Mac code signing

[illume]

Current situation

The Mac app should be code signed so it can be run more easily.

Implementation options

https://www.electronjs.org/docs/tutorial/code-signing#code-signing

[illume]

What I tried so far with electron-packager linked from the electron docs, isn't quite working. It's very big for some reason (1.2GB), and doesn't make a .dmg.

Install the electron-packager:

npm install electron-packager -g

Find the identity to use later for signing:

security find-identity

Make the signed app:

electron-packager . "Headlamp Kubernetes UI" --platform=darwin --arch=x64 --app-bundle-id="io.kinvolk.Headlamp" --app-version="0.2.0" --build-version="0.2.100" --osx-sign.identity="939R32ZCVC" --overwrite

[illume]

Using https://www.electron.build/code-signing I got it signing, but only with my own developer certificate.

make app-mac

You can confirm what it has been signed with using:

$ codesign -dvvv dist/mac/Headlamp.app 2> >(grep Auth)
Authority=Apple Development: Rene Dudfield (939R32ZCVC)
Authority=Apple Worldwide Developer Relations Certification Authority
Authority=Apple Root CA

Note, there is no "Authority=Developer ID Application" one.

(There's a very good article here at "How to check signatures on apps, installers, and packages" with good info).

There's some environment variables to control which identity and certificates electron-build uses.

CSC_NAME="Kinvolk GmbH (Z3JLKXXXX)" CSC_LINK=path-to-file.pem make app-mac

Seems the private key is missing on my machine for the "Developer ID Application" one.

According to these docs: https://help.apple.com/xcode/mac/current/#/dev154b28f09 the creator of the certificate needs to export it on their mac (and then share the private file).

[joaquimrocha]

This is already done.