diff --git a/wowup-electron/.gitignore b/wowup-electron/.gitignore index 9c39f69b..2eb008f2 100644 --- a/wowup-electron/.gitignore +++ b/wowup-electron/.gitignore @@ -1,4 +1,5 @@ # See http://help.github.com/ignore-files/ for more about ignoring files. +.env # compiled output /dist @@ -15,6 +16,7 @@ src/**/*.js !src/karma.conf.js *.js.map *.js +!electron-build/*.js # dependencies /node_modules diff --git a/wowup-electron/electron-build/after-sign.js b/wowup-electron/electron-build/after-sign.js new file mode 100644 index 00000000..14f67893 --- /dev/null +++ b/wowup-electron/electron-build/after-sign.js @@ -0,0 +1,40 @@ +// Inspired by https://medium.com/@TwitterArchiveEraser/notarize-electron-apps-7a5f988406db +const fs = require('fs'); +const path = require('path'); +const electron_notarize = require('electron-notarize'); + +// Pull in signing env vars +require('dotenv').config({ + path: path.join(__dirname, '..', '.env') +}) + +module.exports = async function (params) { + // Only notarize the app on Mac OS only. + if (process.platform !== 'darwin') { + return; + } + console.log('afterSign hook triggered'); + + // Same appId in electron-builder. + const appId = 'io.wowup.jliddev' + const appPath = path.join(params.appOutDir, `${params.packager.appInfo.productFilename}.app`); + if (!fs.existsSync(appPath)) { + throw new Error(`Cannot find application at: ${appPath}`); + } + + console.log(`Notarizing ${appId} found at ${appPath}`); + + try { + await electron_notarize.notarize({ + appBundleId: appId, + appPath: appPath, + appleId: process.env.NOTARIZE_APPLE_ID, + appleIdPassword: process.env.NOTARIZE_APPLE_PASSWORD, + ascProvider: process.env.NOTARIZE_APPLE_TEAM_ID + }); + } catch (error) { + console.error(error); + } + + console.log(`Done notarizing ${appId}`); +}; \ No newline at end of file diff --git a/wowup-electron/electron-build/entitlements.mac.plist b/wowup-electron/electron-build/entitlements.mac.plist new file mode 100644 index 00000000..ad77a2a1 --- /dev/null +++ b/wowup-electron/electron-build/entitlements.mac.plist @@ -0,0 +1,14 @@ + + + + + com.apple.security.cs.allow-jit + + com.apple.security.cs.allow-unsigned-executable-memory + + com.apple.security.cs.allow-dyld-environment-variables + + com.apple.security.cs.disable-library-validation + + + \ No newline at end of file diff --git a/wowup-electron/electron-builder.json b/wowup-electron/electron-builder.json index 92e6de0c..faa068ae 100644 --- a/wowup-electron/electron-builder.json +++ b/wowup-electron/electron-builder.json @@ -4,6 +4,7 @@ "directories": { "output": "release/" }, + "afterSign": "./electron-build/after-sign.js", "generateUpdatesFilesForAllChannels": true, "publish": ["github"], "nodeGypRebuild": true, @@ -53,7 +54,9 @@ "mac": { "icon": "dist/assets/icons", "category": "public.app-category.games", - "target": ["default"] + "target": ["default"], + "hardenedRuntime": true, + "entitlements": "./electron-build/entitlements.mac.plist" }, "linux": { "icon": "dist/assets/icons", diff --git a/wowup-electron/package.json b/wowup-electron/package.json index 2fcb0681..8a7fd4f3 100644 --- a/wowup-electron/package.json +++ b/wowup-electron/package.json @@ -81,8 +81,10 @@ "conventional-changelog-cli": "2.1.1", "core-js": "3.7.0", "cross-env": "7.0.2", + "dotenv": "8.2.0", "electron": "11.0.2", "electron-builder": "22.9.1", + "electron-notarize": "1.0.0", "electron-reload": "1.5.0", "eslint": "7.12.1", "eslint-plugin-import": "2.22.1",