APP_KEY and INSTALLER_KEY for MAS submission


#1

I’m finishing my app for Mac App Store submission. Everything is created and ready to go, yet I’m not 100% which goes into the APP_KEY and INSTALLER_KEY as explained in the tutorial on this page: http://electron.atom.io/docs/tutorial/mac-app-store-submission-guide/ .

I’m not using an installer either? Not sure tho if the INSTALLER_KEY is still needed then.

It’s about these 2 lines:

APP_KEY="3rd Party Mac Developer Application: Company Name (APPIDENTITY)"
INSTALLER_KEY=“3rd Party Mac Developer Installer: Company Name (APPIDENTITY)”

In what manner do I fill these correctly?


#2

I found the APP_KEY in my Keychain. Sadly can’t find the installer key.


#3

Even tho I’m using the exact certificate name in the Keychain. The script still says it’s not found:

3rd Party Mac Developer Application: (): no identity found


#4

Managed to request a certificate for the installer in the developers center.

It makes the installer but the script still complains that the application certificate is wrong.

When running the installer it says it’s done, but has installed nothing.


#5

Managed to make it work by full re-requesting an application certificate after reading this: https://discussions.apple.com/thread/3819910?start=0&tstart=0

Now it’s giving permission errors files in the Electron framework:

… /Electron Framework.framework/Versions/A/Libraries/libffmpeg.dylib.cstemp


#6

The app now fully fatals. The signing script returns the following (output anonymized):

/Users/username/Desktop/My App Name With Spaces/My App Name With Spaces.app/Contents/Frameworks/Electron Framework.framework: replacing existing signature
/Users/username/Desktop/My App Name With Spaces/My App Name With Spaces.app/Contents/Frameworks/Electron Helper.app/: replacing existing signature
/Users/username/Desktop/My App Name With Spaces/My App Name With Spaces.app/Contents/Frameworks/Electron Helper EH.app/: replacing existing signature
/Users/username/Desktop/My App Name With Spaces/My App Name With Spaces.app/Contents/Frameworks/Electron Helper NP.app/: replacing existing signature
/Users/username/Desktop/My App Name With Spaces/My App Name With Spaces.app/Contents/MacOS/Electron: code object is not signed at all
In subcomponent: /Users/username/Desktop/My App Name With Spaces/My App Name With Spaces.app/Contents/Frameworks/Mantle.framework
/Users/username/Desktop/My App Name With Spaces/My App Name With Spaces.app: code object is not signed at all
In subcomponent: /Users/username/Desktop/My App Name With Spaces/My App Name With Spaces.app/Contents/Frameworks/Mantle.framework
productbuild: Adding component at /Users/username/Desktop/My App Name With Spaces/My App Name With Spaces.app
productbuild: Signing product with identity “3rd Party Mac Developer Installer: My Name (AppIdentifier)” from keychain /Users/username/Library/Keychains/login.keychain
productbuild: Adding certificate "Apple Worldwide Developer Relations Certification Authority"
productbuild: Adding certificate "Apple Root CA"
productbuild: Wrote product to /Users/username/Desktop/My App Name With Spaces/My App Name With Spaces.pkg
productbuild: Supported OS versions: [10.9.0, )

What am I doing wrong? The app that installs from the .pkg into /Applications crashes instantly and the contents are complaining about rights. The Info.plist file is corrupt too. While running the app before signing/packaging it has no issues whatsoever.

Please help me :frowning: . I spent so much time into the development of my app. This is the last thing that withholds me from submitting it to the store ;(


#7

Not sure how much I may help but it seems that it’s darwin build that you’re using with Electron, as Mantle.framework shouldn’t really be there for a mas build I think.

However, some advice here on code signing from me:

  • .cstemp files are created while code signing and may be left in a directory if it’s aborted in midway. So far I believe it’s safe to remove them if discovered anywhere in the app bundle because it’s removed anyway after a successful codesign.
  • APP_KEY and INSTALLER_KEY are there for signing off your app bundle and your installer package. For a MAS app, an installer’s sent to Apple for review, so: An app bundle’s code signed by the APP_KEY first (with codesign), and then packed with productbuild with INSTALLER_KEY just to verify that the installer’s as well protected with integrity.
  • If the either/neither of the keys are found in your keychain, you may obtain them from Apple Developer, the website, or from Xcode I think; but the two are both required in order to complete a MAS submission.

I suggest taking a look at electron-osx-sign just to save some hassle with setting up each step as ElectronTeamID is recommended now with version >= 1.1.1. May file an issue there or reply down here if needing extra help. Cheers!


#8

Thank you for your reply sethlu. I indeed tried electron-osx-sign and did some other modifications with the mas build and got it to work. Luckily there was nothing wrong with the certificates, but it seemed that the signing process was illegally declining parts of the darwin build signing them with the mas certificates. One of the most prominent problems is the deprecation of QuickTime in the MAS making the darwin build instantly be rejected.

All is fine now luckily. Thanks again!