joplin/packages/app-desktop/tools/notarizeMacApp.js

const fs = require('fs');
const path = require('path');
const electron_notarize = require('electron-notarize');

function execCommand(command) {
	const exec = require('child_process').exec;

	return new Promise((resolve, reject) => {
		exec(command, (error, stdout, stderr) => {
			if (error) {
				if (error.signal == 'SIGTERM') {
					resolve('Process was killed');
				} else {
					reject(new Error([stdout.trim(), stderr.trim()].join('\n')));
				}
			} else {
				resolve([stdout.trim(), stderr.trim()].join('\n'));
			}
		});
	});
}

module.exports = async function(params) {
	if (process.platform !== 'darwin') return;

	console.info('Checking if notarization should be done...');

	if (!process.env.TRAVIS || !process.env.TRAVIS_TAG) {
		console.info(`Either not running in CI or not processing a tag - skipping notarization. process.env.TRAVIS = ${process.env.TRAVIS}; process.env.TRAVIS_TAG = ${process.env.TRAVIS}`);
		return;
	}

	if (!process.env.APPLE_ID || !process.env.APPLE_ID_PASSWORD) {
		console.warn('Environment variables APPLE_ID and APPLE_ID_PASSWORD not found - notarization will NOT be done.');
		return;
	}

	// Same appId in electron-builder.
	const appId = 'net.cozic.joplin-desktop';

	const appPath = path.join(params.appOutDir, `${params.packager.appInfo.productFilename}.app`);
	if (!fs.existsSync(appPath)) {
		throw new Error(`Cannot find application at: ${appPath}`);
	}

	console.log(`Notarizing ${appId} found at ${appPath}`);

	// Every x seconds we print something to stdout, otherwise Travis will
	// timeout the task after 10 minutes, and Apple notarization can take more
	// time.
	const waitingIntervalId = setInterval(() => {
		console.log('.');
	}, 60000);

	await electron_notarize.notarize({
		appBundleId: appId,
		appPath: appPath,

		// Apple Developer email address
		appleId: process.env.APPLE_ID,

		// App-specific password: https://support.apple.com/en-us/HT204397
		appleIdPassword: process.env.APPLE_ID_PASSWORD,

		// When Apple ID is attached to multiple providers (eg if the
		// account has been used to build multiple apps for different
		// companies), in that case the provider "Team Short Name" (also
		// known as "ProviderShortname") must be provided.
		//
		// Use this to get it:
		//
		// xcrun altool --list-providers -u APPLE_ID -p APPLE_ID_PASSWORD
		ascProvider: process.env.APPLE_ASC_PROVIDER,
	});

	clearInterval(waitingIntervalId);

	// It appears that electron-notarize doesn't staple the app, but without
	// this we were still getting the malware warning when launching the app.
	// Stapling the app means attaching the notarization ticket to it, so that
	// if the user is offline, macOS can still check if the app was notarized.
	// So it seems to be more or less optional, but at least in our case it
	// wasn't.
	console.log('Staple notarization ticket to the app...');
	const staplerCmd = `xcrun stapler staple "${appPath}"`;
	console.log(`> ${staplerCmd}`);
	console.log(await execCommand(staplerCmd));

	console.log(`Done notarizing ${appId}`);
};
macOS: Notarize application 2020-11-29 19:15:42 +02:00			`const fs = require('fs');`
			`const path = require('path');`
			`const electron_notarize = require('electron-notarize');`

Chore: trying to fix notarization 2020-12-05 13:06:20 +02:00			`function execCommand(command) {`
			`const exec = require('child_process').exec;`

			`return new Promise((resolve, reject) => {`
			`exec(command, (error, stdout, stderr) => {`
			`if (error) {`
			`if (error.signal == 'SIGTERM') {`
			`resolve('Process was killed');`
			`} else {`
			`reject(new Error([stdout.trim(), stderr.trim()].join('\n')));`
			`}`
			`} else {`
			`resolve([stdout.trim(), stderr.trim()].join('\n'));`
			`}`
			`});`
			`});`
			`}`

macOS: Notarize application 2020-11-29 19:15:42 +02:00			`module.exports = async function(params) {`
			`if (process.platform !== 'darwin') return;`

			`console.info('Checking if notarization should be done...');`

Chore: Getting notarization to work 2020-11-29 20:45:37 +02:00			`if (!process.env.TRAVIS \|\| !process.env.TRAVIS_TAG) {`
			console.info(`Either not running in CI or not processing a tag - skipping notarization. process.env.TRAVIS = ${process.env.TRAVIS}; process.env.TRAVIS_TAG = ${process.env.TRAVIS}`);
macOS: Notarize application 2020-11-29 19:15:42 +02:00			`return;`
			`}`

			`if (!process.env.APPLE_ID \|\| !process.env.APPLE_ID_PASSWORD) {`
			`console.warn('Environment variables APPLE_ID and APPLE_ID_PASSWORD not found - notarization will NOT be done.');`
			`return;`
			`}`

			`// Same appId in electron-builder.`
			`const appId = 'net.cozic.joplin-desktop';`

			const appPath = path.join(params.appOutDir, `${params.packager.appInfo.productFilename}.app`);
			`if (!fs.existsSync(appPath)) {`
			throw new Error(`Cannot find application at: ${appPath}`);
			`}`

			console.log(`Notarizing ${appId} found at ${appPath}`);

Tools: Make sure notarization does not make Travis timeout the task 2021-01-28 00:11:40 +02:00			`// Every x seconds we print something to stdout, otherwise Travis will`
			`// timeout the task after 10 minutes, and Apple notarization can take more`
			`// time.`
			`const waitingIntervalId = setInterval(() => {`
			`console.log('.');`
			`}, 60000);`

macOS: Notarize application 2020-11-29 19:15:42 +02:00			`await electron_notarize.notarize({`
			`appBundleId: appId,`
			`appPath: appPath,`

			`// Apple Developer email address`
			`appleId: process.env.APPLE_ID,`

			`// App-specific password: https://support.apple.com/en-us/HT204397`
			`appleIdPassword: process.env.APPLE_ID_PASSWORD,`

			`// When Apple ID is attached to multiple providers (eg if the`
			`// account has been used to build multiple apps for different`
			`// companies), in that case the provider "Team Short Name" (also`
			`// known as "ProviderShortname") must be provided.`
			`//`
			`// Use this to get it:`
			`//`
			`// xcrun altool --list-providers -u APPLE_ID -p APPLE_ID_PASSWORD`
			`ascProvider: process.env.APPLE_ASC_PROVIDER,`
			`});`

Tools: Make sure notarization does not make Travis timeout the task 2021-01-28 00:11:40 +02:00			`clearInterval(waitingIntervalId);`

Doc: Added comment about stapling macOS app 2020-12-05 14:18:31 +02:00			`// It appears that electron-notarize doesn't staple the app, but without`
			`// this we were still getting the malware warning when launching the app.`
			`// Stapling the app means attaching the notarization ticket to it, so that`
			`// if the user is offline, macOS can still check if the app was notarized.`
			`// So it seems to be more or less optional, but at least in our case it`
			`// wasn't.`
Chore: trying to fix notarization 2020-12-05 13:06:20 +02:00			`console.log('Staple notarization ticket to the app...');`
			const staplerCmd = `xcrun stapler staple "${appPath}"`;
			console.log(`> ${staplerCmd}`);
			`console.log(await execCommand(staplerCmd));`

macOS: Notarize application 2020-11-29 19:15:42 +02:00			console.log(`Done notarizing ${appId}`);
			`};`