Solid instructions for signing Mac apps (not for MAS)?


I’ve got an application built using electron-prebuilt v0.34 that is running as expected on OS X (10.10 for now), and I’m using electron-packager to bundle everything up into a distributable .app. If I were to just upload that for download by other parties I run into Gatekeeper’s warning that says that the app is damaged and can’t be opened, which is because it isn’t signed.

So I’ve tried what feels like a hundred different angles on properly signing the finished .app, and nothing has yielded fruit. For reference, I’ve spent most of my efforts trying to adapt this, this, and this. The app is not destined for the MAS, so I’m not worried about that, and the new instructions for 0.34 are already similar to what I’ve tried implementing above.

You can see my current script here: The issue always occurs on the last line, when I try to inspect the signed bundle with spctl -a -vvvv "$app". The result is

internal error in Code Signing subsystem

Maybe I’ve got some completely unrelated issue at play here, since I find virtually 0 references to that error online, but I’m hoping I’m just missing something else in the signing process. Without getting the app properly signed I can’t make it available for download to the general public, since I don’t expect people to change their Gatekeeper settings (and don’t want them to).

Anybody have a proven system, script, or steps that they’ve used to properly get their apps signed? Would looove to see someone’s work here!