Merge pull request #215 from mattfarina/sign-not

mattfarina · web-flow · commit 98c8fefd7663 · 2021-04-30T11:02:58.000-07:00
Setup to sign and notarize
diff --git a/build/entitlements.mac.inherit.plist b/build/entitlements.mac.inherit.plist
@@ -0,0 +1,15 @@
+
+<!--?xml version="1.0" encoding="UTF-8"?-->
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+    <dict>
+        <key>com.apple.security.inherit</key>
+        <true/>
+        <key>com.apple.security.cs.allow-jit</key>
+        <true/>
+        <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+        <true/>
+        <key>com.apple.security.cs.disable-library-validation</key>
+        <true/>
+    </dict>
+</plist>
diff --git a/build/entitlements.mac.plist b/build/entitlements.mac.plist
@@ -0,0 +1,15 @@
+
+<!--?xml version="1.0" encoding="UTF-8"?-->
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+    <dict>
+        <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+        <true/>
+        <key>com.apple.security.cs.allow-jit</key>
+        <true/>
+        <key>com.apple.security.cs.disable-library-validation</key>
+        <true/>
+        <key>com.apple.security.hypervisor</key>
+        <true/>
+    </dict>
+</plist>
diff --git a/electron-builder.yml b/electron-builder.yml
@@ -1,8 +1,15 @@
 productName: Rancher Desktop
 icon: ./resources/icons/logo-square-512.png
-appId: io.rancher.rancher-desktop
+appId: io.rancherdesktop.app
 asar: true
 extraResources:
 - resources/
 files:
 - dist/app/**/*
+mac:
+  entitlements: "build/entitlements.mac.plist"
+  entitlementsInherit: "build/entitlements.mac.inherit.plist"
+  darkModeSupport: true
+  hardenedRuntime: true
+  gatekeeperAssess: false
+afterSign: "scripts/notarize.js"
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -61,6 +61,7 @@
     "electron": "^10.3.0",
     "electron-builder": "^22.9.1",
     "electron-devtools-installer": "^3.1.0",
+    "electron-notarize": "^1.0.0",
     "eslint": "^7.18.0",
     "eslint-plugin-nuxt": "^2.0.0",
     "eslint-plugin-vue": "^7.4.1",
diff --git a/scripts/notarize.js b/scripts/notarize.js
@@ -0,0 +1,24 @@
+require('dotenv').config();
+const { notarize } = require('electron-notarize');
+
+exports.default = async function notarizing(context) {
+  const { electronPlatformName, appOutDir } = context;
+
+  if (electronPlatformName !== 'darwin') {
+    return;
+  }
+
+  const appName = context.packager.appInfo.productFilename;
+  const appleId = process.env.APPLEID;
+
+  if (!appleId) {
+    return;
+  }
+
+  return await notarize({
+    appBundleId:     'io.rancherdesktop.app',
+    appPath:         `${ appOutDir }/${ appName }.app`,
+    appleId,
+    appleIdPassword: process.env.AC_PASSWORD
+  });
+};
