chore: macOS notarizing (#1365)

* chore: macOS notarizing This adds scripts that run electron-notarize as additional manual or build steps on darvin runtime, loosly following https://kilianvalkhof.com/2019/electron/notarizing-your-electron-application/ Context: #1211 entitlements should enable us to pass process with go-ipfs binary electron-userland/electron-builder#3940 (comment) notarize-cli.js uses electron-notarize-dmg, works like electron-notarize but supports DMG without stapling (which is what we want for now) License: MIT Signed-off-by: Marcin Rataj <lidel@lidel.org>
ipfs · Mar 10, 2020 · 81e74d5 · 81e74d5
1 parent 7b3c49b
commit 81e74d5
Show file tree

Hide file tree

Showing 9 changed files with 257 additions and 35 deletions.
diff --git a/.gitignore b/.gitignore
@@ -2,6 +2,7 @@ node_modules
 out
 dist
 .cache
+.env
 config.gypi
 assets/webui
 *.nupkg

diff --git a/.travis.yml b/.travis.yml
@@ -4,7 +4,7 @@ services:
   - xvfb
 
 node_js:
-  - 12.14.1
+  - 12.16.1
 
 os:
   - linux

diff --git a/README.md b/README.md
@@ -120,6 +120,10 @@ Other languages are periodically pulled from [Transifex](https://www.transifex.c
 - Publish local changes and the tag to GitHub repo: `git push && git push origin vA.B.C`
 - Wait for the CI to upload the binaries to the draft release (a new one will be created if you haven't drafted one).
 - The `latest.yml, latest-mac.yml, latest-linux.yml` files on the release are used by the app to determine when an app update is available. Once a release is published, users should recieve the app update. See: https://www.electron.build/auto-update.
+- Notarize `.dmg` at Apple (context: [#1365](https://github.com/ipfs-shipyard/ipfs-desktop/issues/1211))
+    1. Download `.dmg` from `https://github.com/ipfs-shipyard/ipfs-desktop/releases/vA.B.C`
+    2. Ensure `APPLEID` and `APPLEIDPASS` are set either as environment variables or entries in `.env` file. Those need to belong to the same org as cert used for signing.
+    3. Run `node pkgs/macos/notarize-cli.js ./IPFS-Desktop-A.B.C.dmg`
 - Update [Homebrew Cask](https://github.com/Homebrew/homebrew-cask/blob/master/CONTRIBUTING.md#updating-a-cask).
 - Update Chocolatey package:
     1. Update the version number on [ipfs-desktop.nuspec](./pkgs/chocolatey/ipfs-desktop.nuspec#L5)

diff --git a/electron-builder.yml b/electron-builder.yml
@@ -6,9 +6,15 @@ directories:
 
 asarUnpack: 'out/**/scripts/**/*'
 
+afterSign: './pkgs/macos/notarize-build.js'
+
 mac:
   category: public.app-category.utilities
   darkModeSupport: true
+  hardenedRuntime: true
+  gatekeeperAssess: false
+  entitlements: './pkgs/macos/entitlements.mac.plist'
+  entitlementsInherit: './pkgs/macos/entitlements.mac.plist'
 
 dmg:
   iconSize: 160