Merge pull request #96 from cwillisf/notarize-mac-build

Notarize macOS build
This commit is contained in:
Chris Willis-Ford 2020-01-24 11:19:28 -08:00 committed by GitHub
commit 88b1da1533
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 86 additions and 3 deletions

View file

@ -4,6 +4,8 @@
<dict> <dict>
<key>com.apple.security.app-sandbox</key> <key>com.apple.security.app-sandbox</key>
<true/> <true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.inherit</key> <key>com.apple.security.inherit</key>
<true/> <true/>
</dict> </dict>

View file

@ -4,6 +4,8 @@
<dict> <dict>
<key>com.apple.security.app-sandbox</key> <key>com.apple.security.app-sandbox</key>
<true/> <true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.device.audio-input</key> <key>com.apple.security.device.audio-input</key>
<true/> <true/>
<key>com.apple.security.device.camera</key> <key>com.apple.security.device.camera</key>

View file

@ -3,8 +3,10 @@ directories:
output: dist output: dist
appId: edu.mit.scratch.scratch-desktop appId: edu.mit.scratch.scratch-desktop
productName: "Scratch Desktop" productName: "Scratch Desktop"
afterSign: "scripts/afterSign.js"
mac: mac:
category: public.app-category.education category: public.app-category.education
hardenedRuntime: true
icon: buildResources/ScratchDesktop.icns icon: buildResources/ScratchDesktop.icns
provisioningProfile: embedded.provisionprofile provisioningProfile: embedded.provisionprofile
target: target:

23
package-lock.json generated
View file

@ -4317,6 +4317,29 @@
} }
} }
}, },
"electron-notarize": {
"version": "0.2.1",
"resolved": "https://registry.npmjs.org/electron-notarize/-/electron-notarize-0.2.1.tgz",
"integrity": "sha512-oZ6/NhKeXmEKNROiFmRNfytqu3cxqC95sjooG7kBXQVEUSQkZnbiAhxVh5jXngL881G197pbwpeVPJyM7Ikmxw==",
"dev": true,
"requires": {
"debug": "^4.1.1",
"fs-extra": "^8.1.0"
},
"dependencies": {
"fs-extra": {
"version": "8.1.0",
"resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-8.1.0.tgz",
"integrity": "sha512-yhlQgA6mnOJUKOsRUFsgJdQCvkKhcz8tlZG5HBQfReYZy46OwLcY+Zia0mtdHsOo9y/hP+CxMN0TU9QxoOtG4g==",
"dev": true,
"requires": {
"graceful-fs": "^4.2.0",
"jsonfile": "^4.0.0",
"universalify": "^0.1.0"
}
}
}
},
"electron-publish": { "electron-publish": {
"version": "22.2.0", "version": "22.2.0",
"resolved": "https://registry.npmjs.org/electron-publish/-/electron-publish-22.2.0.tgz", "resolved": "https://registry.npmjs.org/electron-publish/-/electron-publish-22.2.0.tgz",

View file

@ -38,6 +38,7 @@
"electron": "^6.1.7", "electron": "^6.1.7",
"electron-builder": "^22.2.0", "electron-builder": "^22.2.0",
"electron-devtools-installer": "^2.2.4", "electron-devtools-installer": "^2.2.4",
"electron-notarize": "^0.2.1",
"electron-store": "^3.3.0", "electron-store": "^3.3.0",
"electron-webpack": "^2.7.4", "electron-webpack": "^2.7.4",
"eslint": "^5.16.0", "eslint": "^5.16.0",

42
scripts/afterSign.js Normal file
View file

@ -0,0 +1,42 @@
const {notarize} = require('electron-notarize');
const notarizeMacBuild = async function (context) {
// keep this in sync with appId in the electron-builder config
const appId = 'edu.mit.scratch.scratch-desktop';
if (!process.env.AC_USERNAME) {
throw new Error(
'Notarizing the macOS build requires an Apple ID.\n' +
'Please set the environment variable AC_USERNAME.\n' +
'Make sure your keychain has an item for "Application Loader: your@apple.id"'
);
}
const appleId = process.env.AC_USERNAME;
const appleIdKeychainItem = `Application Loader: ${appleId}`;
console.log(`Notarizing with Apple ID "${appleId}" and keychain item "${appleIdKeychainItem}"`);
const {appOutDir} = context;
const productFilename = context.packager.appInfo.productFilename;
await notarize({
appBundleId: appId,
appPath: `${appOutDir}/${productFilename}.app`,
appleId,
appleIdPassword: `@keychain:${appleIdKeychainItem}`
});
};
const afterSign = async function (context) {
const {electronPlatformName} = context;
switch (electronPlatformName) {
case 'mas': // macOS build for Mac App Store
break;
case 'darwin': // macOS build NOT for Mac App Store
await notarizeMacBuild(context);
break;
}
};
module.exports = afterSign;

View file

@ -52,11 +52,20 @@ const runBuilder = function (targetGroup) {
const platformFlag = getPlatformFlag(); const platformFlag = getPlatformFlag();
const command = `electron-builder ${platformFlag} ${targetGroup}`; const command = `electron-builder ${platformFlag} ${targetGroup}`;
console.log(`running: ${command}`); console.log(`running: ${command}`);
spawnSync(command, { const result = spawnSync(command, {
env: childEnvironment, env: childEnvironment,
shell: true, shell: true,
stdio: 'inherit' stdio: 'inherit'
}); });
if (result.error) {
throw result.error;
}
if (result.signal) {
throw new Error(`Child process terminated due to signal ${result.signal}`);
}
if (result.status) {
throw new Error(`Child process returned status code ${result.status}`);
}
}; };
/** /**
@ -69,8 +78,10 @@ const calculateTargets = function () {
// run in two passes so we can skip signing the appx // run in two passes so we can skip signing the appx
return ['nsis', 'appx']; return ['nsis', 'appx'];
case 'darwin': case 'darwin':
// run in one pass for slightly better speed // Running 'dmg' and 'mas' in the same pass causes electron-builder to skip signing the non-MAS app copy.
return ['dmg mas']; // Running them as separate passes means they both get signed.
// Seems like a bug in electron-builder...
return ['dmg', 'mas'];
} }
throw new Error(`Could not determine targets for platform: ${process.platform}`); throw new Error(`Could not determine targets for platform: ${process.platform}`);
}; };