1- const { notarize } = require ( '@electron/notarize' ) ;
2-
31/*
42 Pre-requisites: https://github.com/electron/electron-notarize#prerequisites
53 1. Generate an app specific password
@@ -8,35 +6,80 @@ const { notarize } = require('@electron/notarize');
86
97/*
108 Notarizing: https://kilianvalkhof.com/2019/electron/notarizing-your-electron-application/
9+ This script is heavily inspired by https://github.com/electron/notarize/issues/193#issuecomment-2466569367
10+ For up to date official mac information, see https://developer.apple.com/documentation/security/customizing-the-notarization-workflow
1111*/
1212
1313const log = msg => console . log ( `\n${ msg } ) ;
1414const isEmpty = v => ! v || v . length === 0 ;
1515
16+ const { execSync } = require ( 'node:child_process' ) ;
17+
18+ function runCommandWithExitCode ( command ) {
19+ try {
20+ const output = execSync ( command , { stdio : 'pipe' } ) ;
21+ return { success : true , output : output . toString ( ) . trim ( ) } ;
22+ } catch ( error ) {
23+ return { success : false , code : error . status , message : error . stderr . toString ( ) . trim ( ) } ;
24+ }
25+ }
26+
1627exports . default = async function notarizing ( context ) {
1728 const { electronPlatformName, appOutDir } = context ;
1829 if ( electronPlatformName !== 'darwin' ) {
1930 return ;
2031 }
21- log ( 'Notarizing mac application' ) ;
2232
2333 const appName = context . packager . appInfo . productFilename ;
34+
35+ const appPath = `${ appOutDir } ${ appName } ;
36+ const zipPath = `${ appOutDir } ${ appName } ;
37+
38+ const verifyCheck = runCommandWithExitCode ( `codesign --verify --deep --strict "${ appPath } ) ;
39+ if ( ! verifyCheck . success ) {
40+ if ( verifyCheck . code === 1 ) {
41+ console . error ( `Signature is invalid for app "${ appPath } ) ;
42+ } else if ( verifyCheck . code === 2 ) {
43+ console . error ( `"${ appPath } ) ;
44+ } else {
45+ console . error ( `Error (${ verifyCheck . code } ${ verifyCheck . message } ${ appPath } ) ;
46+ }
47+ console . warn ( 'skipping notarization step' ) ;
48+ return ;
49+ }
50+
51+ log ( `"${ appPath } ) ;
52+ log ( 'Notarizing mac application' ) ;
53+
2454 const { SIGNING_APPLE_ID , SIGNING_APP_PASSWORD , SIGNING_TEAM_ID } = process . env ;
2555
26- if ( isEmpty ( SIGNING_APPLE_ID ) || isEmpty ( SIGNING_APP_PASSWORD ) ) {
27- log ( 'SIGNING_APPLE_ID or SIGNING_APP_PASSWORD not set.\nTerminating noratization .' ) ;
56+ if ( isEmpty ( SIGNING_APPLE_ID ) ) {
57+ log ( 'SIGNING_APPLE_ID not set.\nTerminating notarization .' ) ;
2858 return ;
2959 }
3060
31- const options = {
32- appBundleId : 'com.loki-project.messenger-desktop' ,
33- appPath : `${ appOutDir } ${ appName } ,
34- appleId : SIGNING_APPLE_ID ,
35- appleIdPassword : SIGNING_APP_PASSWORD ,
36- } ;
37- if ( ! isEmpty ( SIGNING_TEAM_ID ) ) {
38- options . ascProvider = SIGNING_TEAM_ID ;
39- options . teamId = SIGNING_TEAM_ID ;
61+ if ( isEmpty ( SIGNING_APP_PASSWORD ) ) {
62+ log ( 'SIGNING_APP_PASSWORD not set.\nTerminating notarization.' ) ;
63+ return ;
4064 }
41- return notarize ( options ) ;
65+
66+ if ( isEmpty ( SIGNING_TEAM_ID ) ) {
67+ log ( ' SIGNING_TEAM_ID not set.\nTerminating notarization.' ) ;
68+ return ;
69+ }
70+
71+ console . log (
72+ execSync ( `ditto -c -k --sequesterRsrc --keepParent "${ appPath } ${ zipPath } , {
73+ encoding : 'utf8' ,
74+ } )
75+ ) ;
76+
77+ console . log (
78+ execSync (
79+ `xcrun notarytool submit "${ zipPath } ${ SIGNING_TEAM_ID } ${ SIGNING_APPLE_ID } ${ SIGNING_APP_PASSWORD } ,
80+ { encoding : 'utf8' }
81+ )
82+ ) ;
83+
84+ console . log ( execSync ( `xcrun stapler staple "${ appPath } , { encoding : 'utf8' } ) ) ;
4285} ;
0 commit comments