Merge pull request #1198 from erikaperugachi/notarize

Erika Perugachi · web-flow · commit b5f06919cb23 · 2019-11-05T12:26:13.000-05:00
Add electron-notarize
diff --git a/electron_app/build/entitlements.mac.plist b/electron_app/build/entitlements.mac.plist
@@ -14,7 +14,11 @@
     <true/>
     <key>com.apple.security.print</key>
     <true/>
-    <key>NSRequiresAquaSystemAppearance</key>
-    <false />
+    <key>com.apple.security.cs.allow-jit</key>
+    <true/>
+    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+    <true/>
+    <key>com.apple.security.cs.allow-dyld-environment-variables</key>
+    <true/>
   </dict>
 </plist>
diff --git a/electron_app/notarize.js b/electron_app/notarize.js
@@ -0,0 +1,34 @@
+require('dotenv').config();
+const fs = require('fs');
+const path = require('path');
+var electron_notarize = require('electron-notarize');
+const { build } = require('./package.json');
+
+module.exports = async function (params) {
+    // Only notarize the app on Mac OS only.
+    if (process.platform !== 'darwin') return;
+    console.log('afterSign hook triggered', params);
+
+    // Same appId in electron-builder.
+    let appId = build.appId
+
+    let appPath = path.join(params.appOutDir, `${params.packager.appInfo.productFilename}.app`);
+    if (!fs.existsSync(appPath)) {
+        throw new Error(`Cannot find application at: ${appPath}`);
+    }
+
+    console.log(`Notarizing ${appId} found at ${appPath}`);
+    const password = `@keychain:AC_PASSWORD`;
+    try {
+        await electron_notarize.notarize({
+            appBundleId: appId,
+            appPath: appPath,
+            appleId: process.env.APPLEID,
+            appleIdPassword: password,
+        });
+    } catch (error) {
+        console.error(error);
+    }
+
+    console.log(`Done notarizing ${appId}`);
+};
diff --git a/electron_app/package.json b/electron_app/package.json
@@ -16,10 +16,11 @@
     "url": "https://github.com/Criptext/Criptext-Email-React-Client.git"
   },
   "scripts": {
+    "build": "electron-builder",
     "electron": "electron .",
     "start": "npm run electron .",
     "start:dev": "npm run electron . --allow-file-access-from-file",
-    "postinstall": "install-app-deps",
+    "postinstall": "electron-builder install-app-deps",
     "test": "criptext-js-tools test",
     "integration": "NODE_ENV=test criptext-js-tools integration",
     "lint": "criptext-js-tools lint",
@@ -31,8 +32,11 @@
   "nucleusId": "0.0.0",
   "build": {
     "appId": "com.criptext.criptextmail",
+    "afterSign": "notarize.js",
     "buildVersion": "1",
     "mac": {
+      "hardenedRuntime": true,
+      "gatekeeperAssess": false,
       "target": [
         "mas",
         "dmg",
@@ -132,7 +136,8 @@
   "devDependencies": {
     "criptext-js-tools": "0.5.0",
     "electron": "3.1.10",
-    "electron-builder": "^20.37.0"
+    "electron-builder": "21.2.0",
+    "electron-notarize": "^0.1.1"
   },
   "dependencies": {
     "@criptext/api": "^0.15.22",
diff --git a/electron_app/yarn.lock b/electron_app/yarn.lock
