UPDATE on Dec 2nd, 2015: since Electron 0.34.0, apps can be submitted to Mac App Store. You can get all information in the Mac App Store Submission Guide. Mac app contrast checker. Get and install a Developer ID Certificate. Once you got your Developer ID certificate, you should install it into your Mac’s Keychain: a double click on the certificate file should be enough. The image below shows your what you should see once the certification has been successfully installed into your Keychain. If you are on Linux or Mac and you want sign a Windows app using EV Code Signing Certificate, please use the guide for Unix systems. Travis, AppVeyor and other CI Servers¶ To sign app on build server you need to set CSCLINK, CSCKEYPASSWORD: Export certificate.
tldr; skip to the end for the step-by-step instructions.
I made my first desktop app, using Electron (and Vue).
If you don't know what Electron is, the high-level description is that it's a lovely wrapper around a chromium browser. This means you can turn a nice single-page web app into a desktop application, using web tech you already know - javascript, css, html. It's pretty great.
[And if you don't want to start from scratch, you can use Vue, and the amazing electron vue-cli builder plugin (https://nklayman.github.io/vue-cli-plugin-electron-builder/), which is what I did because I am lazy]
App Created! We're done! Right?
Well, no. You've made the electron app and now you have to code-sign it, unless you don't mind that your users are getting security warnings.
I'm on a mac. The actual code-signing was a pretty easy process once I managed to find the relevant links. With adequate google-fu, you'll find out how to do it without too much fuss. I'll skip past code-signing mac apps, because other folks can tell you how to do that ok.
Windows, on the other hand ..
Trying to code-sign the Windows build of your application from a Mac is dark magic, it turns out, or at least that's the way it seems to be described; lot's of 'brew install' this and 'source compile' that. You'll find plenty of articles on it. Do they work? Who knows? None of them seem to be saying the same thing, and if they are, I'm certainly not proficient enough to figure out what they're trying to get me to do. Unable to delete apps macbook. And when I do follow those old instructions, it turns out something else breaks or doesn't work. This is rough going. There has to be an easier way, right?
electron-builder
It turns out there are different plugins you can use to compile your source into a nice build. The one that was chosen for me by the Vue Cli was
electron-builder .
They have some decent documentation, but as of 2019, some of it gets really confusing really fast. I'm not going to link to the documentation in question, because I'm sure at one point, it was working great. Just like this will probably work great for you in 2019 and maybe not so much in 2023, etc etc.
Here are the steps I took to code-sign a Windows app from a Mac in 2019
Note: in Step 6, you do not need to add a password, but if you do, then in Step 7, you need to also add in the ENV variable of
WIN_CSC_KEY_PASSWORD=YourPassword as well to that command line in order for it to be able to parse the certificate properly.
You should be able to see by looking at the build log that the certificate is signed.
Last Note - Microsoft SmartScreen
Wimius app for mac. Microsoft Smartscreen doesn't just care that your app is code-signed properly; it's also looking at your reputation. And thus, if your app is new, then your users will likely get a warning screen from Microsoft SmartScreen until your app has proven itself to not be some kind of password-stealing ransomware sleeper agent. The cert is published though, and so this should be the only warning, if any, that you get.
Lately I’ve been busy at work creating and maintaining Ionic Lab. It’s been a fun and challenging problem using HTML/CSS/JavaScript to create native OSX/Windows applications.
I’m going to admit – I’ve gotten a few hybrid projects on the App store. Honestly though I had a lot of help.
This time I was mostly on my own.
I’m not great at the native dev and half the problems I occur are with the platform I am dealing with. In this I mean – Android I deal with how Google does signing and releasing and how Apple does signing and releasing.
I’m going to cover mainly Apple policies to release an app on your own with or without the App store. With Electron, we’re going to make a native build, so we’ll need to know how to do this.
Mac’s Gatekeeper
On Mac OSX, there’s an application that checks all the applications you download and run to see if they are valid and trusted.
Certainly you’ve seen the message from an app you’ve downloaded:
'App can't be opened because it is from an unidentified developer.'
If you create and app and do not codesign it with a valid Apple dev account, your users will see this. It’s not a good thing.
How to codesign
The main tool of codesigning is the CLI tool
codesign .
I really found a lot of help from OSX Code Signing in Depth.
It’s pretty clear right away what you need to run and how to verify what you need to run. I’d like to go over how to do it with Electron, specifically.
I posted the script below. I want to highlight the issues I ran into as a result of my ignorance.
One issue I ran into – I was using the “Mac Development” certificate to sign – and when I ran the verify command (
codesign -vvvv -d '/path/to/MyApp.app' ) it gave me a good to go signal. When I ran the security CLI command (spctl --assess -vvvv '/path/to/MyApp.app' ), it was rejected.
My error: I thought “Mac Development” was a “Developer-ID application”.
It’s not. I was an account admin. In the Apple Member Center for Certificate Administration, I could only set up a “Mac Development” type certificate. Apple member center would not let met set up a “Developer ID Application” certificate. You need a ‘team agent’ to set one up for you. (That or become a team agent)
That being said – ensure you sign with a certificate type of “Developer ID Application” to sign with, and you’re good to go.
I set up my codesign script like the following. There’s comments to help understand:
Pitfalls
Since I wasn’t very familiar with the Apple specifics I’d like to high light a few pitfalls I ran into with my ignorance.
A ‘Developer-ID signed app’ means setting up a certificate (private key + cert) with “type” as “Developer ID Application”. This does NOT mean a “Mac Development” certificate. From the OSX Codesigning guide:
Like Gatekeeper, spctl will only accept Developer ID-signed apps and apps downloaded from the Mac App Store by default. It will reject apps signed with Mac App Store development or distribution certificates.
Most users say to specify this environment variable:
export CODESIGN_ALLOCATE='/Applications/Xcode.app/Contents/Developer/usr/bin/codesign_allocate'
For some reason, I couldn’t use the default codesign allocate as specified in the Github issue above. Instead, I had to go with this Environment variable for CODESIGN_ALLOCATE for
iPhoneOS.platform :
Best Mac Appexport CODESIGN_ALLOCATE='/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/codesign_allocate'
Only include signed code in directories that should contain signed code.Only include resources in directories that should containresources.Do not use the —resource-rules flag or ResourceRules.plist. They have been obsoleted and will be rejected.
A little note on signing frameworks [5]:Signing Frameworks
When you sign frameworks, you have to sign a specific version. So, let’s say your framework is called CSMail, you’d sign CSMail.framework/Versions/A. If you try and just sign the top level folder it will silently fail, as will CSMail.framework/Versions/Current (see “Symbolic Links” below).
Building Electron AppSymbolic LinksElectron Sign Mac App Download
Any symbolic links will be silently ignored and this extends to the path you give to the codesign command line utility. I think there’s actually a problem with symbolic links: you can add them to a Resources folder and it won’t invalidate the signature (whereas you cannot add normal files). I’ve reported this to Apple (rdar://problem/6050445).
Electron Mac App Store
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |