notarize non-MAS macOS build (required for 10.15)

2025-01-08 13:41:59 -05:00 · 2020-01-16 11:47:25 -08:00 · 2020-01-16 11:47:25 -08:00 · 9c9d7c6979
commit 9c9d7c6979
parent 6a33d411c1
4 changed files with 67 additions and 0 deletions
--- a/electron-builder.yaml
+++ b/electron-builder.yaml
@ -3,6 +3,7 @@ directories:
  output: dist
 appId: edu.mit.scratch.scratch-desktop
 productName: "Scratch Desktop"
+afterSign: "scripts/afterSign.js"
 mac:
  category: public.app-category.education
  hardenedRuntime: true
--- a/package-lock.json
+++ b/package-lock.json
@ -4317,6 +4317,29 @@
        }
      }
    },
+    "electron-notarize": {
+      "version": "0.2.1",
+      "resolved": "https://registry.npmjs.org/electron-notarize/-/electron-notarize-0.2.1.tgz",
+      "integrity": "sha512-oZ6/NhKeXmEKNROiFmRNfytqu3cxqC95sjooG7kBXQVEUSQkZnbiAhxVh5jXngL881G197pbwpeVPJyM7Ikmxw==",
+      "dev": true,
+      "requires": {
+        "debug": "^4.1.1",
+        "fs-extra": "^8.1.0"
+      },
+      "dependencies": {
+        "fs-extra": {
+          "version": "8.1.0",
+          "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-8.1.0.tgz",
+          "integrity": "sha512-yhlQgA6mnOJUKOsRUFsgJdQCvkKhcz8tlZG5HBQfReYZy46OwLcY+Zia0mtdHsOo9y/hP+CxMN0TU9QxoOtG4g==",
+          "dev": true,
+          "requires": {
+            "graceful-fs": "^4.2.0",
+            "jsonfile": "^4.0.0",
+            "universalify": "^0.1.0"
+          }
+        }
+      }
+    },
    "electron-publish": {
      "version": "22.2.0",
      "resolved": "https://registry.npmjs.org/electron-publish/-/electron-publish-22.2.0.tgz",
--- a/package.json
+++ b/package.json
@ -38,6 +38,7 @@
    "electron": "^6.1.7",
    "electron-builder": "^22.2.0",
    "electron-devtools-installer": "^2.2.4",
+    "electron-notarize": "^0.2.1",
    "electron-store": "^3.3.0",
    "electron-webpack": "^2.7.4",
    "eslint": "^5.16.0",
--- a/scripts/afterSign.js
+++ b/scripts/afterSign.js
@ -0,0 +1,42 @@
+const {notarize} = require('electron-notarize');
+
+const notarizeMacBuild = async function (context) {
+    // keep this in sync with appId in the electron-builder config
+    const appId = 'edu.mit.scratch.scratch-desktop';
+
+    if (!process.env.AC_USERNAME) {
+        throw new Error(
+            'Notarizing the macOS build requires an Apple ID.\n' +
+            'Please set the environment variable AC_USERNAME.\n' +
+            'Make sure your keychain has an item for "Application Loader: your@apple.id"'
+        );
+    }
+
+    const appleId = process.env.AC_USERNAME;
+    const appleIdKeychainItem = `Application Loader: ${appleId}`;
+
+    console.log(`Notarizing with Apple ID "${appleId}" and keychain item "${appleIdKeychainItem}"`);
+
+    const {appOutDir} = context;
+    const productFilename = context.packager.appInfo.productFilename;
+    await notarize({
+        appBundleId: appId,
+        appPath: `${appOutDir}/${productFilename}.app`,
+        appleId,
+        appleIdPassword: `@keychain:${appleIdKeychainItem}`
+    });
+};
+
+const afterSign = async function (context) {
+    const {electronPlatformName} = context;
+
+    switch (electronPlatformName) {
+    case 'mas': // macOS build for Mac App Store
+        break;
+    case 'darwin': // macOS build NOT for Mac App Store
+        await notarizeMacBuild(context);
+        break;
+    }
+};
+
+module.exports = afterSign;