Closed illume closed 3 years ago
What I tried so far with electron-packager
linked from the electron docs, isn't quite working. It's very big for some reason (1.2GB), and doesn't make a .dmg.
Install the electron-packager:
npm install electron-packager -g
Find the identity to use later for signing:
security find-identity
Make the signed app:
electron-packager . "Headlamp Kubernetes UI" --platform=darwin --arch=x64 --app-bundle-id="io.kinvolk.Headlamp" --app-version="0.2.0" --build-version="0.2.100" --osx-sign.identity="939R32ZCVC" --overwrite
Using https://www.electron.build/code-signing I got it signing, but only with my own developer certificate.
make app-mac
You can confirm what it has been signed with using:
$ codesign -dvvv dist/mac/Headlamp.app 2> >(grep Auth)
Authority=Apple Development: Rene Dudfield (939R32ZCVC)
Authority=Apple Worldwide Developer Relations Certification Authority
Authority=Apple Root CA
Note, there is no "Authority=Developer ID Application
" one.
(There's a very good article here at "How to check signatures on apps, installers, and packages" with good info).
There's some environment variables to control which identity and certificates electron-build uses.
CSC_NAME="Kinvolk GmbH (Z3JLKXXXX)" CSC_LINK=path-to-file.pem make app-mac
Seems the private key is missing on my machine for the "Developer ID Application" one.
According to these docs: https://help.apple.com/xcode/mac/current/#/dev154b28f09 the creator of the certificate needs to export it on their mac (and then share the private file).
This is already done.
Current situation
The Mac app should be code signed so it can be run more easily.
Implementation options
https://www.electronjs.org/docs/tutorial/code-signing#code-signing