Unable to code sign on OSX, the specified item could not be found.

[Mossop]

• Version: 7.12.2

• Target: OSX

Building works normally but as soon as I set CSC_LINK to the base64 encoded value of my certificate or a file:// url for the certificate file building fails at code signing with "error: The specified item could not be found in the keychain."

[develar]

Please set env DEBUG=electron-builder and attach log. Is cert+key properly exported — https://github.com/electron-userland/electron-builder/wiki/Code-Signing#how-to-export-certificate-on-macos ?

[Mossop]

I received my certificate as a file from our companies releng department but I'm pretty sure I have it correct. I've attached the log.
log.txt

[develar]

Root certs (Apple, StartSSL) are imported and keychain is added to search list.
Keychain correctly imported.
Valid identity found (not specified by user, it is correct).

But we got "The specified item could not be found in the keychain.".

1. Could you please try to open Xcode — is license agreement accepted?
2. Please specify Xcode version.
3. Please specify macOS version.
4. Please ensure that that Apple Worldwide Developer Relations Certification Authority is not expired (if you have such cert in your keychain). To be clear – electron-builder automatically adds valid root Apple cert and you don't have to import it, but just to be sure.

Does it work on another machine (maybe CI)?

You have in any case workaround: import your p12 into your keychain and it will be used automatically. If your cert file (p12) is correct — contains both cert and private key, code sign should be successful.

[develar]

@sethlu Maybe you can advice something?

[sethlu]

@develar I think before @Mossop responses, my only suggestion is that we better have a screenshot of a list of certs @Mossop has in his keychain for electron-builder. Also, while exporting the signing keys, the corresponding private keys needs to be exported as well (from what I've heard from videos of past WWDCs).

[develar]

electron-builder Executing security import /Users/dave/Downloads/certificate.p12 -k /var/folders/ft/865v_4f12d5_8lq36_cptrj40000gn/T/electron-builder-PNpeP0/t-5475-0.keychain -T /usr/bin/codesign -T /usr/bin/p8364cf9ef03fd66a8b249b4bf565ed2c8c73e02a5f56b56a03a373f82f07d23e (sha256 hash) -P **** +46ms
1 identity imported.

Everything is Ok

Folders: 143
Files: 180
Size:       110647989
Compressed: 41539052
  electron-builder /Users/dave/workspace/tofino/node_modules/7zip-bin-osx/7za (21623) exited with code 0 +1s
  electron-builder Executing security find-identity -v /var/folders/ft/865v_4f12d5_8lq36_cptrj40000gn/T/electron-builder-PNpeP0/t-5475-0.keychain +2s
  electron-builder Executing security find-identity -v -p codesigning /var/folders/ft/865v_4f12d5_8lq36_cptrj40000gn/T/electron-builder-PNpeP0/t-5475-0.keychain +4ms
  1) C3F4739FD64C98493A5A5FF4EA6E0E5D9F6CBF17 "Developer ID Application: Mozilla Corporation (43AQ936H96)"
     1 valid identities found

  1) C3F4739FD64C98493A5A5FF4EA6E0E5D9F6CBF17 "Developer ID Application: Mozilla Corporation (43AQ936H96)"
     1 valid identities found

Signing app (identity: Developer ID Application: Mozilla Corporation (43AQ936H96))

So, electron-builder creates keychain for specified p12 file and then tries to find valid identities — security find-identity -v — Developer ID Application: Mozilla Corporation (43AQ936H96) returned as a valid cert.

Yeah — I am not sure, is identity valid if no private key or not (no doubt — it is not valid to code sign).

[Mossop]

1. I opened xcode and it installed some additional components but that didn't change anything.
2. Xcode 8.0 (8A218a)
3. OSX 10.12
4. The Apple certificate is there and not expired.

I can't test on another machine right now but I did import it into the keychain and signing worked correctly like that so something is right with the certificate.

I am going to have to do this in CI eventually though so trying to get this working from a file is important to me. I exported the certificate using the instructions given then deleted it from my keychain and tried again and got the same failure. I tried again by exporting both the certificate and private key and again got the same problem.

The only certs in the electron_builder_root_certs keychain are:

• Apple Worldwide Developer Relations Certificate Authority
• Centrum Code Signing CA SHA2
• StartCom Class 2 Object CA
• StartCom Class 3 Object CA

None of them are expired.

[develar]

Currently no open issues about it and it works for me (code sign on CI). Let's wait results on another machine / CI server. I think, it is some strange local issue.

[Mossop]

I've managed to successfully sign on a different machine so there must be something wrong with the setup of my development machine. How could I figure out what it is?

[sethlu]

@Mossop Are your private keys for signing exported along with the signing certs? For each signing cert in keychain there should be a corresponding private key (which Apple doesn't hold a copy). If the other machine succeeded in code signing while the current does not, the issue may lie in this I doubt. 😕

[Mossop]

@sethlu I'm testing with the same p12 file referenced by CSC_LINK in both cases. In one which is a fairly clean machine it works, on my development machine it doesn't. Is it possible that having the private key in my default keychain could be causing problems? I don't really want to remove it to test as that is the root copy.

[ekalinichev]

I have same issue. When I use base64 from CSC_LINK I have this:

Everything is Ok

Folders: 143
Files: 180
Size:       111883842
Compressed: 42002861
  electron-builder /Users/egorkalinichev/Projects/company/sources/desktop-client/node_modules/7zip-bin-mac/7za (57160) exited with code 0 +2s
  electron-builder Executing security find-identity -v /var/folders/_1/11l20kxn5lvfv1zbkg56hpsc0000gp/T/electron-builder-qu4Gaj/t-df40-0.keychain +1s
  electron-builder Executing security find-identity -v -p codesigning /var/folders/_1/11l20kxn5lvfv1zbkg56hpsc0000gp/T/electron-builder-qu4Gaj/t-df40-0.keychain +12ms
  1) 4CNOTHING0INTERESTING0NOTHING0INTERESTING "Developer ID Application: Company (AA1234BB12)"
     1 valid identities found

  1) 0NOTHING0INTERESTING0NOTHING0INTERESTING "Developer ID Application: Company (AA1234BB12)"
  2) OTHERHASHOTHERHASHOTHERHASHOTHERHASHOTHE "Developer ID Installer: Company (AA1234BB12)"
     2 valid identities found

Signing app (identity: Developer ID Application: Company (AA1234BB12))

  electron-osx-sign Pre-sign operation enabled for entitlements automation with versions >= `1.1.1`; disable by setting `pre-auto-entitlements` to `false`. +239ms
  electron-osx-sign Automating entitlement app group... +1ms
  electron-osx-sign:warn `ElectronTeamID` not found in `Info.plist`, use parsed from signing identity: AA1234BB12 +8ms
  electron-osx-sign:warn `com.apple.security.application-groups` not found in entitlements file, new inserted: AA1234BB12.com.company.appname-desktop +4ms
  electron-osx-sign Signing application... +1ms
  electron-osx-sign > application         /Users/egorkalinichev/Projects/company/sources/desktop-client/dist/mac/Company AppName.app +1ms
  electron-osx-sign > platform            darwin +0ms
  electron-osx-sign > entitlements        /var/folders/_1/11l20kxn5lvfv1zbkg56hpsc0000gp/T/aad3eba5-f667-477b-adff-61ecc50aa22e.plist +0ms
  electron-osx-sign > child-entitlements  /Users/egorkalinichev/Projects/company/sources/desktop-client/build/entitlements.mac.inherit.plist +0ms
  electron-osx-sign > additional-binaries undefined +0ms
  electron-osx-sign > identity            Developer ID Application: Company (AA1234BB12) +0ms
  electron-osx-sign Signing... /Users/egorkalinichev/Projects/company/sources/desktop-client/dist/mac/Company AppName.app/Contents/Frameworks/Company AppName Helper EH.app/Contents/MacOS/Company AppName Helper EH +77ms
Build failed { Error: Command failed: codesign --sign Developer ID Application: Company (AA1234BB12) --force --keychain /var/folders/_1/11l20kxn5lvfv1zbkg56hpsc0000gp/T/electron-builder-qu4Gaj/t-df40-0.keychain --entitlements /Users/egorkalinichev/Projects/company/sources/desktop-client/build/entitlements.mac.inherit.plist /Users/egorkalinichev/Projects/company/sources/desktop-client/dist/mac/Company AppName.app/Contents/Frameworks/Company AppName Helper EH.app/Contents/MacOS/Company AppName Helper EH
error: The specified item could not be found in the keychain.

    at ChildProcess.exithandler (child_process.js:206:12)
    at emitTwo (events.js:106:13)
    at ChildProcess.emit (events.js:191:7)
    at maybeClose (internal/child_process.js:877:16)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:226:5)
From previous event:
    at /Users/egorkalinichev/Projects/company/sources/desktop-client/node_modules/electron-osx-sign-tf/index.js:429:18
    at runCallback (timers.js:574:20)
    at tryOnImmediate (timers.js:554:5)
    at processImmediate [as _immediateCallback] (timers.js:533:5)
From previous event:
    at /Users/egorkalinichev/Projects/company/sources/desktop-client/node_modules/electron-osx-sign-tf/index.js:423:27
From previous event:
    at signApplicationAsync (/Users/egorkalinichev/Projects/company/sources/desktop-client/node_modules/electron-osx-sign-tf/index.js:395:6)
    at /Users/egorkalinichev/Projects/company/sources/desktop-client/node_modules/electron-osx-sign-tf/index.js:564:14
    at /Users/egorkalinichev/Projects/company/sources/desktop-client/node_modules/graceful-fs/graceful-fs.js:43:10
    at FSReqWrap.oncomplete (fs.js:123:15)
From previous event:
    at Function.signAsync (/Users/egorkalinichev/Projects/company/sources/desktop-client/node_modules/electron-osx-sign-tf/index.js:556:6)
    at MacPackager.<anonymous> (/Users/egorkalinichev/Projects/company/sources/desktop-client/node_modules/electron-builder/src/macPackager.ts:183:21)
    at next (native)
From previous event:
    at tsAwaiter (/Users/egorkalinichev/Projects/company/sources/desktop-client/node_modules/electron-builder/src/util/awaiter.ts:10:47)
    at MacPackager.sign (/Users/egorkalinichev/Projects/company/sources/desktop-client/node_modules/electron-builder/out/macPackager.js:82:16)
    at nonMasPromise.doPack.then (/Users/egorkalinichev/Projects/company/sources/desktop-client/node_modules/electron-builder/src/macPackager.ts:78:26)
    at runCallback (timers.js:574:20)
    at tryOnImmediate (timers.js:554:5)
    at processImmediate [as _immediateCallback] (timers.js:533:5)
From previous event:
    at MacPackager.<anonymous> (/Users/egorkalinichev/Projects/company/sources/desktop-client/node_modules/electron-builder/src/macPackager.ts:78:10)
    at next (native)
From previous event:
    at tsAwaiter (/Users/egorkalinichev/Projects/company/sources/desktop-client/node_modules/electron-builder/src/util/awaiter.ts:10:47)
    at Object.build (/Users/egorkalinichev/Projects/company/sources/desktop-client/node_modules/electron-builder/out/builder.js:138:12)
    at resolveIdentities.then (/Users/egorkalinichev/Projects/company/sources/desktop-client/src/osx-builder/builder.js:34:32)
  cause: 
   { Error: Command failed: codesign --sign Developer ID Application: Company (AA1234BB12) --force --keychain /var/folders/_1/11l20kxn5lvfv1zbkg56hpsc0000gp/T/electron-builder-qu4Gaj/t-df40-0.keychain --entitlements /Users/egorkalinichev/Projects/company/sources/desktop-client/build/entitlements.mac.inherit.plist /Users/egorkalinichev/Projects/company/sources/desktop-client/dist/mac/Company AppName.app/Contents/Frameworks/Company AppName Helper EH.app/Contents/MacOS/Company AppName Helper EH
   error: The specified item could not be found in the keychain.

       at ChildProcess.exithandler (child_process.js:206:12)
       at emitTwo (events.js:106:13)
       at ChildProcess.emit (events.js:191:7)
       at maybeClose (internal/child_process.js:877:16)
       at Process.ChildProcess._handle.onexit (internal/child_process.js:226:5)
     killed: false,
     code: 1,
     signal: null,
     cmd: 'codesign --sign Developer ID Application: Company (AA1234BB12) --force --keychain /var/folders/_1/11l20kxn5lvfv1zbkg56hpsc0000gp/T/electron-builder-qu4Gaj/t-df40-0.keychain --entitlements /Users/egorkalinichev/Projects/company/sources/desktop-client/build/entitlements.mac.inherit.plist /Users/egorkalinichev/Projects/company/sources/desktop-client/dist/mac/Company AppName.app/Contents/Frameworks/Company AppName Helper EH.app/Contents/MacOS/Company AppName Helper EH' },
  isOperational: true,
  killed: false,
  code: 1,
  signal: null,
  cmd: 'codesign --sign Developer ID Application: Company (AA1234BB12) --force --keychain /var/folders/_1/11l20kxn5lvfv1zbkg56hpsc0000gp/T/electron-builder-qu4Gaj/t-df40-0.keychain --entitlements /Users/egorkalinichev/Projects/company/sources/desktop-client/build/entitlements.mac.inherit.plist /Users/egorkalinichev/Projects/company/sources/desktop-client/dist/mac/Company AppName.app/Contents/Frameworks/Company AppName Helper EH.app/Contents/MacOS/Company AppName Helper EH' }

To debug this, I put a breakpoint inside electron-builder and copied keychain and password. When I open it in Keychain Access and not provide CSC_LINK, application builds successfully, so it's definitely not problem with certificate itself.

Also I put breakpoint in electron-osx-sign-tf and checked that the keychain exists and has certificates right before it's used. It is clearly visible from the log too.

In fact, I think that it's something in electron-osx-sign-tf, but I was unable to figure out what is going wrong and why. I actually paused the execution and run exactly same codesign command manually and it succeeded.

[develar]

It is not time issue, since we correctly find valid cert after import.

Well, I guess it is some codesign Apple bug. You both have company certs, as far I see :) Please see http://stackoverflow.com/a/19160225/1910191 — do you understand the answer, does it help you?

[ekalinichev]

There is a valid Apple Worldwide Certification Authority cert in electron_builder_root_certs keychain, that is added during the build. Not sure what I should do with it (I had no idea about macOS desktop development or iOS development approx week ago, so maybe I'm missing something obvious).

It can't be a codesign bug, because:

1. builder generates keychain and builds app
2. builder is stopped by breakpoint
3. I issue the same codesign command manually
4. It works (app is signed).

So it might be something with how codesign is called by builder. Unsafe arguments or something? Is it possible?

[develar]

So it might be something with how codesign is called by builder. Unsafe arguments or something? Is it possible?

No. It is not *** Windows. But env maybe different. Compare process.env (debugger) and env (terminal).

[ekalinichev]

Good idea, I checked env in terminal and env inside script. Exactly the same, except _ and the DEBUG=*, but it fails when I unset it too.

[develar]

@jatt Do you have another cert? Could you please try to sign using different cert?

[ekalinichev]

@develar thanks for your advice, I did more testing with other certificate, and nothing changed.

Though I was able to find something else: if I pass CSC_LINK and CSC_CERT_PASSWORD, everything works. If I pass the same p12 in base64 string and password via programmatic API it fails as described before. I'm checking now, maybe there's something wrong with a way I read this base64 string. It's hard to do it wrong, though.

To clarify: I programmatically generate p12 using node-forge, but when I talk about CSC_LINK above, it links to p12 generated by my code and it works correctly this way, so it's not broken p12.

[ekalinichev]

@Mossop I think I figured what is the problem. Something very close to this is discussed in this SO question: http://stackoverflow.com/questions/39868578/security-codesign-in-sierra-keychain-ignores-access-control-settings-and-ui-p

Indeed, it seems that only Keychain Access.app knows how to properly unlock keychain. Here's what I did:

1. Put a breakpoint in electron-builder/out/codeSign.js at line 68 (importCerts function)

2. At a breakpoint keychain is already created, so I just opened temporary keychain in Keychain Access.app or run following command:

   security set-key-partition-list -S apple-tool:,apple: -s -k keychainPass keychainName
   

3. When I resumed execution, app was signed successfully.

Unfortunately, it doesn't count as workaround, because I need it to work on CI server. So I will continue to investigate issue, and will try to submit PR with fix and test some time next week.

[danielbuechele]

I am running in the same bug running on Travis (macOS 10.12)
https://travis-ci.org/danielbuechele/GoofyForWork#L556
Switching to macOS 10.11 fixes the problem. Travis offers different platforms: https://docs.travis-ci.com/user/languages/objective-c/#Supported-Xcode-versions

[ariporad]

Hello all,

I'm running in to the same problem. Switching back to OS X 10.11 seems to have fixed it.

Is there any way to get this to work on macOS Sierra?

Thanks!

[neurosnap]

My CI server builds the application fine (10.11), but on my dev machine using macOS Sierra 10.12.2 it doesn't work.

  electron-builder /Users/erock/notion/desktop/node_modules/7zip-bin-mac/7za (21988) exited with code 0 +1s
node_modules/windows-shortcuts-appid is not packed into asar archive - contains executable code
  electron-builder Executing security find-identity -v /var/folders/qf/jm643rrn5sqc3zcn85hvty6c0000gn/T/electron-builder-yXnMic/t-55dd-0.keychain +116ms
  electron-builder Executing security find-identity -v -p codesigning /var/folders/qf/jm643rrn5sqc3zcn85hvty6c0000gn/T/electron-builder-yXnMic/t-55dd-0.keychain +3ms
  1) 68989144DA1E68EBD47B05BA67C04D291637E580 "Developer ID Application: Company AI, Inc. (6SF49XZ6MH)"
     1 valid identities found

  1) 68989144DA1E68EBD47B05BA67C04D291637E580 "Developer ID Application: Company AI, Inc. (6SF49XZ6MH)"
     1 valid identities found

Signing app (identity: Developer ID Application: Company AI, Inc. (6SF49XZ6MH))

Error: Exit code: 1. Command failed: codesign --sign Developer ID Application: Company AI, Inc. (6SF49XZ6MH) --force --keychain /var/folders/qf/jm643rrn5sqc3zcn85hvty6c0000gn/T/electron-builder-yXnMic/t-55dd-0.keychain /Users/erock/notion/desktop/dist/mac/Notion.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework
error: The specified item could not be found in the keychain.

error: The specified item could not be found in the keychain.

    at /Users/erock/notion/desktop/node_modules/electron-osx-sign-tf/util.js:69:16

[develar]

electron-osx-sign-tf

@neurosnap It seems your electron-builder is old. Please upgrade to latest version (unlikely it will help, but just to be sure).

[neurosnap]

This is with the identical CSC_LINK and CSC_KEY_PASSWORD as my jenkins server.

Error: Command failed: codesign --sign Developer ID Application: Company AI, Inc. (6SF49XZ6MH) --force --keychain /var/folders/qf/jm643rrn5sqc3zcn85hvty6c0000gn/T/electron-builder-5NNSnv/0-1.keychain /Users/erock/notion/desktop/dist/mac/Notion.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework
error: The specified item could not be found in the keychain.

    at ChildProcess.exithandler (child_process.js:206:12)
    at emitTwo (events.js:106:13)
    at ChildProcess.emit (events.js:191:7)
    at maybeClose (internal/child_process.js:877:16)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:226:5)
From previous event:
    at MacPackager.sign (/Users/erock/notion/desktop/node_modules/electron-builder/out/macPackager.js:290:11)
    at /Users/erock/notion/desktop/node_modules/electron-builder/src/macPackager.ts:86:26
From previous event:
    at /Users/erock/notion/desktop/node_modules/electron-builder/src/macPackager.ts:86:10
    at next (native)
From previous event:
    at MacPackager.pack (/Users/erock/notion/desktop/node_modules/electron-builder/out/macPackager.js:185:11)
    at /Users/erock/notion/desktop/node_modules/electron-builder/src/packager.ts:161:22
From previous event:
    at Packager.doBuild (/Users/erock/notion/desktop/node_modules/electron-builder/out/packager.js:296:11)
    at /Users/erock/notion/desktop/node_modules/electron-builder/src/packager.ts:129:38
    at next (native)
    at runCallback (timers.js:637:20)
    at tryOnImmediate (timers.js:610:5)
    at processImmediate [as _immediateCallback] (timers.js:582:5)
From previous event:
    at Packager.build (/Users/erock/notion/desktop/node_modules/electron-builder/out/packager.js:248:11)
    at /Users/erock/notion/desktop/node_modules/electron-builder/src/builder.ts:250:40
    at next (native)
From previous event:
    at build (/Users/erock/notion/desktop/node_modules/electron-builder/out/builder.js:90:21)
    at Object.<anonymous> (/Users/erock/notion/desktop/node_modules/electron-builder/out/cli/build-cli.js:68:41)
    at Module._compile (module.js:570:32)
    at Object.Module._extensions..js (module.js:579:10)
    at Module.load (module.js:487:32)
    at tryModuleLoad (module.js:446:12)
    at Function.Module._load (module.js:438:3)
    at Module.runMain (module.js:604:10)
    at run (bootstrap_node.js:394:7)
    at startup (bootstrap_node.js:149:9)
    at bootstrap_node.js:509:3

[JiaHenry]

I got a similar problem after upgrade Mac OS to 10.12.2.

I used CSC_LINK with file:///***.p12 along with CSC_KEY_PASSWORD and it works fine before upgrade.

Related log information FYI:

electron-builder Executing security import ....
1 identity imported.

electron-builder Executing security find-identity -v /Applications/.../t-3de-0.keychain
electron-builder Executing security find-identity -v -p codesigning /Applications/.../t-3de-0.keychain

1. C4A0 "Developer ID Application: **** inc. ()"
   1 valid identities found

2. C4A0 "Developer ID Application: **** inc. ()"
   1 valid identities found

Signing app (identity: Developer ID Application: **** inc. (***))

Error: Command failed: codesign --sign Developer ID Application: **** () --force --keychain /Applications//t-3de-0.keychain ***
Developer ID Application: **** inc. (***): no identity found

[FJunior225]

Hello All,

Very similar situation for me...
Xcode - Version 8.2.1
Mac - Version 10.12.2 (Sierra)
Apple Worldwide Developer Relations Certification Authority is not expired.

Here is some of the debug log...

Atlas [feature/DEVGRU-688/electron-auto-updater] :> npm run package-mac

> [email protected] package-mac /Users/fcollins/Development/Atlas
> build --mac

  electron-builder Executing security list-keychains +0ms
Skip app dependencies rebuild because npmRebuild is set to false
Packaging for darwin x64 using electron 1.4.15 to dist/mac
    "/Users/fcollins/Library/Caches/electron-builder/electron-builder-root-certs.keychain"
    "/Users/fcollins/Library/Keychains/login.keychain-db"
    "/Library/Keychains/System.keychain"
    "/Library/Keychains/System.keychain"
    "/Library/Keychains/System.keychain"

  electron-builder Executing security create-keychain -p 578622a5543b7930 /var/folders/ng/8ys68dns3nq9wzg6ws11h2j8nx3v4s/T/electron-builder-TpYgOz/0-1.keychain +254ms
  electron-builder Executing security unlock-keychain -p 578622a5543b7930 /var/folders/ng/8ys68dns3nq9wzg6ws11h2j8nx3v4s/T/electron-builder-TpYgOz/0-1.keychain +60ms
  electron-builder Executing security set-keychain-settings -t 3600 -u /var/folders/ng/8ys68dns3nq9wzg6ws11h2j8nx3v4s/T/electron-builder-TpYgOz/0-1.keychain +56ms
  electron-builder Executing security import /var/folders/ng/8ys68dns3nq9wzg6ws11h2j8nx3v4s/T/electron-builder-TpYgOz/0-2.p12 -k /var/folders/ng/8ys68dns3nq9wzg6ws11h2j8nx3v4s/T/electron-builder-TpYgOz/0-1.keychain -T /usr/bin/codesign -T /usr/bin/p8364cf9ef03fd66a8b249b4bf565ed2c8c73e02a5f56b56a03a373f82f07d23e (sha256 hash) -P devgru123 +995ms
1 identity imported.

  electron-builder Spawning /Users/fcollins/Development/Atlas/node_modules/7zip-bin-mac/7za x -bd /Users/fcollins/.electron/electron-v1.4.15-darwin-x64.zip -o/Users/fcollins/Development/Atlas/dist/mac +224ms

7-Zip (a) [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21
p7zip Version 16.02 (locale=utf8,Utf16=on,HugeFiles=on,64 bits,8 CPUs x64)

Scanning the drive for archives:
1 file, 42120203 bytes (41 MiB)

Extracting archive: /Users/fcollins/.electron/electron-v1.4.15-darwin-x64.zip
--
Path = /Users/fcollins/.electron/electron-v1.4.15-darwin-x64.zip
Type = zip
Physical Size = 42120203

Everything is Ok

Folders: 143
Files: 180
Size:       112414322
Compressed: 42120203
 electron-builder /Users/fcollins/Development/Atlas/node_modules/7zip-bin-mac/7za (69322) exited with code 0 +1s
electron-builder Dev or extraneous dependencies: *** way too many
⚠️  Application icon is not set, default Electron icon will be used
  electron-builder Executing security find-identity -v /var/folders/ng/8ys68dns3nq9wzg6ws11h2j8nx3v4s/T/electron-builder-TpYgOz/0-1.keychain +6s
  electron-builder Executing security find-identity -v -p codesigning /var/folders/ng/8ys68dns3nq9wzg6ws11h2j8nx3v4s/T/electron-builder-TpYgOz/0-1.keychain +10ms
  1) *** "Developer ID Application: ***"
     1 valid identities found

  1) *** "Developer ID Application: ***"
     1 valid identities found

Signing app (identity: Developer ID Application: ***)

Error: Command failed: codesign --sign Developer ID Application: *** *** --force --keychain /var/folders/ng/8ys68dns3nq9wzg6ws11h2j8nx3v4s/T/electron-builder-TpYgOz/0-1.keychain /Users/fcollins/Development/Atlas/dist/mac/Atlas.app/Contents/Frameworks/Atlas Helper EH.app/Contents/MacOS/Atlas Helper EH
codesign(69330,0x7fffc554c3c0) malloc: *** error for object 0x578: pointer being freed was not allocated
*** set a breakpoint in malloc_error_break to debug

    at ChildProcess.exithandler (child_process.js:206:12)
    at emitTwo (events.js:106:13)
    at ChildProcess.emit (events.js:191:7)
    at maybeClose (internal/child_process.js:877:16)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:226:5)
From previous event:

CSC_LINK=***.p12

Going to try on another machine to test Sierra...

[FJunior225]

Package.json

"build": {
    "asar": true,
    "npmRebuild": false,
    "win": {
      "target": "nsis"
    },
    "nsis": {
      "oneClick": true,
      "warningsAsErrors": false,
      "perMachine": true
    },
    "publish": {
      "provider": "generic"
    }
  },
"devDependencies": {
    "electron": "^1.4.7",
    "electron-builder": "^11.4.4",
    "electron-debug": "^1.0.1",
    "electron-devtools-installer": "^2.0.1",
    "electron-installer-codesign": "~0.3.0",
    "electron-packager": "^8.5.0",
  },
  "dependencies": {
    "electron-auto-updater": "^1.0.0"
  },

[sethlu]

@FJunior225 from your issue I suppose codesign has a memory management issue itself... Would you mind codesigning only with electron-osx-sign and with DEBUG=electron-osx-sign exported too? I am slightly not sure of the exact arguments we passed into codesign that causes this issue.

[jwheare]

@ekalinichev did you get anywhere with sorting out a PR to fix the original problem in this issue?

[ekalinichev]

@jwheare unfortunately not. Wasn't able to move further than described in my previous comment

[jwheare]

OK, thanks for your investigation. I can also confirm that the issue is resolved for me by switching back to 10.11 (ox_image: xcode8 on travis)

[sethlu]

Hi @FJunior225 I feel like this is an issue with codesign rather than with electron-osx-sign as we utilizes codesign to sign the components and the app bundle.

I will have a check during the weekend and see why Trace/BPT trap: 5 came up from your local environment. Have you updated Xcode command line tools (which include codesign) after upgrading to macOS Sierra?

[develar]

Moved to backlog to keep issue list clear.

[aeneasr]

I'm running also in to the issue on CircleCI. Here's are the OSX specs: https://circleci.github.io/macos-image-tests/

Build fails with:

Signing app (identity: Developer ID Application: ORY GmbH (397DXXXXXX))
Error: Command failed: codesign --sign Developer ID Application: ORY GmbH (397DXXXXXX) --force --keychain /var/folders/jm/fw86rxds0xn69sk40d18y69m0000gp/T/electron-builder-JK1BlP/0-1.keychain /Users/distiller/sites-app/dist/mac/ORY Sites.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework
error: The specified item could not be found in the keychain.

edit:// the same environment vairables I used on circle ci work on my local machine.

edit2:// oh ok, if I remove the certificate from the keychain on my local machine, then the build fails with the same error.

[develar]

@arekkas please Open separate issue and please check that your p12 file contains not only cert, but private key also.

[aeneasr]

p12 file contains not only cert, but private key also.

That was it, thanks!

[thomasjm]

@ekalinichev , was it not sufficient to stick that magic command into the code signing process? I tried here:

https://github.com/thomasjm/electron-builder/commit/207689575c09bded78a9fab23e1c21d785fa6552

However, I'm having some trouble testing the fix, because I can't seem to build electron-builder. When I try running npm install inside the electron-builder folder, I get an ENOENT error for tsbabel/out/ts2jsdoc.js. If some electron-builder dev could help me out, maybe I could make this into a real PR.

[develar]

@thomasjm You send me direct message using slack.

I get an ENOENT error for tsbabel/out/ts2jsdoc.js

update to latest, remove node_modules, use yarn instead of npm.

[eriedl-kiban]

@thomasjm @develar Did you have any luck with that suggested fix? Our build machine was updated last weekend to Sierra and now the builds are failing with the Identity not found error. Upgrading to the latest electron-builder 16.6.1 does not seem to fix it. Thank you.

[develar]

@eriedl-kiban Interesting... electron-builder tests failed on new travis Xcode 8.3 image. Will check.

[thomasjm]

@eriedl-kiban I did not, I decided to just put the certificate on the mac's keychain as a workaround. I still think that fix should be straightforward to do though.

[neurosnap]

One of our build servers was upgraded to macOS Sierra and now electron-builder fails at this spot. Do we have any resolution on this error?

[develar]

@neurosnap Please file issue and I will try to fix it as soon as possible.

[godza]

Having the same issue. If i import those certificates into login keychain, everything is fine, even though i've set CSC_IDENTITY_AUTO_DISCOVERY to false.

OS: 10.12

[nlsrchtr]

If someone else stumbles across this issue, for me it's fixed with version 19.8.0.

[Nowaker]

@nlsrchtr Version 19.8.0 of what? Thanks.

[nlsrchtr]

@Nowaker With version 19.8.0 of electron-builder.

[NullEnt1ty]

For anyone running into this issue when building with a CI runner that was started using launchd:

The CI runner (GitHub Actions in my case) could not access the keychain. This was fixed by setting "SessionCreate" to "true" in the plist file. See this SO answer for more information.

[wisdomadzorgenu]

This Github guid shows how to install certificate in keychain.

https://docs.github.com/en/github-ae@latest/actions/guides/installing-an-apple-certificate-on-macos-runners-for-xcode-development

[hzwzw]

For any one who blocked by this issue.

  • signing         file=release/build/mac-arm64/myapp.app identityName=gdb-cert identityHash=43A51CC9591B279014FD22504A4615FD0F8B2ED1 provisioningProfile=none
  ⨯ Command failed: codesign --sign 43A51CC9591B279014FD22504A4615FD0F8B2ED1 --force --timestamp --options runtime --entitlements assets/entitlements.mac.plist /Users/user/Developer/df/df_desktop/release/build/mac-arm64/myapp.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Resources/am.lproj/locale.pak
error: The specified item could not be found in the keychain.
  failedTask=build stackTrace=Error: Command failed: codesign --sign 43A51CC9591B279014FD22504A4615FD0F8B2ED1 --force --timestamp --options runtime --entitlements assets/entitlements.mac.plist /Users/user/Developer/df/df_desktop/release/build/mac-arm64/myapp.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Resources/am.lproale.pak
error: The specified item could not be found in the keychain.

I checked all above and all is right. How do I fix?

Please note identityName=gdb-cert in the signing process. Somehow gdb-cert is an example name(like foo, bar), and I check in my keychain. there is already a gdb-cert and is expired. So in the next parse the codesign was failed.

Just delete the expired cert.