I have created an Electron app (for Mac desktop environment) and packaged it into a .app executable. While I proceed to signing and notarising the app, I run into a situation where I need to sign the embedded node binaries within the .app file as well (else notarisation process fails). However, when I sign the node binaries within the .app file, the app fails to launch thereafter.
Here is how my signing sequence is:
- Individually sign the embedded binaries in the .app file, using > codesign --force --verbose --options=runtime --sign "XXXXXXXXXX" "MyApp.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libnode.dylib"
Note - There are several others, that I am omitting for the sake of brevity here.
- Once I have signed Mac of the embedded binaries, then I sign the .app file, using > codesign --force --verbose --options=runtime --deep --sign "XXXXXXXXXX" MyApp.app
However, at this stage, the MyApp.app fails to launch!
I have also done the following, with no issues:
- Verify signing using > codesign --verify -vvvv MyApp.app
- Test and validate the signed app, using > spctl -a -vvvv MyApp.app
If I proceed to notarize the app, it succeeds as well.
My main question is, what is the correct method to sign a .app executable, that has embedded binaries (like node libs / binaries) required to be signed as well (in order to complete the notarisation process successfully).
