• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

electron/electron-notarize: Notarize your macOS Electron Apps

原作者: [db:作者] 来自: 网络 收藏 邀请

开源软件名称(OpenSource Name):

electron/electron-notarize

开源软件地址(OpenSource Url):

https://github.com/electron/electron-notarize

开源编程语言(OpenSource Language):

TypeScript 99.7%

开源软件介绍(OpenSource Introduction):

Electron Notarize

Notarize your Electron apps seamlessly for macOS

CircleCI status NPM package

Installation

# npm
npm install electron-notarize --save-dev

# yarn
yarn add electron-notarize --dev

What is app "notarization"?

From Apple's docs in XCode:

A notarized app is a macOS app that was uploaded to Apple for processing before it was distributed. When you export a notarized app from Xcode, it code signs the app with a Developer ID certificate and staples a ticket from Apple to the app. The ticket confirms that you previously uploaded the app to Apple.

On macOS 10.14 and later, the user can launch notarized apps when Gatekeeper is enabled. When the user first launches a notarized app, Gatekeeper looks for the app’s ticket online. If the user is offline, Gatekeeper looks for the ticket that was stapled to the app.

Apple has made this a hard requirement as of 10.15 (Catalina).

Prerequisites

For notarization, you need the following things:

  1. Xcode 10 or later installed on your Mac.
  2. An Apple Developer account.
  3. An app-specific password for your ADC account’s Apple ID.
  4. Your app may need to be signed with hardened-runtime and the following entitlements:
    1. com.apple.security.cs.allow-jit
    2. com.apple.security.cs.allow-unsigned-executable-memory

API

Method: notarize(opts): Promise<void>

  • options Object
    • tool String - The notarization tool to use, default is legacy. Can be legacy or notarytool. notarytool is substantially (10x) faster.
    • appPath String - The absolute path to your .app file
    • There are different options for each tool: Legacy
      • appBundleId String - The app bundle identifier your Electron app is using. E.g. com.github.electron
      • ascProvider String (optional) - Your Team Short Name.
      • There are two authentication methods available: user name with password:
        • appleId String - The username of your apple developer account
        • appleIdPassword String - The app-specific password (not your Apple ID password).
      • ... or apiKey with apiIssuer:
        • appleApiKey String - Required for JWT authentication. See Note on JWT authentication below.
        • appleApiIssuer String - Issuer ID. Required if appleApiKey is specified.
    • ... or Notary Tool
      • There are three authentication methods available: user name with password:
        • appleId String - The username of your apple developer account
        • appleIdPassword String - The app-specific password (not your Apple ID password).
        • teamId String - The team ID you want to notarize under.
      • ... or apiKey with apiIssuer:
        • appleApiKey String - Required for JWT authentication. See Note on JWT authentication below.
        • appleApiKeyId String - Required for JWT authentication. See Note on JWT authentication below.
        • appleApiIssuer String - Issuer ID. Required if appleApiKey is specified.
      • ... or keychain with keychainProfile:
        • keychain String - The name of the keychain or path to the keychain you stored notarization credentials in.
        • keychainProfile String - The name of the profile you provided when storing notarization credentials.

Safety when using appleIdPassword

  1. Never hard code your password into your packaging scripts, use an environment variable at a minimum.
  2. It is possible to provide a keychain reference instead of your actual password (assuming that you have already logged into the Application Loader from Xcode). For example:
const password = `@keychain:"Application Loader: ${appleId}"`;

Another option is that you can add a new keychain item using either the Keychain Access app or from the command line using the security utility:

security add-generic-password -a "AC_USERNAME" -w <app_specific_password> -s "AC_PASSWORD"

where AC_USERNAME should be replaced with your Apple ID, and then in your code you can use:

const password = `@keychain:AC_PASSWORD`;

Notes on JWT authentication

You can obtain an API key from Appstore Connect. Create a key with App Manager access. Note down the Issuer ID and download the .p8 file. This file is your API key and comes with the name of AuthKey_<api_key>.p8. This is the string you have to supply when calling notarize.

Based on the ApiKey, altool will look in the following places for that file:

  • ./private_keys
  • ~/private_keys
  • ~/.private_keys
  • ~/.appstoreconnect/private_keys

Notes on your Team Short Name

If you are a member of multiple teams or organizations, you have to tell Apple on behalf of which organization you're uploading. To find your team's short name), you can ask iTMSTransporter, which is part of the now deprecated Application Loader as well as the newer Transporter.

With Transporter installed, run:

/Applications/Transporter.app/Contents/itms/bin/iTMSTransporter -m provider -u APPLE_DEV_ACCOUNT -p APP_PASSWORD

Alternatively, with older versions of Xcode, run:

/Applications/Xcode.app/Contents/Applications/Application Loader.app/Contents/itms/bin/iTMSTransporter -m provider -u APPLE_DEV_ACCOUNT -p APP_PASSWORD

Example Usage

import { notarize } from 'electron-notarize';

async function packageTask () {
  // Package your app here, and code sign with hardened runtime
  await notarize({
    appBundleId,
    appPath,
    appleId,
    appleIdPassword,
    ascProvider, // This parameter is optional
  });
}



鲜花

握手

雷人

路过

鸡蛋
该文章已有0人参与评论

请发表评论

全部评论

专题导读
热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap