Mac App Store /Test Flight Issue: Can't be opened, apple cannot check it for malicious software | electronjs.org | Page 1

dull ember Jul 29, 2024, 3:05 PM

#

Hey Community

It's my first time submitting an App to the Mac App Store and while i was able to sucessfuly get it into TestFlight to test, when trying to open the app i am presented with "App Can't be opened because apple cannot check it for malicious software".

Long story short i belive this could be due to not running the Notarization process on the PGK file beforehand. The issue here is that when running electron-build i get two PKG files outputted.

PKG ONE: releases/app.pkg
PKG TWO: releases/mas-universal/app.pkg

The first pkg is able to pass Notarization but then fails when trying to verify it in Transporter to submit to the App Store for testing.
The second pkg fails Notarization but successes in Transporter.

I have more information on this issue here -> https://github.com/electron-userland/electron-builder/issues/8382 about the issues and if anyone has any experiance to sheare about submitting apps to the Mac App Store it would be much appriciated.

Cheers.

GitHub

Not able to Pass Transporter & Notarization with same .pkg file · I...

Help Request: Publishing to App Store Hey community 👋 I am trying to summit an electron build to the Mac App Store. And while all was going good and was able to get my App into TestFlight, upon ins...

spring hazel Jul 29, 2024, 3:50 PM

#

Hi, sorry but can I ask about an issue with my app I am trying to do the same thing but I had doubt regarding codesigning itself

dull ember Jul 29, 2024, 3:57 PM

#

Hi @spring hazel sure, i did see the issues you had posted and couldn't be sure if they were directly related. Are you seeing the same error message when trying to open your app ?

spring hazel Jul 30, 2024, 2:19 AM

#

yes if I dont sign the app I am able to open it. when I sign with Developer ID application and notarize it I am not able to open it.

dull ember Jul 30, 2024, 1:52 PM

#

Hi @spring hazel

After thorough research and numerous trials and errors, I was able to resolve the issues. When enabling the electron-builder notarization config option, I believe it sends the .app file for notarization first, and then this gets bundled inside the .pkg file. Initially, I was only notarizing the .pkg separately after the Electron build was completed.
Here are some config setting i have applied to get it work

mas: {
appId: "appID",
type: 'distribution',
cscLink: "path.to/cert.p12",
cscKeyPassword: 'password',
entitlements: 'path.to/entitlements.mas.plist',
entitlementsInherit: 'path.to/entitlements.mas.inherit.plist',
provisioningProfile: 'path.to/embedded.provisionprofile',
hardenedRuntime: false,
darkModeSupport: true,
target: ['mas'],
notarize: false,
notarize: {
teamId: 'your apple team Id',
},
target: [
{
target: 'mas',
},
],
},‘‘‘

#

Also, Something that caught me out in the beginning was the fact that I wasn't aware you could export multiple certificates from Keychain into a single .p12 file. This was causing issues at different stages of the build process.

spring hazel Jul 30, 2024, 2:10 PM

#

dull ember Also, Something that caught me out in the beginning was the fact that I wasn't a...

hi so there are 3 certificates.

Apple development.
Apple distribution.
Developer Id ---
should we use multiple or only one?

#

I created a unsigned Appname.app export and them used codesign with just the devloper Id certificate and notarized it by following this
https://forums.developer.apple.com/forums/thread/128166

dull ember Jul 31, 2024, 7:03 PM

#

Hi @spring hazel These certs looks correct, have you been able to get it singed and notarized ?

brisk basin Aug 1, 2024, 2:30 AM

#

2 certificates you need is:
3rd Party Mac Developer Installer a.k.a mac installer
Apple Distribution

#

You cannot open signed app, it only able to open by apple team and after publish to store

dull ember Aug 1, 2024, 10:37 AM

#

Hi @brisk basin and cheers for the info. Do you know if this would also be true for app's that are published to TestFlight that have been signing & notarized ? as when trying to open my app via TestFlight i get the following error

“.XXXXXXXXX.classer.A8PFaB” can’t be opened because Apple cannot check it for malicious software. ?

dull ember Aug 1, 2024, 2:22 PM

#

Hey @spring hazel sorry to miss your question on this, but i belive you will need to export multi certs in order to sucsessfuly publish the app.

brisk basin Aug 2, 2024, 9:37 AM

#

dull ember Hi <@566577469172351007> and cheers for the info. Do you know if this would also...

If app is from outside Apple Store, you have to find it in Finder ( usually in Application ) then control-click the app, choose Open from the menu, and in the dialog that appears, click Open. Enter your admin name and password when prompted. https://support.apple.com/en-us/HT202491

Apple Support

Safely open apps on your Mac - Apple Support

macOS includes a technology called Gatekeeper, that's designed to ensure that only trusted software runs on your Mac.

spring hazel Aug 3, 2024, 2:45 AM

#

hi, thx for the Info I will try

spring hazel Aug 3, 2024, 4:51 AM

#

hi if possible can yu share your electron builder config as an example?

brisk basin Aug 4, 2024, 3:49 AM

#

spring hazel hi if possible can yu share your electron builder config as an example?

in package.json:

"build": {
    "asar": true,
    "asarUnpack": [
      "**/node_modules/**/*.node"
    ],
    "publish": [
      {
        "provider": "github",
        "owner": "username",
        "repo": "reponame",
        "vPrefixedTagName": true,
        "releaseType": "draft",
        "publishAutoUpdate": false,
        "token": "ghp_000000000000000000"
      }
    ],
    "productName": "appname",
    "directories": {
      "buildResources": "build"
    },
    "files": [
      "**/*",
      "build/icons/256x256.png",
      "build/icons/icon.icns",
      {
        "from": "local-folder",
        "to": "remote-folder",
        "filter": [
          "**/*"
        ]
      }
    ],
    "extraFiles": [
      "local-folder"
    ],
    "appx": {
      "identityName": "your-indentity",
      "publisher": "CN=",
      "publisherDisplayName": "My App",
      "applicationId": "MyApp",
      "displayName": "MyApp"
    },
    "win": {
      "appId": "same-on-window-store",
      "target": [
        "nsis",
        "appx",
        "zip"
      ],
      "icon": "build/icons/256x256.png"
    },
    "mac": {
      "hardenedRuntime": false,
      "gatekeeperAssess": false,
      "appId": "same-on-apple-store",
      "category": "public.app-category.utilities" <https://developer.apple.com/app-store/categories/>,
      "provisioningProfile": "your.provisionprofile",
      "entitlements": "entitlements.mas.plist",
      "entitlementsInherit": "entitlements.mas.inherit.plist",
      "type": "distribution",
      "target": [
        {
          "target": "mas",
          "arch": [
            "universal"
          ]
        }
      ],
      "icon": "build/icons/icon.icns",
      "bundleVersion": "1" //increase after each upload to apple
    },
    "linux": {
      "category": "Utility" <https://specifications.freedesktop.org/menu-spec/latest/category-registry.html>,
      "target": [
        "AppImage",
        "deb"
      ]
    },
    "nsis": {
      "oneClick": "false",
      "allowToChangeInstallationDirectory": "true",
      "perMachine": "true"
    },
    "fileAssociations": [ //Check out at: https://www.electron.build/configuration/configuration.html#:~:text=the%20asar%20archive.-,fileAssociations,-Array%3CFileAssociation%3E%20%7C%20FileAssociation
      {
        "name": "YourApp HTML Document",
        "description": "YourApp",
        "ext": "html",
        "icon": "build/icons/icon.ico"
      },
      {
        "name": "YourApp WebP Image",
        "description": "YourApp WebP Image",
        "ext": "webp",
        "icon": "build/icons/icon.ico"
      }
    ]
  },

#Mac App Store /Test Flight Issue: Can't be opened, apple cannot check it for malicious software