Electron-forge 和 osx 签名应用程序导致“二进制文件签名不正确”。

我使用以下“功能”开发了一个电子应用程序：

• Base : 电子锻造：开始、制作和发布
• 电子open-url功能[方案：xx-note]
• node-keytar：获取和设置密码
• 无框应用程序: 透明窗户
• 自动更新 with Nucleus: 正在开发 W10
• 登录后开始

如果我不签署它，我可以毫无问题地运行该应用程序并构建它，但为了使自动更新工作，我绝对需要对其进行签名。 （这对我的客户来说更好）。

不幸的是，当我签署它并尝试在 Big Sur 上运行它时，我收到以下消息：

来自取景器：

您没有权限打开应用程序“XX”

请联系您的计算机或网络管理员寻求帮助。

从航站楼出发：

The application cannot be opened for an unexpected reason,
error=Error Domain=NSOSStatusErrorDomain Code=-10826 "kLSNoLaunchPermissionErr: User doesn't have permission to launch the app (managed networks)" 
UserInfo={_LSFunction=_LSLaunchWithRunningboard, _LSLine=2539, NSUnderlyingError=0x7f98fe4166d0 {Error Domain=RBSRequestErrorDomain Code=5 "Launch failed." 
UserInfo={NSLocalizedFailureReason=Launch failed., NSUnderlyingError=0x7f98fe418060 {Error Domain=NSPOSIXErrorDomain Code=153 "Unknown error: 153" 
UserInfo={NSLocalizedDescription=Launchd job spawn failed with error: 153}}}}}

而且，在这两种情况下，我都会在Console/system.log :

May  3 11:00:32 XX com.apple.xpc.launchd[1] (application.ai.XX.note-taking.39302547.39303101[25454]): removing service since it exited with consistent failure - OS_REASON_CODESIGNING | When validating /Users/XX/Documents/XX/mr/XX-desktop/out/XX-darwin-x64/XX.app/Contents/MacOS/XX_Taking-Note:
      Code has restricted entitlements, but the validation of its code signature failed.
    Unsatisfied Entitlements: 
May  3 11:00:32 XX com.apple.xpc.launchd[1] (application.ai.XX.note-taking.39302547.39303101[25454]): Binary is improperly signed.

卡塔利娜：

我的同事从 Catalina 启动它并收到此错误消息

System Integrity Protection: enabled
Crashed Thread:        0
Exception Type:        EXC_CRASH (Code Signature Invalid)
Exception Codes:       0x0000000000000000, 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY
Termination Reason:    Namespace CODESIGNING, Code 0x1

我的应用程序是如何签名的？

Using [electron-osx-sign][8] & [electron-notarize][8] 使用伪造配置：

packagerConfig:  {
    appBundleId: 'ai.XX.note-taking',
    executableName: BUILD_NAME, //XX
    name: APP_NAME, //XX
    icon: iconPath,
    overwrite: true,
    asar: true,

    extendInfo: './info.extends.plist',

    protocols: {
      name: 'XX-note',
      schemes: ['XX-note'],
    },

    osxSign: {
      identity: OSX_CREDENTIALS.SIGN_ID, // Developer ID Application: TeamName (MYTEAMID)
      'hardened-runtime': true,
      entitlements: 'entitlements.plist',
      'entitlements-inherit': 'entitlements.plist',
      'entitlements-loginhelper': 'login.entitlements.plist',
      'signature-flags': 'library',
      // https://github.com/electron/electron-notarize/issues/54
      'gatekeeper-assess': false,
      verbose: true,
    },
    osxNotarize: {
      // appBundleId: 'ai.XX.note-taking', // (TESTED WITH & WITHOUT)
      appleId: OSX_CREDENTIALS.ID, // [email protected]"
      appleIdPassword: OSX_CREDENTIALS.PASSWORD, // app password
      // ascProvider: 'MYTEAMID', // (TESTED WITH & WITHOUT)
    },

协同设计--验证--verbose XX.app

out/XX-darwin-x64/XX.app: valid on disk
out/XX-darwin-x64/XX.app: satisfies its Designated Requirement

My .plist

登录.entitlements.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
  </dict>
</plist>

信息扩展.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>CFBundleURLTypes</key>
    <array>
      <dict>
        <key>CFBundleURLSchemes</key>
        <array>
          <string>XX-note</string>
        </array>
      </dict>
    </array>
    <key>NSDocumentsFolderUsageDescription</key>
    <true />
    <key>ElectronTeamID</key>
    <string>MYTEAMID</string>
    <key>NSAppTransportSecurity</key>
    <dict>
      <key>NSAllowsArbitraryLoads</key>
      <false/>
      <key>NSAllowsLocalNetworking</key>
      <true/>
    </dict>
  </dict>
</plist>

权利.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.cs.allow-jit</key>
    <true/>
    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
    <true/>
    <key>com.apple.security.cs.allow-dyld-environment-variables</key>
    <true/>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.cs.disable-library-validation</key>
    <true/>
  </dict>
</plist>

我真的希望你能帮助我，我真的尽力给你尽可能多的帮助，而且已经三天多了，我到处找都没有解决我的问题。

已经尝试过了

• developer.apple.com/forums/thread/666611?page=5
• github.com/ElmarJ/Waterlooplein3D/issues/86
• bestofreactjs.com/repo/infinitered-reactotron-react-development-tools
• stackoverflow.com/questions/64842819/cant-run-app-because-of-permission-in-big-sur
• github.com/upx/upx/issues/424
• github.com/Squirrel/Squirrel.Mac/issues/204
• github.com/Hardocs/desktop-app/issues/56
• Discuss.apple.com/thread/526166
• ... 和更多

我使用本教程解决了这个问题：https://kilianvalkhof.com/2019/electron/notarizing-your-electron-application/

还有这个问题https://github.com/electron-userland/electron-builder/issues/3940

我的最终配置是：

    osxSign: {
      identity: 'Developer ID Application: MyTeam (TEAMID)',
      'hardened-runtime': true,
      entitlements: 'mac/entitlements.plist',
      'entitlements-inherit': 'mac/entitlements.plist',
      'signature-flags': 'library',
      // https://github.com/electron/electron-notarize/issues/54
      'gatekeeper-assess': false,
      verbose: true,
    },

    osxNotarize: {
      appleId: 'myemail',
      appleIdPassword: 'mypassword',
    },

And mac/entitlements.plist is :

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
    <true/>
    <key>com.apple.security.cs.disable-library-validation</key>
    <true/>
  </dict>
</plist>