search

leanflutter / auto_updater

This plugin allows Flutter desktop apps to automatically update themselves (based on sparkle and winsparkle).
MIT License
278 stars 38 forks source link

The executable requests the com.apple.security.get-task-allow entitlement. #21

Closed ollyde closed 2 years ago

ollyde commented 2 years ago

When trying to notorise the app with xcrun altool --notarize-app --primary-bundle-id "com.myApp.app" --username "---" --password "---" --file myApp.app

We get the following errors back from Apple, any ideas how we can fix this?

Screenshot 2022-06-19 at 16 46 09
ollyde commented 2 years ago

Without notarization users cannot install the app.

ollyde commented 2 years ago

Setting this to this fixes it. Have not tested the update yet.

Screenshot 2022-06-19 at 16 55 24
ollyde commented 2 years ago

After disabling this setting the automatic update fails.

Screenshot 2022-06-19 at 17 06 39
ollyde commented 2 years ago

For anyone else who is stuck, you have to add the following build steps and resign spark.

# Sign Sparkle https://sparkle-project.org/documentation/sandboxing/
CODE_SIGN_IDENTITY="Developer ID Application: [you developer id]"
codesign -f -s "$CODE_SIGN_IDENTITY" -o runtime ${build_loc}my-app.app/Contents/Frameworks/Sparkle.framework/Versions/B/XPCServices/org.sparkle-project.InstallerLauncher.xpc
codesign -f -s "$CODE_SIGN_IDENTITY" -o runtime --entitlements Entitlements/org.sparkle-project.Downloader.entitlements ${build_loc}my-app.app/Contents/Frameworks/Sparkle.framework/Versions/B/XPCServices/org.sparkle-project.Downloader.xpc
codesign -f -s "$CODE_SIGN_IDENTITY" -o runtime ${build_loc}my-app.app/Contents/Frameworks/Sparkle.framework/Versions/B/Autoupdate
codesign -f -s "$CODE_SIGN_IDENTITY" -o runtime ${build_loc}my-app.app/Contents/Frameworks/Sparkle.framework/Versions/B/Updater.app
codesign -f -s "$CODE_SIGN_IDENTITY" -o runtime ${build_loc}my-app.app/Contents/Frameworks/Sparkle.framework
ollyde commented 2 years ago

@lijy91 might be good to have some docs on this.

jzau commented 2 years ago

I had the similar issue, in my case it was different sparkle files that cause the notarize issue. What i did was signing the whole Sparkle framework using --deep before exporting the app so that we don't have to resign our own app.

codesign -f -s "$CODE_SIGN_IDENTITY" -o runtime --deep Pods/Sparkle/Sparkle.framework/

ollyde commented 2 years ago

Indeed, you need to target a few. I got this in my build script.

CODE_SIGN_IDENTITY="Developer ID Application: Your Company Name (J33N27DM2X)"
codesign -f -s "$CODE_SIGN_IDENTITY" -o runtime ${build_loc}Bap.app/Contents/Frameworks/Sparkle.framework/Versions/B/XPCServices/org.sparkle-project.InstallerLauncher.xpc
codesign -f -s "$CODE_SIGN_IDENTITY" -o runtime --entitlements Entitlements/org.sparkle-project.Downloader.entitlements ${build_loc}Bap.app/Contents/Frameworks/Sparkle.framework/Versions/B/XPCServices/org.sparkle-project.Downloader.xpc
codesign -f -s "$CODE_SIGN_IDENTITY" -o runtime ${build_loc}Bap.app/Contents/Frameworks/Sparkle.framework/Versions/B/Autoupdate
codesign -f -s "$CODE_SIGN_IDENTITY" -o runtime ${build_loc}Bap.app/Contents/Frameworks/Sparkle.framework/Versions/B/Updater.app
codesign -f -s "$CODE_SIGN_IDENTITY" -o runtime ${build_loc}Bap.app/Contents/Frameworks/Sparkle.framework