Established an app signing process for macs using electron-packager. The process takes an enormous amount of time but has so far been running without throwing an exception and the signature is confirmed by codesign.

2021-04-13 14:17:12 -04:00 · 2021-04-13 14:17:12 -04:00 · 7f7513809a
parent b3bb07454f
commit 7f7513809a
5 changed files with 55 additions and 266 deletions
--- a/app/.gitignore
+++ b/app/.gitignore
@ -1,3 +1,6 @@
 node_modules/*
 logs/*
-data/transfer*.json
+data/transfer*.json
+.appleId
+.applePwd
+.appleIdentity
--- a/app/entitlements.plist
+++ b/app/entitlements.plist
@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+  <dict>
+    <key>com.apple.security.cs.allow-jit</key>
+    <true/>
+    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+    <true/>
+    <key>com.apple.security.cs.debugger</key>
+    <true/>
+  </dict>
+</plist>
--- a/app/package-lock.json
+++ b/app/package-lock.json
--- a/app/scripts/build_and_sign_mac.js
+++ b/app/scripts/build_and_sign_mac.js
@ -0,0 +1,38 @@
+/** ./node_modules/.bin/electron-packager . 
+--overwrite 
+--platform=darwin 
+--arch=x64 
+--icon=assets/icons/icon.icns
+ --prune=true 
+ --out=../dist **/
+
+ const packager = require('electron-packager');
+ const { readFileSync } = require('fs');
+
+ const appleId = (readFileSync('.appleId', 'utf8') ).trim();
+ const appleIdPassword = (readFileSync('.applePwd', 'utf8') ).trim();
+ // security find-identity to find exact string
+ const appleIdentity = (readFileSync('.appleIdentity', 'utf8') ).trim();
+
+ const config = {
+ 	dir : '.',
+ 	platform : 'darwin',
+ 	arch : 'x64',
+ 	prune : true,
+ 	icon : './assets/icons/icon.icns',
+ 	overwrite : true,
+ 	out : '../dist',
+ 	osxSign : {
+ 		identity : appleIdentity,
+ 		'hardened-runtime' : true,
+ 		entitlements : './entitlements.plist',
+ 		'entitlements-inherit': './entitlements.plist',
+ 		'signature-flags' : 'library'
+ 	},
+ 	osxNotarize : {
+ 		appleId,
+ 		appleIdPassword
+ 	}
+ };
+
+packager(config);
--- a/app/scripts/build_mac.sh
+++ b/app/scripts/build_mac.sh
@ -1,6 +1,6 @@
 #!/bin/bash

-./node_modules/.bin/electron-packager . --overwrite --platform=darwin --arch=x64 --icon=assets/icons/icon.icns --prune=true --out=../dist
+node ./scripts/build_and_sign_mac.js
 #build dmg for mac install
 sleep 5s
 mkdir -p ../dist/installers