Closed idoodler closed 1 month ago
@mmaietta As mention in #8087
Thanks @idoodler ! Quick Q, are mas
targets ever supposed to be notarized? (Meaning it should always be skipped by electron-builder logic) Or is that limited to mac
target?
Thanks @idoodler ! Quick Q, are
mas
targets ever supposed to be notarized? (Meaning it should always be skipped by electron-builder logic) Or is that limited tomac
target?
Only apps distributed outside of the mac app store must be notarized.
I don't know of any reason why one would need to notarize a MAS target.
Soooo im genuinely not sure why mas builds are being notarized as there's an explicit if
-statement to avoid doing so 🤔
https://github.com/electron-userland/electron-builder/blob/27953bbe308d196adb0162f86caf5222666bd132/packages/app-builder-lib/src/macPackager.ts#L335-L337
I don't have an active Apple Developer Subscription to write a notarization unit test for either, but debating on reopening my account
Can you post your electron-builder config?
@mmaietta I just checked, the masOptions
are undefined
for me:
Here is the effective config (dist/builder-effective-config.yaml
) which is generated based on the base
config which doesn't include the mas
target for the mac
platform. This is something I also do in the our legacy project due to some changes we have to do specific to mas
. **Note that I removed protocols
, linux
, deb
, win
, appx
and the files
property
directories:
output: dist
buildResources: build
appId: <REDACTED>
afterAllArtifactBuild: ./build/hooks/afterAllArtifactBuildHook.js
buildVersion: '1'
electronVersion: 25.2.0
artifactName: ${productName}.${ext}
mac:
category: public.app-category.utilities
hardenedRuntime: true
gatekeeperAssess: true
target:
target: mas
arch:
- universal
provisioningProfile: build/embedded.mas.provisionprofile
extendInfo:
ITSAppUsesNonExemptEncryption: false
LSMultipleInstancesProhibited: true
mas:
entitlements: build/entitlements.mas.plist
entitlementsInherit: build/entitlements.mas.inherit.plist
dmg:
title: ${productName}
window:
width: 700
height: 400
x: 200
'y': 200
contents:
- x: 450
'y': 190
type: link
path: /Applications
- x: 230
'y': 190
type: file
Here is the script (build/electron-builder.mas.js
) which takes the base and adopts the config. This script is then fed into electron-builder
via the -c
argument:
const YAML = require('yaml');
const fs = require('fs');
const path = require('path');
module.exports = context => {
const config = YAML.parse(
fs.readFileSync(
path.join(__dirname, 'electron-builder.base.yml'),
'utf8',
),
);
delete config.afterSign;
config.mac.target = {
target: 'mas',
arch: ['universal'],
};
config.mac.provisioningProfile = `build/embedded.mas.provisionprofile`;
config.mac.extendInfo = {
ITSAppUsesNonExemptEncryption: false,
LSMultipleInstancesProhibited: true,
};
config.mas = {
entitlements: `build/entitlements.mas.plist`,
entitlementsInherit: `build/entitlements.mas.inherit.plist`,
};
return config;
};
So in total to build mas
we use the following command: USE_HARD_LINKS=false electron-builder -c build/electron-builder.mas.js -m
Any update! Please!
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.
This issue was closed because it has been stalled for 30 days with no activity.
When building the MAS target with the artifacts are notarized which then results in
The executable must be signed with the certificate that is contained in the provisioning profile
.Here is the building output:
As you can see the notarization step should not be here.
In Addition I do have an
electron-builder.env
file in the projects root directory, it has the following structure: