electroncode-signingdylibnode-canvas

node-canvas in electron -- "mapped file has no cdhash, completely unsigned? Code has to be at least ad-hoc signed."


I'm cresting electron app using node-canvas.
I generated an app-installer by the following command:

$ electron-builder --mac --x64 --config ./build_mac.js

build_mac.js

const config = {
  "appId": "jp.maplat.editor",
  "asarUnpack": [
    "assets/mac/canvas"
  ],
  "directories": {
    "output": "dist"
  },
  "files": [
    "assets/mac",
    "backend",
    "css",
    "frontend/dist",
    "html",
    "img",
    "locales",
    "package.json",
    "package-lock.json",
    "tms_list.json"
  ],
  "afterSign": "script/notarize/notarize.js",
  "mac": {
    "icon": "assets/mac/icon_mac.icns",
    "target": [
      "dmg"
    ],
    "hardenedRuntime": true,
    "gatekeeperAssess": false,
    "entitlements": "script/notarize/entitlements.mac.plist",
    "entitlementsInherit": "script/notarize/entitlements.mac.plist",
  },
  "win": {
    "icon": "assets/win/icon_win.ico",
    "target": "nsis"
  },
  "nsis":{
    "oneClick": false,
    "allowToChangeInstallationDirectory": true
  }
};

module.exports = config;

But after installing the electron app, the app outputs following error message on web console:

Uncaught Error: dlopen(/Applications/MaplatEditor.app/Contents/Resources/app.asar.unpacked/assets/mac/canvas/build/Release/canvas.node, 1): Library not loaded: /usr/local/opt/pixman/lib/libpixman-1.0.dylib Referenced from: /Applications/MaplatEditor.app/Contents/Resources/app.asar.unpacked/assets/mac/canvas/build/Release/canvas.node Reason: no suitable image found. Did find: /usr/local/opt/pixman/lib/libpixman-1.0.dylib: code signature in (/usr/local/opt/pixman/lib/libpixman-1.0.dylib) not valid for use in process using Library Validation: mapped file has no cdhash, completely unsigned? Code has to be at least ad-hoc signed.

How to solve this? I think there are 2 issues,

  1. How to sign this dylib?
  2. This dylib looks installed under "/usr/local/opt", it is out of the application folder. Is this correct expected behavior?

Does anyone have the answer for this?


Solution

  • The solution to fix this is put all dylibs (except under "/usr/lib" or "/System/Library/Frameworks") under the folder which is in under control of electron.

    Something like this in my project: https://github.com/code4history/MaplatEditor/tree/master/assets/mac/canvas/build/Release

    But just putting dylib is not working, because each dylib has information about link to other libraries.

    You can check which libraries are linked from each dylib by using "otool" command, and youcan overwrite it by using "install_name_tool" command.

    https://github.com/code4history/MaplatEditor/blob/master/mac_canvas_dylib

    In this URL, you can find what I did for my project.