From 244b793d6c0514d2e5744306c16883a9ab7ea8af Mon Sep 17 00:00:00 2001
From: john liddell <jliddev@gmail.com>
Date: Mon, 23 Nov 2020 10:07:19 -0600
Subject: [PATCH 1/2] Mac notorize settings

---
 wowup-electron/electron-builder.json  |  4 +++-
 wowup-electron/mac/entitlements.plist | 12 ++++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100644 wowup-electron/mac/entitlements.plist

diff --git a/wowup-electron/electron-builder.json b/wowup-electron/electron-builder.json
index 92e6de0c..1cdd7e32 100644
--- a/wowup-electron/electron-builder.json
+++ b/wowup-electron/electron-builder.json
@@ -53,7 +53,9 @@
   "mac": {
     "icon": "dist/assets/icons",
     "category": "public.app-category.games",
-    "target": ["default"]
+    "target": ["default"],
+    "hardenedRuntime": true,
+    "entitlements": "./mac/entitlements.plist"
   },
   "linux": {
     "icon": "dist/assets/icons",
diff --git a/wowup-electron/mac/entitlements.plist b/wowup-electron/mac/entitlements.plist
new file mode 100644
index 00000000..273c351b
--- /dev/null
+++ b/wowup-electron/mac/entitlements.plist
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+  <dict>
+    <key>com.apple.security.cs.allow-jit</key>
+    <true/>
+    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+    <true/>
+    <key>com.apple.security.cs.allow-dyld-environment-variables</key>
+    <true/>
+  </dict>
+</plist>
\ No newline at end of file

From c9dd717a892377b11b809eab62fff42b8d2dc9f6 Mon Sep 17 00:00:00 2001
From: john liddell <jliddev@gmail.com>
Date: Fri, 27 Nov 2020 19:09:32 -0600
Subject: [PATCH 2/2] Notarizing seems to work.

---
 wowup-electron/.gitignore                     |  2 +
 wowup-electron/electron-build/after-sign.js   | 40 +++++++++++++++++++
 .../entitlements.mac.plist}                   |  2 +
 wowup-electron/electron-builder.json          |  3 +-
 wowup-electron/package.json                   |  2 +
 5 files changed, 48 insertions(+), 1 deletion(-)
 create mode 100644 wowup-electron/electron-build/after-sign.js
 rename wowup-electron/{mac/entitlements.plist => electron-build/entitlements.mac.plist} (82%)

diff --git a/wowup-electron/.gitignore b/wowup-electron/.gitignore
index 9c39f69b..2eb008f2 100644
--- a/wowup-electron/.gitignore
+++ b/wowup-electron/.gitignore
@@ -1,4 +1,5 @@
 # See http://help.github.com/ignore-files/ for more about ignoring files.
+.env
 
 # compiled output
 /dist
@@ -15,6 +16,7 @@ src/**/*.js
 !src/karma.conf.js
 *.js.map
 *.js
+!electron-build/*.js
 
 # dependencies
 /node_modules
diff --git a/wowup-electron/electron-build/after-sign.js b/wowup-electron/electron-build/after-sign.js
new file mode 100644
index 00000000..14f67893
--- /dev/null
+++ b/wowup-electron/electron-build/after-sign.js
@@ -0,0 +1,40 @@
+// Inspired by https://medium.com/@TwitterArchiveEraser/notarize-electron-apps-7a5f988406db
+const fs = require('fs');
+const path = require('path');
+const electron_notarize = require('electron-notarize');
+
+// Pull in signing env vars
+require('dotenv').config({
+  path: path.join(__dirname, '..', '.env')
+})
+
+module.exports = async function (params) {
+  // Only notarize the app on Mac OS only.
+  if (process.platform !== 'darwin') {
+    return;
+  }
+  console.log('afterSign hook triggered');
+
+  // Same appId in electron-builder.
+  const appId = 'io.wowup.jliddev'
+  const appPath = path.join(params.appOutDir, `${params.packager.appInfo.productFilename}.app`);
+  if (!fs.existsSync(appPath)) {
+    throw new Error(`Cannot find application at: ${appPath}`);
+  }
+
+  console.log(`Notarizing ${appId} found at ${appPath}`);
+
+  try {
+    await electron_notarize.notarize({
+      appBundleId: appId,
+      appPath: appPath,
+      appleId: process.env.NOTARIZE_APPLE_ID,
+      appleIdPassword: process.env.NOTARIZE_APPLE_PASSWORD,
+      ascProvider: process.env.NOTARIZE_APPLE_TEAM_ID
+    });
+  } catch (error) {
+    console.error(error);
+  }
+
+  console.log(`Done notarizing ${appId}`);
+};
\ No newline at end of file
diff --git a/wowup-electron/mac/entitlements.plist b/wowup-electron/electron-build/entitlements.mac.plist
similarity index 82%
rename from wowup-electron/mac/entitlements.plist
rename to wowup-electron/electron-build/entitlements.mac.plist
index 273c351b..ad77a2a1 100644
--- a/wowup-electron/mac/entitlements.plist
+++ b/wowup-electron/electron-build/entitlements.mac.plist
@@ -8,5 +8,7 @@
     <true/>
     <key>com.apple.security.cs.allow-dyld-environment-variables</key>
     <true/>
+    <key>com.apple.security.cs.disable-library-validation</key>
+    <true/>
   </dict>
 </plist>
\ No newline at end of file
diff --git a/wowup-electron/electron-builder.json b/wowup-electron/electron-builder.json
index 1cdd7e32..faa068ae 100644
--- a/wowup-electron/electron-builder.json
+++ b/wowup-electron/electron-builder.json
@@ -4,6 +4,7 @@
   "directories": {
     "output": "release/"
   },
+  "afterSign": "./electron-build/after-sign.js",
   "generateUpdatesFilesForAllChannels": true,
   "publish": ["github"],
   "nodeGypRebuild": true,
@@ -55,7 +56,7 @@
     "category": "public.app-category.games",
     "target": ["default"],
     "hardenedRuntime": true,
-    "entitlements": "./mac/entitlements.plist"
+    "entitlements": "./electron-build/entitlements.mac.plist"
   },
   "linux": {
     "icon": "dist/assets/icons",
diff --git a/wowup-electron/package.json b/wowup-electron/package.json
index 2fcb0681..8a7fd4f3 100644
--- a/wowup-electron/package.json
+++ b/wowup-electron/package.json
@@ -81,8 +81,10 @@
     "conventional-changelog-cli": "2.1.1",
     "core-js": "3.7.0",
     "cross-env": "7.0.2",
+    "dotenv": "8.2.0",
     "electron": "11.0.2",
     "electron-builder": "22.9.1",
+    "electron-notarize": "1.0.0",
     "electron-reload": "1.5.0",
     "eslint": "7.12.1",
     "eslint-plugin-import": "2.22.1",