diff --git a/package-lock.json b/package-lock.json
index 0c617d20..cd6a4190 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -2394,14 +2394,12 @@
"balanced-match": {
"version": "1.0.0",
"bundled": true,
- "dev": true,
- "optional": true
+ "dev": true
},
"brace-expansion": {
"version": "1.1.11",
"bundled": true,
"dev": true,
- "optional": true,
"requires": {
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
@@ -2416,20 +2414,17 @@
"code-point-at": {
"version": "1.1.0",
"bundled": true,
- "dev": true,
- "optional": true
+ "dev": true
},
"concat-map": {
"version": "0.0.1",
"bundled": true,
- "dev": true,
- "optional": true
+ "dev": true
},
"console-control-strings": {
"version": "1.1.0",
"bundled": true,
- "dev": true,
- "optional": true
+ "dev": true
},
"core-util-is": {
"version": "1.0.2",
@@ -2546,8 +2541,7 @@
"inherits": {
"version": "2.0.3",
"bundled": true,
- "dev": true,
- "optional": true
+ "dev": true
},
"ini": {
"version": "1.3.5",
@@ -2559,7 +2553,6 @@
"version": "1.0.0",
"bundled": true,
"dev": true,
- "optional": true,
"requires": {
"number-is-nan": "^1.0.0"
}
@@ -2574,7 +2567,6 @@
"version": "3.0.4",
"bundled": true,
"dev": true,
- "optional": true,
"requires": {
"brace-expansion": "^1.1.7"
}
@@ -2582,14 +2574,12 @@
"minimist": {
"version": "0.0.8",
"bundled": true,
- "dev": true,
- "optional": true
+ "dev": true
},
"minipass": {
"version": "2.3.5",
"bundled": true,
"dev": true,
- "optional": true,
"requires": {
"safe-buffer": "^5.1.2",
"yallist": "^3.0.0"
@@ -2608,7 +2598,6 @@
"version": "0.5.1",
"bundled": true,
"dev": true,
- "optional": true,
"requires": {
"minimist": "0.0.8"
}
@@ -2689,8 +2678,7 @@
"number-is-nan": {
"version": "1.0.1",
"bundled": true,
- "dev": true,
- "optional": true
+ "dev": true
},
"object-assign": {
"version": "4.1.1",
@@ -2702,7 +2690,6 @@
"version": "1.4.0",
"bundled": true,
"dev": true,
- "optional": true,
"requires": {
"wrappy": "1"
}
@@ -2824,7 +2811,6 @@
"version": "1.0.2",
"bundled": true,
"dev": true,
- "optional": true,
"requires": {
"code-point-at": "^1.0.0",
"is-fullwidth-code-point": "^1.0.0",
@@ -4389,6 +4375,35 @@
"resolved": "https://registry.npmjs.org/electron-log/-/electron-log-2.2.17.tgz",
"integrity": "sha512-v+Af5W5z99ehhaLOfE9eTSXUwjzh2wFlQjz51dvkZ6ZIrET6OB/zAZPvsuwT6tm3t5x+M1r+Ed3U3xtPZYAyuQ=="
},
+ "electron-notarize": {
+ "version": "0.1.1",
+ "resolved": "https://registry.npmjs.org/electron-notarize/-/electron-notarize-0.1.1.tgz",
+ "integrity": "sha512-TpKfJcz4LXl5jiGvZTs5fbEx+wUFXV5u8voeG5WCHWfY/cdgdD8lDZIZRqLVOtR3VO+drgJ9aiSHIO9TYn/fKg==",
+ "dev": true,
+ "requires": {
+ "debug": "^4.1.1",
+ "fs-extra": "^8.0.1"
+ },
+ "dependencies": {
+ "fs-extra": {
+ "version": "8.1.0",
+ "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-8.1.0.tgz",
+ "integrity": "sha512-yhlQgA6mnOJUKOsRUFsgJdQCvkKhcz8tlZG5HBQfReYZy46OwLcY+Zia0mtdHsOo9y/hP+CxMN0TU9QxoOtG4g==",
+ "dev": true,
+ "requires": {
+ "graceful-fs": "^4.2.0",
+ "jsonfile": "^4.0.0",
+ "universalify": "^0.1.0"
+ }
+ },
+ "graceful-fs": {
+ "version": "4.2.0",
+ "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.0.tgz",
+ "integrity": "sha512-jpSvDPV4Cq/bgtpndIWbI5hmYxhQGHPC4d4cqBPb4DLniCfhJokdXhwhaDuLBGLQdvvRum/UiX6ECVIPvDXqdg==",
+ "dev": true
+ }
+ }
+ },
"electron-publish": {
"version": "21.1.5",
"resolved": "https://registry.npmjs.org/electron-publish/-/electron-publish-21.1.5.tgz",
diff --git a/package.json b/package.json
index cb5648d6..737cbf8e 100644
--- a/package.json
+++ b/package.json
@@ -53,10 +53,15 @@
"output": "dist",
"app": "build"
},
+ "afterSign": "scripts/notarize.js",
"mac": {
"electronUpdaterCompatibility": ">=0.0.1",
"category": "public.app-category.productivity",
"darkModeSupport": true,
+ "gatekeeperAssess": false,
+ "hardenedRuntime": true,
+ "entitlements": "resources/entitlements.mac.plist",
+ "entitlementsInherit": "resources/entitlements.mac.plist",
"extendInfo": {
"ITSAppUsesNonExemptEncryption": false,
"CFBundleLocalizations": [
@@ -136,6 +141,10 @@
"height": 380
}
},
+ "mas": {
+ "entitlements": "resources/entitlements.mas.plist",
+ "entitlementsInherit": "resources/entitlements.mas.plist"
+ },
"nsisWeb": {
"oneClick": false,
"perMachine": true,
@@ -208,6 +217,7 @@
"del": "^3.0.0",
"electron": "5.0.8",
"electron-builder": "21.1.5",
+ "electron-notarize": "^0.1.1",
"electron-rebuild": "^1.8.5",
"electron-reload": "^1.4.1",
"extract-text-webpack-plugin": "next",
diff --git a/resources/entitlements.mac.plist b/resources/entitlements.mac.plist
new file mode 100644
index 00000000..a1c430a5
--- /dev/null
+++ b/resources/entitlements.mac.plist
@@ -0,0 +1,8 @@
+
+
+
+
+ com.apple.security.cs.allow-unsigned-executable-memory
+
+
+
diff --git a/resources/entitlements.mas.plist b/resources/entitlements.mas.plist
index 38da9a97..98d99577 100644
--- a/resources/entitlements.mas.plist
+++ b/resources/entitlements.mas.plist
@@ -8,5 +8,7 @@
com.apple.security.files.user-selected.read-write
+ com.apple.security.cs.allow-unsigned-executable-memory
+
diff --git a/scripts/notarize.js b/scripts/notarize.js
new file mode 100644
index 00000000..95880e40
--- /dev/null
+++ b/scripts/notarize.js
@@ -0,0 +1,15 @@
+const { notarize } = require('electron-notarize');
+
+exports.default = async function notarizing(context) {
+ const { electronPlatformName, appOutDir } = context;
+ if (electronPlatformName !== 'darwin') {
+ return;
+ }
+ const appName = context.packager.appInfo.productFilename;
+ return await notarize({
+ appBundleId: 'com.bitwarden.desktop',
+ appPath: appOutDir + '/' + appName + '.app',
+ appleId: '@keychain:"Apple Id Notarization Id"',
+ appleIdPassword: '@keychain:"Apple Id Notarization Password"',
+ });
+};