Comments (7)
Happy to say we're getting a first pass on "signed releases for macOS" in to the next release, in significantly less than 4 years after the initial proposal.
Of note, it is tricky. There are a bunch of hoops you have to jump through on the Apple Developer portal and more on the local keychain handling, and more again to wire it up to CI.
Disclaimer: this is my first go-round with this, but the output has created an electron-builder created .dmg that can be installed on macOS with just the "this app came from the internet warning" and not the "you cant install this app becuase it is from the unknown" warning... so i'm reasonably happy with the results. And yes, this is about the worst admin flow I have ever seen. I think xcode is supposed to hide some of this from you, but we didn't come this far to open up that thing.
with an apple team account created, and you as the team agent...
- You need to be the Apple Developer "Team Agent" to create certificates.
- There can be only one Team Agent, having the admin role wont do.
- You must have 2 factor auth enabled on your apple ID.
- With all that in place, log in to https://developer.apple.com and click "Certificates, IDs & Profiles"
- Choose "macOS" from the drop down in the top left that initially says "iOS, tvOS, watchOS"
- Hit the plus in the top right to start the cert creation flow. You need to do this twice for both Developer ID Application and Developer ID Installer. You can use the same CSR for both.
- You create Certificate Signing Request via your local Keychain Access app to create certificates.
- keychain access > certificate assistant > Request a certificate from a certificate authority
Then follow the steps in https://www.electron.build/code-signing#travis-appveyor-and-other-ci-servers to wire it up for CI
To sign app on build server you need to set CSC_LINK, CSC_KEY_PASSWORD:
- Export certificate. Consider to not use special characters (for bash) in the password because “values are not escaped when your builds are executed”.
- Encode file to base64 (macOS:
base64 -i yourFile.p12 -o envValue.txt
, Linux:base64 yourFile.p12 > envValue.txt
).
Thanks to @jesseclay for sticking with me on this advenure!
from ipfs-desktop.
Binary signing is set up and working. The next version will have macOS signed binaries.
from ipfs-desktop.
@jbenet how long do you think this will take you? Is it realistic to get this done for 1.0?
from ipfs-desktop.
i'm not sure. i'll look into it, but this week is basically shot for me. if you need it this week, then no. next week is likely. then there's apple's review process. i think it's much faster now, but it used to take a week or something.
from ipfs-desktop.
That's fine, I'll do the prerelease unsigned this week and want to wait at least one week anyway before the real release.
from ipfs-desktop.
from ipfs-desktop.
I figured this out from a mix of
- https://www.electron.build/code-signing
- https://medium.com/@jondot/shipping-electron-apps-to-mac-app-store-with-electron-builder-e960d46148ec
- fumbling in the dark
from ipfs-desktop.
Related Issues (20)
- Remove/update countly.ipfs.tech telemetry
- [gui error report] Error: Initializing daemon... HOT 1
- run garbage collector problem
- [gui error report] Error: Initializing daemon... HOT 1
- [gui error report] Error: Initializing daemon...
- [gui error report] Error: Initializing daemon...
- [gui error report] Error: invalid ip address HOT 1
- [gui error report] Error: Initializing daemon... HOT 1
- [gui error report] Error: Initializing daemon...
- [gui error report] Error: Command failed: powershell.exe -NoProfile -NonInteractive -InputF HOT 1
- Incorrect CID info displayed in explore->inspect HOT 1
- [gui error report] Error: Initializing daemon... HOT 1
- Importing by CID is not working HOT 2
- [gui error report] Error: no protocol with name: "'dnsaddr'". Must have a valid family name HOT 1
- [gui error report] SyntaxError: Unexpected end of JSON input: Error: error loading plugins: HOT 1
- [gui error report] SyntaxError: Unexpected end of JSON input: Error: open /Users/ HOT 1
- [gui error report] Error: Initializing daemon...
- we
- [gui error report] Error: Initializing daemon... HOT 1
- [gui error report] Error: Initializing daemon... HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ipfs-desktop.