Error: Failed to staple your application with code: 66. Cannot download ticket. CDHash must be set.

Question

Error: Failed to staple your application with code: 66. Cannot download ticket. CDHash must be set.

bihellzin opened this issue 2 years ago · 4 comments

I'm facing the error below when building and signing the application.

$ electron-forge make
✔ Checking your system
✔ Loading configuration
✔ Resolving make targets
  › Making for the following targets: zip, dmg, pkg
❯ Running package command
  ✔ Preparing to package application
✔ Loading configuration
✔ Resolving make targets
  › Making for the following targets: zip, dmg, pkg
❯ Running package command
  ✔ Preparing to package application
  ✔ Running packaging hooks
    ✔ Running generateAssets hook
    ✔ Running prePackage hook
      ✔ [plugin-webpack] Preparing native dependencies
      ✔ [plugin-webpack] Building webpack bundles
  ❯ Packaging application
    ❯ Packaging for x64 on darwin
      ✔ Copying files
      ✔ Preparing native dependencies [0.3s]
      ✖ Finalizing package
        › Failed to staple your application with code: 66
          Processing: /private/var/folders/64/73k0p2zd5nl8_mybklz01k640000gp/T/electron-packager/darwin-x64/Project/Project.app
          Properties are {
          NSURLIsDirectoryKey = 1;
          NSURLIsPackageKey = 1;
          NSURLIsSymbolicLinkKey = 0;
          NSURLLocalizedTypeDescriptionKey = Application;
          NSURLTypeIdentifierKey = "com.apple.application-bundle";
          "_NSURLIsApplicationKey" = 1;
          }
          Props are {
          }
          Cannot download ticket. CDHash must be set.
  ◼ Running postPackage hook
◼ Running preMake hook
◼ Making distributables
◼ Running postMake hook

An unhandled rejection has occurred inside Forge:
Error: Failed to staple your application with code: 66

Processing: /private/var/folders/64/73k0p2zd5nl8_mybklz01k640000gp/T/electron-packager/darwin-x64/Project/Project.app
Properties are {
    NSURLIsDirectoryKey = 1;
    NSURLIsPackageKey = 1;
    NSURLIsSymbolicLinkKey = 0;
    NSURLLocalizedTypeDescriptionKey = Application;
    NSURLTypeIdentifierKey = "com.apple.application-bundle";
    "_NSURLIsApplicationKey" = 1;
}
Props are {
}
Cannot download ticket. CDHash must be set.
at Object.<anonymous> (/project_path/node_modules/@electron/notarize/lib/staple.js:22:19)
    at Generator.next (<anonymous>)
    at fulfilled (/project_path/node_modules/@electron/notarize/lib/staple.js:4:58)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.

My packagerConfig value in forge.config.js looks like this.

packagerConfig: {
  ...,
  osxSign: {
      "identity": "Developer ID Application: Name Name (code)"
    },
    osxNotarize: {
      tool: 'notarytool',
      appleId: process.env.APPLE_ID,
      appleIdPassword: process.env.APPLE_PASSWORD,
      teamId: process.env.APPLE_TEAM_ID,
    },
  ...
}

It looks like there's nothing missing from the configuration, my guess is that it could be related to certification/provisioning profile.

Answer 1 · 2023-06-12T14:58:08.000Z

I ran in to this issue as well and it turned out that I wasn't correctly specifying my certificate. You may want to try running

security find-identity -p codesigning -v

to see which certificates you have installed on your development machine, and if there's more than one, be sure you're providing the details for the correct identity.

If that's all looking fine, you may want to check to see if you've specified your entitlements. That would look something like

     osxSign: {
      identity: "Developer ID Application: xxx (xxx)",
      hardenedRuntime : true,
      gatekeeperAssess: false,
      entitlements: "build/entitlements.mac.plist",
      entitlementsInherit: "build/entitlements.mac.plist",
    },

and your entitlements.mac.plist file at minimum will probably contain something like

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
    <true/>
    <key>com.apple.security.cs.allow-jit</key>
    <true/>
  </dict>
</plist>

Some additional helpful resources:
https://til.simonwillison.net/electron/sign-notarize-electron-macos
https://kilianvalkhof.com/2019/electron/notarizing-your-electron-application/

Answer 2 · 2023-06-13T18:02:38.000Z

The issue was really related to the certificates, not the notarize itself. I'm closing the issue.

Answer 3 · 2023-11-16T06:49:12.000Z

@bihellzin hi, I ran the security find-identity -p codesigning -v command, my certificate does not appear in the list, but when opening Keychain Access it is in Login/Certificate. In My Certificate it is not there, is the reason here?

Answer 4 · 2024-01-04T18:48:20.000Z

The issue was really related to the certificates, not the notarize itself. I'm closing the issue.

Hi, I'm facing the same issue. Have you found the solution? Thanks!