Closed arudnev closed 4 years ago
It seems that latest version of build_mas.py references even older distribution package structure than what 0.39.x had and https://github.com/nwjs/nw.js/issues/6325 has more links to code signing related issues.
It does not seems that PR with code signing support referenced in that issue has ever been merged into nwjs-builder-phoenix
, so still not sure how people typically sign the app and if there are any up-to-date instructions of what and how needs to be signed for MAS or custom distribution via dmg.
While something like this produces and validates signed app, it probably should be split into individual sign / verify calls with separate entitlements file for each file / bundle:
codesign --force --deep --sign --verbose=4 "${identity}" "${app}"
codesign --verify --verbose=4 "${app}"
spctl --assess --verbose=4 "${app}"
In case of MAS use of --deep
most likely would cause issues if combined with--entitlements ${entitlements_plist}"
due to recursive application of those entitlements, so the following set of files / folders should be used instead for sign and verify:
${app}/Contents/Frameworks/nwjs Framework.framework/Versions/Current/libffmpeg.dylib
${app}/Contents/Frameworks/nwjs Framework.framework/Versions/Current/libnode.dylib
${app}/Contents/Frameworks/nwjs Framework.framework/Versions/Current/Helpers/chrome_crashpad_handler
${app}/Contents/Frameworks/nwjs Framework.framework/Versions/Current/Helpers/app_mode_loader
${app}/Contents/Frameworks/nwjs Framework.framework/Versions/Current/XPCServices/AlertNotificationService.xpc
${app}/Contents/Frameworks/nwjs Framework.framework/Versions/Current/Helpers/nwjs Helper.app
${app}/Contents/Frameworks/nwjs Framework.framework/Versions/Current/Helpers/nwjs Helper (GPU).app
${app}/Contents/Frameworks/nwjs Framework.framework/Versions/Current/Helpers/nwjs Helper (Plugin).app
${app}/Contents/Frameworks/nwjs Framework.framework/Versions/Current/Helpers/nwjs Helper (Renderer).app
# ${app}/Contents/Frameworks/nwjs Framework.framework/Versions/Current/nwjs Framework
# ${app}/Contents/Frameworks/nwjs Framework.framework/Versions/Current
${app}/Contents/Frameworks/nwjs Framework.framework
${app}
See also https://github.com/nwjs/nw.js/issues/7117#issuecomment-520456999 for recursive signing script
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
It seems that folder structure of distribution packages has changed starting with 0.40.0, potentially causing various issues with build. It would be great to update Package and Distribute instructions and potentially contact some of the maintainers of the tools with details of the change, so that they could adjust their code accordingly.
In particular, for macOS distribution, this is what was in 0.39.x folder structure:
And this is what's there in 0.40.x:
According to Build and Distribute / Quick Start
nwjs-builder-phoenix (recommended)
Most likely it's going to be broken as it tries to resolve location of
nwjs Helper
based on old folder structurehttps://github.com/evshiron/nwjs-builder-phoenix/blob/e9c26b61669589e599da95ee82ac3bb489c6dd04/src/lib/Builder.ts#L410
And then it will try renaming
nwjs Helper
to have application specific namehttps://github.com/evshiron/nwjs-builder-phoenix/blob/e9c26b61669589e599da95ee82ac3bb489c6dd04/src/lib/Builder.ts#L379
The parent folder of
nwjs Helper.app
has changed from./nwjs.app/Contents/Versions/x.x.x.x/
to./nwjs.app/Contents/Frameworks/nwjs Framework.framework/Versions/x.x.x.x./Helpers/
. Also, other helper apps (nwjs Helper (Plugin).app
,nwjs Helper (Renderer).app
,nwjs Helper (GPU).app
) are now available in the same location and probably should be subject to the same treatment asnwjs Helper.app
The changes that are supposed to happen for helper app are described in Build and Distribute / Platform Specific Steps / Mac OS X, so perhaps this section should be updated with new locations and new helper apps.Not sure if there are any official docs on nwjs app signing and scripts for it, or if people use something that is based on https://github.com/nwjs/nw.js/issues/4267, but most likely set of files that need to be signed and their locations should be updated in those docs / scripts.
wiki: MAS: Signing the app wiki: Signing your app but NOT for Mac Apple Store (MAS) docs: Support for Mac App Store