Notarizing your IOS App
With the release of MacOS 10.14.5 all signed applications require notarization. If you don't notarize your app during the build process the app will not run on your Mac.
I discovered this after my builds would no longer run on the Mac ... I thought I had broken the code somewhere only to discover that it ran fine in the dev environment just simply would not run after installation on the desktop.
The solution is to Notarize your code during the build process. There is a good tutorial here
Create entitlements file
- In the build folder create a new file called entitlements.mac.plist
- Paste the following into the file
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
</dict>
</plist>
Your folder should look like this
Update package.json file
- Open package.json located in the project root
- Find the "build" node
- Add the following to the "build/mac" node
"hardenedRuntime": true,
"gatekeeperAssess": false,
"entitlements": "build/entitlements.mac.plist",
"entitlementsInherit": "build/entitlements.mac.plist"
NOTE: The "appId must be changed to reflect your Apple Developer ID!
Create App Specific password
You must have a valid developer id issued by Apple in orer to sign your app. If you do not have one there is a good tutorial here
You also need an app specific password in order to notarize your app. There is a good tutorial here
- Open appleid.apple.com in your browser and login using your apple id.
- Generate a new password for this app.
- Make sure you copy it and save it somewhare safe when it is displayed ... this is the ONLY time you will ever see this password from Apple!
Create notarize.js file
- Create a new folder in the project root called "notarize"
- Create a new file in this folder called "notarize.js"
- Paste the following into this file
require('dotenv').config();
const { notarize } = require('electron-notarize');
exports.default = async function notarizing(context) {
const { electronPlatformName, appOutDir } = context;
if (electronPlatformName !== 'darwin') {
return;
}
const appName = context.packager.appInfo.productFilename;
//app-specific password generated by Apple
const password = 'xxxx-xxxx-xxxx-xxxx';
return await notarize({
appBundleId: 'com.yourcompany.applewood',
appPath: `${appOutDir}/${appName}.app`,
appleId: 'yourappledevid',
appleIdPassword: password
});
};
NOTE:
- The appBundleId must match the appId from the "build" node (as shown above)
- The appleId must be your Apple Developer Id
- The password must be the app specific password that you just generated
WARNING: This file contains your app specific password and your developer id from Apple. You should not commit this to any public source repository! If you do others can use your ID and password to sign and notorize code that will become attached to your profile!
Hook for Notarizing
Next you need to insert the notarize script into the build chain.
- Open package.json fiel from the root directory
- Insert the following into the "build" node directly after the "appId"
"afterSign": "notarize/notarize.js",
- Insert the following after the "win" node. This will stop the builder from signing the dmg file.
"dmg": {
"sign": false
}
Your file should look like this
Install electron-notorize package
- Open a command prompt in the root folder of our project.
- Run command 'nvm use 10.14.0'
- Run command 'npm install electron-notarize --save-dev'
Building the app
- Open a command prompt in the root folder of our project.
- Run command 'nvm use 10.14.0'
- Run comand 'au build'
- Run command 'npm run dist'
Now sit back and be patient ... the notarization process can be a lengthy one depending on your internet connection and how busy apples's servers are ... basically the process uploads your app to apple servers ... which then scan your app for infractions ... then they do their magic and return a notarzed app ... assuming all is well!
