diff --git a/package-lock.json b/package-lock.json index 39c12a8a5..68408cf73 100644 --- a/package-lock.json +++ b/package-lock.json @@ -4612,6 +4612,16 @@ "fs-extra": "^8.1.0" } }, + "electron-notarize-dmg": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/electron-notarize-dmg/-/electron-notarize-dmg-1.0.0.tgz", + "integrity": "sha512-/NGmml9iB2FnBY9PiLfmJ13qqppc/s3VvVjib/bwQRaUl9bEOVNlJ3DhaQG9TxahzvF4DSLI7lOASlD8FIEDbQ==", + "dev": true, + "requires": { + "debug": "^4.1.1", + "fs-extra": "^8.1.0" + } + }, "electron-publish": { "version": "22.4.0", "resolved": "https://registry.npmjs.org/electron-publish/-/electron-publish-22.4.0.tgz", diff --git a/package.json b/package.json index b401b915c..1e4e656c2 100644 --- a/package.json +++ b/package.json @@ -62,6 +62,7 @@ "electron": "^7.1.14", "electron-builder": "^22.4.0", "electron-notarize": "^0.2.1", + "electron-notarize-dmg": "1.0.0", "mocha": "^6.2.2", "npm-run-all": "^4.1.5", "pre-commit": "^1.2.2", diff --git a/pkgs/macos/notarize-cli.js b/pkgs/macos/notarize-cli.js index 1093d37ae..18a920fc1 100644 --- a/pkgs/macos/notarize-cli.js +++ b/pkgs/macos/notarize-cli.js @@ -1,5 +1,5 @@ require('dotenv').config() -const { notarize } = require('electron-notarize') +const { notarize } = require('electron-notarize-dmg') // Manual online notarization (no stapling) via CLI // ================================================ @@ -9,19 +9,28 @@ const { notarize } = require('electron-notarize') // Usage: // 1. Define APPLEID and APPLEIDPASS // 2. node ./notarize.js path/to/IPFS-Desktop.dmg +// +// Note on stapling and this script: +// We disable stapling of the dmg file, as it changes its contents. It +// would break auto update files. It is perfectly okay to notarize and not +// staple to keep the file intact. This requires end users to have connectivity +// to validate the file, but they had it to get .dmg in the first place. + ;(async () => { const artifactPath = process.argv[2] - if (!artifactPath) { - console.log('Missing artifact path: pass it as CLI argument') + if (!artifactPath || !artifactPath.endsWith('.dmg')) { + console.log('Missing artifact path: pass .dmg file as CLI argument') process.exit(1) } if (!process.env.APPLEID || !process.env.APPLEIDPASS) { console.log('Define APPLEID and APPLEIDPASS as env variables or in .env file') process.exit(1) } + console.log(`Initializing notarization of DMG at ${artifactPath}`) await notarize({ appBundleId: 'io.ipfs.desktop', - appPath: artifactPath, + dmgPath: artifactPath, + staple: false, appleId: process.env.APPLEID, appleIdPassword: process.env.APPLEIDPASS })