From 5396cae0f09dc8bfb512a70370ed5ad4de4f823a Mon Sep 17 00:00:00 2001 From: Felix Rieseberg Date: Mon, 2 Dec 2019 13:23:53 -0800 Subject: [PATCH] build: Notarize the app --- .travis.yml | 2 +- forge.config.js | 12 ++++++++--- package-lock.json | 45 +++++++++++++++++++++++++++++++++++---- package.json | 1 + static/entitlements.plist | 10 +++++++++ tools/notarize.js | 29 +++++++++++++++++++++++++ 6 files changed, 91 insertions(+), 8 deletions(-) create mode 100644 static/entitlements.plist create mode 100644 tools/notarize.js diff --git a/.travis.yml b/.travis.yml index 2674115..738c103 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,7 +4,7 @@ os: - linux - osx dist: trusty -osx_image: xcode8.3 +osx_image: xcode10 sudo: false cache: diff --git a/forge.config.js b/forge.config.js index 8e51e26..4c7a857 100644 --- a/forge.config.js +++ b/forge.config.js @@ -3,7 +3,8 @@ const package = require('./package.json'); module.exports = { hooks: { - generateAssets: require('./tools/generateAssets') + generateAssets: require('./tools/generateAssets'), + postPackage: require('./tools/notarize') }, packagerConfig: { asar: false, @@ -12,10 +13,15 @@ module.exports = { appCategoryType: 'public.app-category.developer-tools', win32metadata: { CompanyName: 'Felix Rieseberg', - OriginalFilename: 'windows95', + OriginalFilename: 'windows95' }, osxSign: { - identity: 'Developer ID Application: Felix Rieseberg (LT94ZKYDCJ)' + identity: 'Developer ID Application: Felix Rieseberg (LT94ZKYDCJ)', + 'hardened-runtime': true, + 'gatekeeper-assess': false, + 'entitlements': 'static/entitlements.plist', + 'entitlements-inherit': 'static/entitlements.plist', + 'signature-flags': 'library' }, ignore: [ /\/assets(\/?)/, diff --git a/package-lock.json b/package-lock.json index 12184fa..5da4e85 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1657,6 +1657,33 @@ "@types/node": "*", "electron-notarize": "^0.1.1", "electron-osx-sign": "^0.4.11" + }, + "dependencies": { + "debug": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.1.tgz", + "integrity": "sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw==", + "dev": true, + "requires": { + "ms": "^2.1.1" + } + }, + "electron-notarize": { + "version": "0.1.1", + "resolved": "https://registry.npmjs.org/electron-notarize/-/electron-notarize-0.1.1.tgz", + "integrity": "sha512-TpKfJcz4LXl5jiGvZTs5fbEx+wUFXV5u8voeG5WCHWfY/cdgdD8lDZIZRqLVOtR3VO+drgJ9aiSHIO9TYn/fKg==", + "dev": true, + "requires": { + "debug": "^4.1.1", + "fs-extra": "^8.0.1" + } + }, + "ms": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", + "dev": true + } } }, "@types/fs-extra": { @@ -3974,13 +4001,13 @@ "integrity": "sha1-FOb9pcaOnk7L7/nM8DfL18BcWv4=" }, "electron-notarize": { - "version": "0.1.1", - "resolved": "https://registry.npmjs.org/electron-notarize/-/electron-notarize-0.1.1.tgz", - "integrity": "sha512-TpKfJcz4LXl5jiGvZTs5fbEx+wUFXV5u8voeG5WCHWfY/cdgdD8lDZIZRqLVOtR3VO+drgJ9aiSHIO9TYn/fKg==", + "version": "0.2.1", + "resolved": "https://registry.npmjs.org/electron-notarize/-/electron-notarize-0.2.1.tgz", + "integrity": "sha512-oZ6/NhKeXmEKNROiFmRNfytqu3cxqC95sjooG7kBXQVEUSQkZnbiAhxVh5jXngL881G197pbwpeVPJyM7Ikmxw==", "dev": true, "requires": { "debug": "^4.1.1", - "fs-extra": "^8.0.1" + "fs-extra": "^8.1.0" }, "dependencies": { "debug": { @@ -4048,6 +4075,16 @@ "ms": "^2.1.1" } }, + "electron-notarize": { + "version": "0.1.1", + "resolved": "https://registry.npmjs.org/electron-notarize/-/electron-notarize-0.1.1.tgz", + "integrity": "sha512-TpKfJcz4LXl5jiGvZTs5fbEx+wUFXV5u8voeG5WCHWfY/cdgdD8lDZIZRqLVOtR3VO+drgJ9aiSHIO9TYn/fKg==", + "dev": true, + "requires": { + "debug": "^4.1.1", + "fs-extra": "^8.0.1" + } + }, "ms": { "version": "2.1.2", "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", diff --git a/package.json b/package.json index 0460ea4..d85df70 100644 --- a/package.json +++ b/package.json @@ -39,6 +39,7 @@ "@types/react": "^16.9.13", "@types/react-dom": "^16.9.4", "electron": "7.1.2", + "electron-notarize": "^0.2.1", "less": "^3.10.3", "node-abi": "^2.13.0", "parcel-bundler": "^1.12.4", diff --git a/static/entitlements.plist b/static/entitlements.plist new file mode 100644 index 0000000..e1cdcf7 --- /dev/null +++ b/static/entitlements.plist @@ -0,0 +1,10 @@ + + + + + com.apple.security.cs.allow-jit + + com.apple.security.cs.allow-unsigned-executable-memory + + + \ No newline at end of file diff --git a/tools/notarize.js b/tools/notarize.js new file mode 100644 index 0000000..d3f82df --- /dev/null +++ b/tools/notarize.js @@ -0,0 +1,29 @@ +const { notarize } = require('electron-notarize'); +const path = require('path'); + +const buildOutput = path.resolve( + __dirname, + '..', + 'out', + 'windows95-darwin-x64', + 'windows95.app' +); + +module.exports = function () { + if (process.platform !== 'darwin') { + console.log('Not a Mac; skipping notarization'); + return; + } + + console.log('Notarizing...'); + + return notarize({ + appBundleId: 'com.felixrieseberg.windows95', + appPath: buildOutput, + appleId: process.env.APPLE_ID, + appleIdPassword: process.env.APPLE_ID_PASSWORD + }).catch((e) => { + console.error(e); + throw e; + }); +}