhash H"f79c4fefcdfa39fbc654a41d638283aa8f9a74af"</string>
		</dict>

and replaced by

		<key>Frameworks/Shutdown Scheduler Helper (GPU).app</key>
		<dict>
			<key>cdhash</key>
			<data>
			cG1Y256nv4o/j4N1pfpdQsphnXg=
			</data>
			<key>requirement</key>
			<string>cdhash H"706d58db9ea7bf8a3f8f8375a5fa5d42ca619d78"</string>
		</dict>
		<key>Frameworks/Shutdown Scheduler Helper (Plugin).app</key>
		<dict>
			<key>cdhash</key>
			<data>
			aomExbW6iyo2pMXDTfksGrsN01Q=
			</data>
			<key>requirement</key>
			<string>cdhash H"6a8984c5b5ba8b2a36a4c5c34df92c1abb0dd354"</string>
		</dict>
		<key>Frameworks/Shutdown Scheduler Helper (Renderer).app</key>
		<dict>
			<key>cdhash</key>
			<data>
			Ah1ww4EC20oq2l/T/T3+Fk10s3w=
			</data>
			<key>requirement</key>
			<string>cdhash H"021d70c38102db4a2ada5fd3fd3dfe164d74b37c"</string>
		</dict>
		<key>Frameworks/Shutdown Scheduler Helper.app</key>
		<dict>
			<key>cdhash</key>
			<data>
			lfUyRs+Rq9laIZNJMFuaY/KktCM=
			</data>
			<key>requirement</key>
			<string>cdhash H"95f53246cf91abd95a219349305b9a63f2a4b423"</string>
		</dict>

folder contents use the correct name in package.json
Image

which i believe means that somewhere in the packaging process, the configured app name is not used and falls back the default name Electron

I tried removing spaces and uppercase letters but the problem persists

package.json

  "name": "shutdown-scheduler",
  "productName": "Shutdown Scheduler",

@hichemfantar
Copy link
Author

@MarshallOfSound
Copy link
Member

Why manually code sign it, please provide a minimal repro not an entire app.

At a glance though your forge config doesn't have a packagerConfig.osxSign setting so it won't be code signing at all 🤷‍♂️

You need to provide a real signing config and such with a real apple developer cert

@hichemfantar
Copy link
Author

moved to #3757

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants