How do I code sign an Electron app before bundling it (for Mac)?

Question

I am developing an Electron application for Mac OS X. I am attempting to test its auto-update feature while developing locally, prior to bundling it as a .app.

I have a built one initial version of my application, Foo.app, along with a .dmg and .zip, using the electron-builder module, to use as the update. I have hosted these files. I have verified that they install and run correctly. And I have a Squirrel server, running locally, that will return a correct JSON payload pointing to that .zip.

For developing my application locally, I am using Webpack to transpile my web assets, and using [email protected] to launch those assets in Electron. In other words, when developing locally, I am not launching the bundled .app; I am launching a dev server and serving those assets in Electron. The process is similar to running $ electron ..

The problem occurs when the auto-update hook is called, at this line:

autoUpdater.setFeedURL(feedURL)

This line raises an Electron error that says:

"Could not get code signature for running application."

OK, so I do a search and see that there are a handful of guides that explain how to code sign an application:

• http://jbavari.github.io/blog/2015/08/14/codesigning-electron-applications/
• https://github.com/electron-userland/electron-osx-sign/wiki/1.-Getting-Started
• https://discuss.atom.io/t/electron-app-signing-procedure/19124

But, these indicate that I should code sign the .app. As I have stated, I am trying to test auto-update before I bundle it as a .app. I would prefer not to rebuild again and again until I get auto-update working correctly.

So I do another search and see there are several forum questions that are more-or-less the same as what I am asking:

• https://discuss.atom.io/t/problem-with-auto-updater/14537
• https://discuss.atom.io/t/could-not-get-code-signature-for-running-application/30405
• https://github.com/electron/electron/issues/7476

I'm having trouble grokking the solution from digging through these threads. I'm hoping someone can give me a clear solution to signing an Electron app before bundling it.

---

For an answer, I am hoping to get a clear answer on all of these:

• Is it possible to code sign my Electron app prior to bundling it as a .app? I.e., the files that I would launch with $ electron .?
• If yes, how?
• If not, why? And is there any way to speed up testing this?

Answer 1

Long shot and I have not verified this.

Squirrel.Mac checks the signing of the currently running application[1], this is the AppName.app/Contents/MacOS/AppName executable when you are running a packaged app. Which basically is a renamed electron executable.

But when you run electron . it will run the executable from your node/bin directory. Electron is not signed by default, so if you sign it the auto updater might succeed with the cert check.

So basically:

1. Find electron: which electron
2. Change working directory to the electron path
3. Sign electron with codesign -s "Developer ID Application: YourCompanyName" electron
4. Validate the code signature with codesign -dvvv electron

Hopefully that should cut it.