Asset validation failed. Invalid product archive. #327
Comments
|
I encountered the same issue, and downgrading to version 1.3.0 worked for me. #328 |
appreciate the heads up, was stuck in this for a whole day! |
|
I've faced the same issue. Downgrading to version |
|
It seems there is regression 51531f1 |
|
Thanks for the heads-up @mahnunchik. I'll assign this issue to myself and see what the best solution is here. |
|
The regression seems related to this (from the manpage of
|
|
I raised this on stackoverflow (https://stackoverflow.com/questions/78265335/invalid-product-archive-metadata-when-uploading-electron-app-to-mac-app-store-us/78266218#78266218) and figured out the solution myself. I end up making the following changes in my local copy to get it work on Mac App Store. type.ts - adding product options, which points to a product_definition.plist type OnlyFlatOptions = {
identityValidation?: boolean;
install?: string;
pkg?: string;
scripts?: string;
product?:string;
};The product_definition.plist looks like this <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>os</key>
<array>
<string>10.11.0</string>
</array>
</dict>
</plist>flat.ts - adding --identifier, --version and --product args to productbuild. Added import "plist" and "fs-extra" packages async function buildApplicationPkg (opts: ValidatedFlatOptions, identity: Identity) {
const componentPkgPath = path.join(path.dirname(opts.app), path.basename(opts.app, '.app') + '.pkg');
const pkgbuildArgs = ['--install-location', opts.install, '--component', opts.app, componentPkgPath];
if (opts.scripts) {
pkgbuildArgs.unshift('--scripts', opts.scripts);
}
await execFileAsync('pkgbuild', pkgbuildArgs);
const appInfoPath = path.join(getAppContentsPath(opts), 'Info.plist');
const appInfoContents = await fs.readFile(appInfoPath, 'utf8');
const appInfo = plist.parse(appInfoContents) as Record<string, any>;
const version = appInfo["CFBundleShortVersionString"] as string;
const identifier = appInfo["CFBundleIdentifier"] as string;
const args = [
'--package', componentPkgPath,
opts.install,
...(identifier ? ['--identifier', identifier,] : []),
...(version ? ['--version', version,] : []),
'--sign', identity.name,
...(opts.product ? ['--product', opts.product,] : []),
opts.pkg
];
if (opts.keychain) {
args.unshift('--keychain', opts.keychain);
}
debugLog('Flattening... ' + opts.app);
await execFileAsync('productbuild', args);
await execFileAsync('rm', [componentPkgPath]);
}There were also some changes regarding preAutoEntitlements. sign.ts - only apply preAutoEntitlements to top level app bundle async function signApplication (opts: ValidatedSignOptions, identity: Identity) {
function shouldIgnoreFilePath (filePath: string) {
if (opts.ignore) {
return opts.ignore.some(function (ignore) {
if (typeof ignore === 'function') {
return ignore(filePath);
}
return filePath.match(ignore);
});
}
return false;
}
const children = await walkAsync(getAppContentsPath(opts));
if (opts.binaries) children.push(...opts.binaries);
const args = ['--sign', identity.hash || identity.name, '--force'];
if (opts.keychain) {
args.push('--keychain', opts.keychain);
}
/**
* Sort the child paths by how deep they are in the file tree. Some arcane apple
* logic expects the deeper files to be signed first otherwise strange errors get
* thrown our way
*/
children.sort((a, b) => {
const aDepth = a.split(path.sep).length;
const bDepth = b.split(path.sep).length;
return bDepth - aDepth;
});
for (const filePath of [...children, opts.app]) {
if (shouldIgnoreFilePath(filePath)) {
debugLog('Skipped... ' + filePath);
continue;
}
const perFileOptions = await mergeOptionsForFile(
opts.optionsForFile ? opts.optionsForFile(filePath) : null,
defaultOptionsForFile(filePath, opts.platform)
);
// preAutoEntitlements should only be applied to the top level app bundle.
// Applying it other files will cause the app to crash and be rejected by Apple.
if (!filePath.includes('.app/')) {
if (opts.preAutoEntitlements === false) {
debugWarn('Pre-sign operation disabled for entitlements automation.');
} else {
debugLog(
'Pre-sign operation enabled for entitlements automation with versions >= `1.1.1`:',
'\n',
'* Disable by setting `pre-auto-entitlements` to `false`.'
);
if (!opts.version || compareVersion(opts.version, '1.1.1') >= 0) {
// Enable Mac App Store sandboxing without using temporary-exception, introduced in Electron v1.1.1. Relates to electron#5601
const newEntitlements = await preAutoEntitlements(opts, perFileOptions, {
identity,
provisioningProfile: opts.provisioningProfile
? await getProvisioningProfile(opts.provisioningProfile, opts.keychain)
: undefined
});
// preAutoEntitlements may provide us new entitlements, if so we update our options
// and ensure that entitlements-loginhelper has a correct default value
if (newEntitlements) {
perFileOptions.entitlements = newEntitlements;
}
}
}
}
debugLog('Signing... ' + filePath);
const perFileArgs = [...args];
if (perFileOptions.requirements) {
if (perFileOptions.requirements.charAt(0) === '=') {
perFileArgs.push(`-r${perFileOptions.requirements}`);
} else {
perFileArgs.push('--requirements', perFileOptions.requirements);
}
}
if (perFileOptions.timestamp) {
perFileArgs.push('--timestamp=' + perFileOptions.timestamp);
} else {
perFileArgs.push('--timestamp');
}
let optionsArguments: string[] = [];
if (perFileOptions.signatureFlags) {
if (Array.isArray(perFileOptions.signatureFlags)) {
optionsArguments.push(...perFileOptions.signatureFlags);
} else {
const flags = perFileOptions.signatureFlags.split(',').map(function (flag) {
return flag.trim();
});
optionsArguments.push(...flags);
}
}
if (perFileOptions.hardenedRuntime || optionsArguments.includes('runtime')) {
// Hardened runtime since darwin 17.7.0 --> macOS 10.13.6
if (compareVersion(osRelease, '17.7.0') >= 0) {
optionsArguments.push('runtime');
} else {
// Remove runtime if passed in with --signature-flags
debugLog(
'Not enabling hardened runtime, current macOS version too low, requires 10.13.6 and higher'
);
optionsArguments = optionsArguments.filter((arg) => {
return arg !== 'runtime';
});
}
}
if (optionsArguments.length) {
perFileArgs.push('--options', [...new Set(optionsArguments)].join(','));
}
await execFileAsync(
'codesign',
perFileArgs.concat('--entitlements', perFileOptions.entitlements, filePath)
);
}
// Verify code sign
debugLog('Verifying...');
await verifySignApplication(opts);
debugLog('Verified.');
// Check entitlements if applicable
debugLog('Displaying entitlements...');
const result = await execFileAsync('codesign', [
'--display',
'--entitlements',
':-', // Write to standard output and strip off the blob header
opts.app
]);
debugLog('Entitlements:', '\n', result);
}My local copy is based on v1.1.0. I am not sure if any other things are difference since then. I also forgot how did I get the idea to make these changes earlier this year. |
|
🎉 This issue has been resolved in version 1.3.2 🎉 The release is available on: Your semantic-release bot 📦🚀 |
Node: v20.15.0
Electron: v31.1.0
Electron Forge: v7.4.0
Working on submitting a "mas" build to the Mac App Store. The build is packaged, code-signed and sandboxed correctly. However uploading the pkg file on Transporter for verification returns the following errors:
I have the latest version of Xcode and confirmed the app name, version, build number and build identifier are all correct. They are all appearing in the Info.plist file in the build app as expected.
Anyone having the same issue and/or have a fix?!
The text was updated successfully, but these errors were encountered: