notarize electron app

2019-07-24 16:37:23 -04:00 · 2019-07-24 16:37:23 -04:00 · 8beaf6c6dd
parent bc1f07e193
commit 8beaf6c6dd
5 changed files with 71 additions and 21 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -2394,14 +2394,12 @@
            "balanced-match": {
              "version": "1.0.0",
              "bundled": true,
-              "dev": true,
-              "optional": true
+              "dev": true
            },
            "brace-expansion": {
              "version": "1.1.11",
              "bundled": true,
              "dev": true,
-              "optional": true,
              "requires": {
                "balanced-match": "^1.0.0",
                "concat-map": "0.0.1"
@ -2416,20 +2414,17 @@
            "code-point-at": {
              "version": "1.1.0",
              "bundled": true,
-              "dev": true,
-              "optional": true
+              "dev": true
            },
            "concat-map": {
              "version": "0.0.1",
              "bundled": true,
-              "dev": true,
-              "optional": true
+              "dev": true
            },
            "console-control-strings": {
              "version": "1.1.0",
              "bundled": true,
-              "dev": true,
-              "optional": true
+              "dev": true
            },
            "core-util-is": {
              "version": "1.0.2",
@ -2546,8 +2541,7 @@
            "inherits": {
              "version": "2.0.3",
              "bundled": true,
-              "dev": true,
-              "optional": true
+              "dev": true
            },
            "ini": {
              "version": "1.3.5",
@ -2559,7 +2553,6 @@
              "version": "1.0.0",
              "bundled": true,
              "dev": true,
-              "optional": true,
              "requires": {
                "number-is-nan": "^1.0.0"
              }
@ -2574,7 +2567,6 @@
              "version": "3.0.4",
              "bundled": true,
              "dev": true,
-              "optional": true,
              "requires": {
                "brace-expansion": "^1.1.7"
              }
@ -2582,14 +2574,12 @@
            "minimist": {
              "version": "0.0.8",
              "bundled": true,
-              "dev": true,
-              "optional": true
+              "dev": true
            },
            "minipass": {
              "version": "2.3.5",
              "bundled": true,
              "dev": true,
-              "optional": true,
              "requires": {
                "safe-buffer": "^5.1.2",
                "yallist": "^3.0.0"
@ -2608,7 +2598,6 @@
              "version": "0.5.1",
              "bundled": true,
              "dev": true,
-              "optional": true,
              "requires": {
                "minimist": "0.0.8"
              }
@ -2689,8 +2678,7 @@
            "number-is-nan": {
              "version": "1.0.1",
              "bundled": true,
-              "dev": true,
-              "optional": true
+              "dev": true
            },
            "object-assign": {
              "version": "4.1.1",
@ -2702,7 +2690,6 @@
              "version": "1.4.0",
              "bundled": true,
              "dev": true,
-              "optional": true,
              "requires": {
                "wrappy": "1"
              }
@ -2824,7 +2811,6 @@
              "version": "1.0.2",
              "bundled": true,
              "dev": true,
-              "optional": true,
              "requires": {
                "code-point-at": "^1.0.0",
                "is-fullwidth-code-point": "^1.0.0",
@ -4389,6 +4375,35 @@
      "resolved": "https://registry.npmjs.org/electron-log/-/electron-log-2.2.17.tgz",
      "integrity": "sha512-v+Af5W5z99ehhaLOfE9eTSXUwjzh2wFlQjz51dvkZ6ZIrET6OB/zAZPvsuwT6tm3t5x+M1r+Ed3U3xtPZYAyuQ=="
    },
+    "electron-notarize": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/electron-notarize/-/electron-notarize-0.1.1.tgz",
+      "integrity": "sha512-TpKfJcz4LXl5jiGvZTs5fbEx+wUFXV5u8voeG5WCHWfY/cdgdD8lDZIZRqLVOtR3VO+drgJ9aiSHIO9TYn/fKg==",
+      "dev": true,
+      "requires": {
+        "debug": "^4.1.1",
+        "fs-extra": "^8.0.1"
+      },
+      "dependencies": {
+        "fs-extra": {
+          "version": "8.1.0",
+          "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-8.1.0.tgz",
+          "integrity": "sha512-yhlQgA6mnOJUKOsRUFsgJdQCvkKhcz8tlZG5HBQfReYZy46OwLcY+Zia0mtdHsOo9y/hP+CxMN0TU9QxoOtG4g==",
+          "dev": true,
+          "requires": {
+            "graceful-fs": "^4.2.0",
+            "jsonfile": "^4.0.0",
+            "universalify": "^0.1.0"
+          }
+        },
+        "graceful-fs": {
+          "version": "4.2.0",
+          "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.0.tgz",
+          "integrity": "sha512-jpSvDPV4Cq/bgtpndIWbI5hmYxhQGHPC4d4cqBPb4DLniCfhJokdXhwhaDuLBGLQdvvRum/UiX6ECVIPvDXqdg==",
+          "dev": true
+        }
+      }
+    },
    "electron-publish": {
      "version": "21.1.5",
      "resolved": "https://registry.npmjs.org/electron-publish/-/electron-publish-21.1.5.tgz",
--- a/package.json
+++ b/package.json
@ -53,10 +53,15 @@
      "output": "dist",
      "app": "build"
    },
+    "afterSign": "scripts/notarize.js",
    "mac": {
      "electronUpdaterCompatibility": ">=0.0.1",
      "category": "public.app-category.productivity",
      "darkModeSupport": true,
+      "gatekeeperAssess": false,
+      "hardenedRuntime": true,
+      "entitlements": "resources/entitlements.mac.plist",
+      "entitlementsInherit": "resources/entitlements.mac.plist",
      "extendInfo": {
        "ITSAppUsesNonExemptEncryption": false,
        "CFBundleLocalizations": [
@ -136,6 +141,10 @@
        "height": 380
      }
    },
+    "mas": {
+      "entitlements": "resources/entitlements.mas.plist",
+      "entitlementsInherit": "resources/entitlements.mas.plist"
+    },
    "nsisWeb": {
      "oneClick": false,
      "perMachine": true,
@ -208,6 +217,7 @@
    "del": "^3.0.0",
    "electron": "5.0.8",
    "electron-builder": "21.1.5",
+    "electron-notarize": "^0.1.1",
    "electron-rebuild": "^1.8.5",
    "electron-reload": "^1.4.1",
    "extract-text-webpack-plugin": "next",
--- a/resources/entitlements.mac.plist
+++ b/resources/entitlements.mac.plist
@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+	<true/>
+</dict>
+</plist>
--- a/resources/entitlements.mas.plist
+++ b/resources/entitlements.mas.plist
@ -8,5 +8,7 @@
 	<true/>
 	<key>com.apple.security.files.user-selected.read-write</key>
 	<true/>
+	<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+	<true/>
 </dict>
 </plist>
--- a/scripts/notarize.js
+++ b/scripts/notarize.js
@ -0,0 +1,15 @@
+const { notarize } = require('electron-notarize');
+
+exports.default = async function notarizing(context) {
+    const { electronPlatformName, appOutDir } = context;
+    if (electronPlatformName !== 'darwin') {
+        return;
+    }
+    const appName = context.packager.appInfo.productFilename;
+    return await notarize({
+        appBundleId: 'com.bitwarden.desktop',
+        appPath: appOutDir + '/' + appName + '.app',
+        appleId: '@keychain:"Apple Id Notarization Id"',
+        appleIdPassword: '@keychain:"Apple Id Notarization Password"',
+    });
+};