From 3084b162e3a4db3c21137b9c03f4769d3a6fa5ec Mon Sep 17 00:00:00 2001 From: Akis Kesoglou Date: Thu, 9 Nov 2023 10:13:06 +0200 Subject: [PATCH] Sign artifacts --- afterSignHook.js | 25 ------------------------- forge.config.ts | 28 +++++++++++++++++++++++++--- 2 files changed, 25 insertions(+), 28 deletions(-) delete mode 100644 afterSignHook.js diff --git a/afterSignHook.js b/afterSignHook.js deleted file mode 100644 index f11464426b..0000000000 --- a/afterSignHook.js +++ /dev/null @@ -1,25 +0,0 @@ -'use strict' - -const { notarize } = require('electron-notarize') -const { ELECTRON_SKIP_NOTARIZATION } = process.env - -async function main(context) { - const { electronPlatformName, appOutDir } = context - if (electronPlatformName !== 'darwin' || ELECTRON_SKIP_NOTARIZATION === 'true') { - return - } - - const appName = context.packager.appInfo.productFilename - const appleId = process.env.XCODE_APP_LOADER_EMAIL || 'accounts+apple@balena.io' - const appleIdPassword = process.env.XCODE_APP_LOADER_PASSWORD - - // https://github.com/electron/notarize/blob/main/README.md - await notarize({ - appBundleId: 'io.balena.etcher', - appPath: `${appOutDir}/${appName}.app`, - appleId, - appleIdPassword - }) -} - -exports.default = main diff --git a/forge.config.ts b/forge.config.ts index c26eba013c..8e109418fc 100644 --- a/forge.config.ts +++ b/forge.config.ts @@ -16,6 +16,23 @@ web technologies to ensure flashing an SDCard or USB drive is a pleasant and saf experience. It protects you from accidentally writing to your hard-drives, ensures every byte of data was written correctly and much more.`; +let osxSigningConfig: any = {}; +let winSigningConfig: any = {}; + +if (process.env.NODE_ENV === 'production') { + osxSigningConfig.osxNotarize = { + tool: 'notarytool', + appleId: process.env.XCODE_APP_LOADER_EMAIL, + appleIdPassword: process.env.XCODE_APP_LOADER_PASSWORD, + teamId: process.env.XCODE_APP_LOADER_TEAM_ID, + }; + + winSigningConfig = { + certificateFile: process.env.WINDOWS_SIGNING_CERT_PATH, + certificatePassword: process.env.WINDOWS_SIGNING_PASSWORD + } +} + const config: ForgeConfig = { packagerConfig: { asar: true, @@ -28,15 +45,20 @@ const config: ForgeConfig = { protocols: [ { name: 'etcher', schemes: ['etcher']}, ], - - // osxSign: {}, - // osxNotarize: {}, + osxSign: { + optionsForFile: () => ({ + entitlements: './entitlements.mac.plist', + hardenedRuntime: true, + }), + }, + ...osxSigningConfig, }, rebuildConfig: {}, makers: [ new MakerZIP(), new MakerSquirrel({ setupIcon: 'assets/icon.ico', + ...winSigningConfig, }), new MakerDMG({ background: './assets/dmg/background.tiff',