search

electron / notarize

Notarize your macOS Electron Apps
MIT License
130 stars 31 forks source link

Legacy altool being used despite specifying notarytool #163

Closed brondibur closed 11 months ago

brondibur commented 11 months ago

We have the following script in package.json:

dist:arm64: electron-builder -m --arm64 --config=macos.build.prod.js

The contents of macos.build.prod.js are:

const baseConfig = require('./macos.build.base');

module.exports = {
  ...baseConfig,
  mac: {
    ...baseConfig.mac,
    identity: "${IDENTITY}",
    hardenedRuntime: true,
    gatekeeperAssess: true
  },
  pkg: {
    ...baseConfig.pkg,
    identity: "${IDENTITY}"
  },
  afterSign: "build/notarize.js",
};

And finally, the contents of notarize.js are:

// notarize.js
const { notarize } = require('@electron/notarize')
require('dotenv').config();

exports.default = async function notarizing(context) {
  const { electronPlatformName, appOutDir } = context

  const appName = context.packager.appInfo.productFilename

  return await notarize({
    tool: 'notarytool',
    appPath: `${appOutDir}/${appName}.app`,
    appleId: process.env.APPLE_ID,
    appleIdPassword: process.env.APPLE_APP_SPECIFIC_PASSWORD,
    teamId: process.env.APPLE_TEAM_ID
  })
}

We clearly specify the tool as notarytool. But we still see the following warning:

Notarizing using the legacy altool system. The altool system will be disabled on November 1 2023. Please switch to the notarytool system before then.
You can do this by setting "tool: notarytool" in your "@electron/notarize" options. Please note that the credentials options may be slightly different between tools.
brondibur commented 11 months ago

This happens because electron-builder notarizes the app (unintentionally) after building and signing, as it calls notarizeIfProvided. This calls the generateNotarizeOptions function, which returns "legacy" as the tool since we don't specify the notarize field in the build config and it is undefined.

So we're essentially notarizing twice, once unintentionally via electron-builder using altool, and once intentionally via electron-notarize using notarytool.

This can be "fixed" by adding notarize: false to the build config, so that electron-builder will skip notarization:

mac: {
    ...
    notarize: false
  }

Or we can stop using electron-notarize and just use electron-builder for notarization by properly passing the notarize field in the build config. 

mac: {
    ...
    notarize: {
      teamId: <TEAM_ID>
    }
  }
neerajtk13 commented 5 months ago
Screenshot 2024-04-03 at 7 04 50 PM