From ff70339aadaac760281c85ea53be8b86420847a9 Mon Sep 17 00:00:00 2001 From: David Baker Date: Wed, 9 Oct 2019 16:29:24 +0100 Subject: [PATCH 1/8] Working branch for notarisation --- package.json | 3 ++- scripts/electron_afterSign.js | 25 +++++++++++++++++++++++++ 2 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 scripts/electron_afterSign.js diff --git a/package.json b/package.json index bd05b090d..cd4f4cd28 100644 --- a/package.json +++ b/package.json @@ -188,6 +188,7 @@ "buildResources": "electron_app/build", "output": "electron_app/dist", "app": "electron_app" - } + }, + "afterSign": "scripts/electron_afterSign.js" } } diff --git a/scripts/electron_afterSign.js b/scripts/electron_afterSign.js new file mode 100644 index 000000000..bb554219a --- /dev/null +++ b/scripts/electron_afterSign.js @@ -0,0 +1,25 @@ +const { notarize } = require('electron-notarize'); + +exports.default = async function(context) { + const { electronPlatformName, appOutDir } = context; + if (electronPlatformName !== 'darwin') { + return; + } + + // We get the password from keychain. The keychain stores + // user IDs too, but apparently altool can't get the user ID + // from the keychain, so we need to get it from the environment. + const userId = process.env.NOTARIZE_APPLE_ID; + if (userId === undefined) { + throw new Exception("User ID not found. Set NOTARIZE_APPLE_ID."); + } + + const appName = context.packager.appInfo.productFilename; + + return await notarize({ + appBundleId: 'im.riot.app', + appPath: `${appOutDir}/${appName}.app`, + appleId: userId, + appleIdPassword: '@keychain:NOTARIZE_CREDS, + }); +}; From bad97db3025ce910c2e9dde8c99f48ade6ca6771 Mon Sep 17 00:00:00 2001 From: David Baker Date: Wed, 9 Oct 2019 16:40:31 +0100 Subject: [PATCH 2/8] remove random spaces --- scripts/electron_afterSign.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/electron_afterSign.js b/scripts/electron_afterSign.js index bb554219a..78211d41b 100644 --- a/scripts/electron_afterSign.js +++ b/scripts/electron_afterSign.js @@ -1,7 +1,7 @@ const { notarize } = require('electron-notarize'); exports.default = async function(context) { - const { electronPlatformName, appOutDir } = context; + const { electronPlatformName, appOutDir } = context; if (electronPlatformName !== 'darwin') { return; } @@ -13,9 +13,9 @@ exports.default = async function(context) { if (userId === undefined) { throw new Exception("User ID not found. Set NOTARIZE_APPLE_ID."); } - + const appName = context.packager.appInfo.productFilename; - + return await notarize({ appBundleId: 'im.riot.app', appPath: `${appOutDir}/${appName}.app`, From 7faba49f669bb5e3dc7a00d82c30518f6a39b62c Mon Sep 17 00:00:00 2001 From: David Baker Date: Thu, 10 Oct 2019 11:53:49 +0100 Subject: [PATCH 3/8] fix quotes --- scripts/electron_afterSign.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/electron_afterSign.js b/scripts/electron_afterSign.js index 78211d41b..20bb867dd 100644 --- a/scripts/electron_afterSign.js +++ b/scripts/electron_afterSign.js @@ -20,6 +20,6 @@ exports.default = async function(context) { appBundleId: 'im.riot.app', appPath: `${appOutDir}/${appName}.app`, appleId: userId, - appleIdPassword: '@keychain:NOTARIZE_CREDS, + appleIdPassword: '@keychain:NOTARIZE_CREDS', }); }; From 29f186bc18b6b6b26f9ff4c01df8e3b56f51be74 Mon Sep 17 00:00:00 2001 From: David Baker Date: Thu, 10 Oct 2019 11:57:39 +0100 Subject: [PATCH 4/8] add electron-notarize --- package.json | 1 + yarn.lock | 10 +++++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index cd4f4cd28..0836f624d 100644 --- a/package.json +++ b/package.json @@ -111,6 +111,7 @@ "electron-builder": "^21.2.0", "electron-builder-squirrel-windows": "^21.2.0", "electron-devtools-installer": "^2.2.4", + "electron-notarize": "^0.1.1", "eslint": "^5.8.0", "eslint-config-google": "^0.7.1", "eslint-plugin-babel": "^4.1.2", diff --git a/yarn.lock b/yarn.lock index b1eb8246f..c3cb2a7a7 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3134,6 +3134,14 @@ electron-devtools-installer@^2.2.4: rimraf "^2.5.2" semver "^5.3.0" +electron-notarize@^0.1.1: + version "0.1.1" + resolved "https://registry.yarnpkg.com/electron-notarize/-/electron-notarize-0.1.1.tgz#c3563d70c5e7b3315f44e8495b30050a8c408b91" + integrity sha512-TpKfJcz4LXl5jiGvZTs5fbEx+wUFXV5u8voeG5WCHWfY/cdgdD8lDZIZRqLVOtR3VO+drgJ9aiSHIO9TYn/fKg== + dependencies: + debug "^4.1.1" + fs-extra "^8.0.1" + electron-publish@21.2.0: version "21.2.0" resolved "https://registry.yarnpkg.com/electron-publish/-/electron-publish-21.2.0.tgz#cc225cb46aa62e74b899f2f7299b396c9802387d" @@ -4083,7 +4091,7 @@ fs-extra@^0.30.0: path-is-absolute "^1.0.0" rimraf "^2.2.8" -fs-extra@^8.1.0: +fs-extra@^8.0.1, fs-extra@^8.1.0: version "8.1.0" resolved "https://registry.yarnpkg.com/fs-extra/-/fs-extra-8.1.0.tgz#49d43c45a88cd9677668cb7be1b46efdb8d2e1c0" integrity sha512-yhlQgA6mnOJUKOsRUFsgJdQCvkKhcz8tlZG5HBQfReYZy46OwLcY+Zia0mtdHsOo9y/hP+CxMN0TU9QxoOtG4g== From a7d1d9880be3c37db137b9986f76e04b2424eb94 Mon Sep 17 00:00:00 2001 From: David Baker Date: Thu, 10 Oct 2019 14:56:35 +0100 Subject: [PATCH 5/8] Use my fork of electron-notarize if only to test it --- package.json | 2 +- yarn.lock | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/package.json b/package.json index 0836f624d..8b0b7ad92 100644 --- a/package.json +++ b/package.json @@ -111,7 +111,7 @@ "electron-builder": "^21.2.0", "electron-builder-squirrel-windows": "^21.2.0", "electron-devtools-installer": "^2.2.4", - "electron-notarize": "^0.1.1", + "electron-notarize": "dbkr/electron-notarize", "eslint": "^5.8.0", "eslint-config-google": "^0.7.1", "eslint-plugin-babel": "^4.1.2", diff --git a/yarn.lock b/yarn.lock index c3cb2a7a7..1e4b0f1af 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3134,10 +3134,9 @@ electron-devtools-installer@^2.2.4: rimraf "^2.5.2" semver "^5.3.0" -electron-notarize@^0.1.1: +electron-notarize@dbkr/electron-notarize: version "0.1.1" - resolved "https://registry.yarnpkg.com/electron-notarize/-/electron-notarize-0.1.1.tgz#c3563d70c5e7b3315f44e8495b30050a8c408b91" - integrity sha512-TpKfJcz4LXl5jiGvZTs5fbEx+wUFXV5u8voeG5WCHWfY/cdgdD8lDZIZRqLVOtR3VO+drgJ9aiSHIO9TYn/fKg== + resolved "https://codeload.github.com/dbkr/electron-notarize/tar.gz/1041444cf330a52e89077bae68745bfe47c8d2db" dependencies: debug "^4.1.1" fs-extra "^8.0.1" From 2bab328f8d85d9babe6bbff7c9cf8ead6c6e7400 Mon Sep 17 00:00:00 2001 From: David Baker Date: Thu, 10 Oct 2019 15:32:17 +0100 Subject: [PATCH 6/8] Check everything's in place for the notarising dance ...before we start the build process. --- scripts/electron-package.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/scripts/electron-package.sh b/scripts/electron-package.sh index 63c2fd72d..9b796b954 100755 --- a/scripts/electron-package.sh +++ b/scripts/electron-package.sh @@ -67,6 +67,14 @@ if [ ! -f package.json ]; then exit fi +if [ -z "$NOTARIZE_APPLE_ID" ]; then + echo "NOTARIZE_APPLE_ID is not set" + exit +fi + +# Test that altool can get its credentials for notarising the mac app +xcrun altool -u "$NOTARIZE_APPLE_ID" -p '@keychain:NOTARIZE_CREDS' --list-apps || exit + echo "Building $version using Update base URL $update_base_url" projdir=`pwd` From 0259eb64197e3332c78e4c979e2356df29a16e4f Mon Sep 17 00:00:00 2001 From: David Baker Date: Thu, 10 Oct 2019 18:34:26 +0100 Subject: [PATCH 7/8] Go back to upstream electron-notarize It doesn't work as a github dependency because the typescript doesn't get built. --- package.json | 2 +- yarn.lock | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/package.json b/package.json index 8b0b7ad92..0836f624d 100644 --- a/package.json +++ b/package.json @@ -111,7 +111,7 @@ "electron-builder": "^21.2.0", "electron-builder-squirrel-windows": "^21.2.0", "electron-devtools-installer": "^2.2.4", - "electron-notarize": "dbkr/electron-notarize", + "electron-notarize": "^0.1.1", "eslint": "^5.8.0", "eslint-config-google": "^0.7.1", "eslint-plugin-babel": "^4.1.2", diff --git a/yarn.lock b/yarn.lock index 1e4b0f1af..c3cb2a7a7 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3134,9 +3134,10 @@ electron-devtools-installer@^2.2.4: rimraf "^2.5.2" semver "^5.3.0" -electron-notarize@dbkr/electron-notarize: +electron-notarize@^0.1.1: version "0.1.1" - resolved "https://codeload.github.com/dbkr/electron-notarize/tar.gz/1041444cf330a52e89077bae68745bfe47c8d2db" + resolved "https://registry.yarnpkg.com/electron-notarize/-/electron-notarize-0.1.1.tgz#c3563d70c5e7b3315f44e8495b30050a8c408b91" + integrity sha512-TpKfJcz4LXl5jiGvZTs5fbEx+wUFXV5u8voeG5WCHWfY/cdgdD8lDZIZRqLVOtR3VO+drgJ9aiSHIO9TYn/fKg== dependencies: debug "^4.1.1" fs-extra "^8.0.1" From 071223120b39f026aadd502ceb284191345a1638 Mon Sep 17 00:00:00 2001 From: David Baker Date: Fri, 11 Oct 2019 10:45:42 +0100 Subject: [PATCH 8/8] Warn that this might be a while --- scripts/electron_afterSign.js | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/electron_afterSign.js b/scripts/electron_afterSign.js index 20bb867dd..0d42c5524 100644 --- a/scripts/electron_afterSign.js +++ b/scripts/electron_afterSign.js @@ -16,6 +16,7 @@ exports.default = async function(context) { const appName = context.packager.appInfo.productFilename; + console.log("Notarising macOS app. This may be some time."); return await notarize({ appBundleId: 'im.riot.app', appPath: `${appOutDir}/${appName}.app`,