electron apple-m1 electron-builder electron-packager code-signing-certificate

Signing Electron build for M1 macs causes renderer to crash

I've been making intel builds of our Electron app with Electron-Builder for a while, signing them, and being able to run them without issue.

I'm now trying to make an M1/arm build, but it turns out that signing that build causes the renderer to crash. Not signing the build doesn't cause the crash. This isn't an issue for the intel build. (consistent whether build machine is intel or arm, and whether notarize is called subsequently or not)

I see the following during app startup (Note specifically the v8 fatal error at the top, which is the main concern here):

[...]
<--- Last few GCs --->


<--- JS stacktrace --->

[22739:0331/171516.826773:FATAL:v8_initializer.cc(820)] 
render-process-gone { reason: 'crashed', exitCode: 5 }
[...]
Error sending from webFrameMain:  Error: Render frame was disposed before WebFrameMain could be accessed
    at EventEmitter.n.send (node:electron/js2c/browser_init:169:417)
    at EventEmitter.b.send (node:electron/js2c/browser_init:165:2494)
    at c.<anonymous> (/Users/armelchesnais/Documents/Rave/desktop/dist/mac-arm64/Rave-blue.app/Contents/Resources/app/main.prod.js:2:587569)
    at c.emit (node:events:390:28)
    at c.emit (node:domain:475:12)
    at c.doCheckForUpdates (/Users/armelchesnais/Documents/Rave/desktop/dist/mac-arm64/Rave-blue.app/Contents/Resources/app/main.prod.js:2:993643)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at w.retries (/Users/armelchesnais/Documents/Rave/desktop/dist/mac-arm64/Rave-blue.app/Contents/Resources/app/main.prod.js:2:588005)
Error sending from webFrameMain:  Error: Render frame was disposed before WebFrameMain could be accessed
    at EventEmitter.n.send (node:electron/js2c/browser_init:169:417)
    at EventEmitter.b.send (node:electron/js2c/browser_init:165:2494)
    at BrowserWindow.<anonymous> (/Users/armelchesnais/Documents/Rave/desktop/dist/mac-arm64/Rave-blue.app/Contents/Resources/app/main.prod.js:2:632050)
    at BrowserWindow.emit (node:events:390:28)
    at BrowserWindow.emit (node:domain:475:12)

I won't be able to distribute the arm/M1 build of the app as a result from this. I'm at a loss as to how signing would affect a crash of the renderer only on one architecture.

How do I resolve this?

electron v17.1.2
electron-builder 23.0.2

Solution

This was the exact scenario I was facing. I fixed it by updating my entitlements.plist to

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
        <true/>
        <key>com.apple.security.cs.allow-jit</key>
        <true/>
    </dict>
</plist>

I was missing com.apple.security.cs.allow-jit More details about it is here https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_cs_allow-jit It is documented in the prerequisites https://github.com/electron/notarize#prerequisites