Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue with complex nested bundle(with e04ddb2 fix) #171

Open
Yuuon opened this issue Nov 11, 2024 · 0 comments
Open

Issue with complex nested bundle(with e04ddb2 fix) #171

Yuuon opened this issue Nov 11, 2024 · 0 comments

Comments

@Yuuon
Copy link

Yuuon commented Nov 11, 2024

Hi there,
Mentioned in #149 , we still have an issue when trying to notary our application with a new in-Unity browser plugin, which is heavily nested, with a file structure like:

VuplexWebViewMac.bundle
  |-- Contents
     |-- MacOS
       |-- VuplexWebViewMac
     |-- Frameworks
       |-- Vuplex WebView.app
         |-- Contents
           |-- MacOS
             |-- Vuplex WebView
           |-- Frameworks
             |-- Vuplex WebView Helper (GPU).app
               |-- Contents
                 |-- MacOS
                   |-- Vuplex WebView Helper (GPU)
             |-- Vuplex WebView Helper (Plugin).app
               |-- Contents
                 |-- MacOS
                   |-- Vuplex WebView Helper (Plugin)
             |-- Vuplex WebView Helper (Renderer).app
               |-- Contents
                 |-- MacOS
                   |-- Vuplex WebView Helper (Renderer)
             |-- Vuplex WebView Helper.app
               |-- Contents
                 |-- Mac OS
                   |-- Vuplex WebView Helper

Before we import the plugin, the notarization with this tool works fine.

Here are more details:
OS: Ubuntu 22.04;
Reproduce steps:

  1. Install latest cargo and rustc;
  2. Use cargo install --git https://github.com/indygreg/apple-platform-rs --branch main apple-codesign to install the latest version from main branch;
  3. With an application already built, run command:
rcodesign sign --for-notarization \
-e [path_to_entitlements] \
--code-signature-flags runtime \
--p12-file [path_to_p12_file] --p12-password-file [path_to_pwd_file] \
./Application.app

then:

rcodesign notary-submit \
--api-key-file [path_to_appstoreconnectkey] \
--staple \
Application.app

During the code sign, several messages related to this plugins show:

entering nested bundle Contents/PlugIns/VuplexWebViewMac.bundle/Contents/Frameworks/Vuplex WebView.app
signing bundle at ./Application.app/Contents/PlugIns/VuplexWebViewMac.bundle/Contents/Frameworks/Vuplex WebView.app into ./Application.app/Contents/PlugIns/VuplexWebViewMac.bundle/Contents/Frameworks/Vuplex WebView.app
could not find main executable of presumed nested bundle: Contents/Frameworks/Vuplex WebView Helper (GPU).app
could not find main executable of presumed nested bundle: Contents/Frameworks/Vuplex WebView Helper (Plugin).app
could not find main executable of presumed nested bundle: Contents/Frameworks/Vuplex WebView Helper (Renderer).app
could not find main executable of presumed nested bundle: Contents/Frameworks/Vuplex WebView Helper.app
signing Mach-O file Contents/MacOS/Vuplex WebView
creating cryptographic signature with certificate [certification Info]
bundle has no main executable to sign specially
leaving nested bundle Contents/PlugIns/VuplexWebViewMac.bundle/Contents/Frameworks/Vuplex WebView.app

and

entering nested bundle Contents/PlugIns/VuplexWebViewMac.bundle
signing bundle at ./Application.app/Contents/PlugIns/VuplexWebViewMac.bundle into ./Application.app/Contents/PlugIns/VuplexWebViewMac.bundle
could not find main executable of presumed nested bundle: Contents/Frameworks/Vuplex WebView.app
signing main executable Contents/MacOS/VuplexWebViewMac
creating cryptographic signature with certificate [certification Info]
creating cryptographic signature with certificate [certification Info]
leaving nested bundle Contents/PlugIns/VuplexWebViewMac.bundle

The most suspect thing is it's saying that could not find main executable in the nested bundle, but actually every bundle/app in this plugin has one.

And the notary result is still failed, same as what I've mentioned in #149 :

notary log>     {
notary log>       "architecture": "arm64",
notary log>       "code": null,
notary log>       "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087735",
notary log>       "message": "The signature of the binary is invalid.",
notary log>       "path": "Application.app.zip/Application.app/Contents/PlugIns/VuplexWebViewMac.bundle/Contents/MacOS/VuplexWebViewMac",
notary log>       "severity": "error"
notary log>     },
notary log>     {
notary log>       "architecture": "x86_64",
notary log>       "code": null,
notary log>       "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087735",
notary log>       "message": "The signature of the binary is invalid.",
notary log>       "path": "Application.app.zip/Application.app/Contents/PlugIns/VuplexWebViewMac.bundle/Contents/Frameworks/Vuplex WebView.app/Contents/MacOS/Vuplex WebView",
notary log>       "severity": "error"
notary log>     },

I just put part of the message here, the same error also happens for Vuplex WebView Helper, Vuplex WebView Helper (Plugin), Vuplex WebView Helper (GPU), Vuplex WebView Helper (Renderer), VuplexWebViewMac(just every Mach-O files in the bundle).

Using native method to codesign/notary the same application on Mac directly, code sign the nested bundle level by level works fine.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Yuuon