Notarize | CLI to easily notarize a Mac app | Command Line Interface library
kandi X-RAY | Notarize Summary
kandi X-RAY | Notarize Summary
CLI to easily notarize a Mac app
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of Notarize
Notarize Key Features
Notarize Examples and Code Snippets
Lines of Code : 18License : Permissive (MIT)
Copy$ notarize --help
Copyright (c) 2019, Morten Nielsen.
Version: Notarize 1.0.0 NotarizeKit 1.0.0
Usage: --package --username --password --primary-bundle-id
Options:
--package Path to either DMG or zip file.
$ notarize \
--package "~/path/to/app.dmg" \
--username "mail@icloud.com" \
--password "@keychain:AC_PASSWORD" \
--primary-bundle-id "com.company.appname. Community Discussions
Trending Discussions on Notarize
QUESTION
I have a stupid question about homebrew: Why are executables that I install via homebrew trusted by MacOS (gatekeeper)? i.e. after installation I can run an executable and don't get a security popup and don't have to allow an exception - why is that?
I initially thought that homebrew might sign/notarize the binaries in their CI, but looking at some random executables it doesn't look like they have a signature: spctl -a -v $(which ).
edit: meaning executables installed from bottles (pre-compiled binaries, not source packages compiled on my local machine)
...ANSWER
Answered 2021-Jun-09 at 11:57There is no quarantining flag for a CLI app downloaded with curl. Home-brew, uses UNIX core tools to download the bottles, and thus they don't have this flag set.
Next home-brew also ad-hoc signs binaries.
Don't confuse code sign with notarisation.
Notarisation is where Apple vouches for software signed with a dev cert private key.
They cannot notarise ad-hoc signed software (like home-brew bottles) by definition.
Now when my executable is NOT notarized it terminates with "Killed: 9", regardless if there's a quarantine attribute or not.
This is happening, I would speculate because the binary here isnt ad-hoc signed. Nothing to do with notarisation.
I bet you are on Apple Silicon right?
QUESTION
Successfully notarized my electron application for osx, but now the issue is that the apple id and app specific password are in the package.json. I of course don't want to hard code them there for distribution but can I use environment variables from say a .env file to replace them or how can I keep them secret in the package.json file?
I looked into dotenv and cross-env but I didn't see how the env variables could be used in a package.json file.
App was built using electron forge.
Structure (taken from the electron-forge docs) that I use:
...ANSWER
Answered 2021-May-18 at 17:37Duplicate of your own post : Where can I find electron forge config js file where package.json is parsed?
You should rather extract the electron forge configuration in a separate JS file : ElectronForge configuration and load your environment variables using process.env.YOUR_VARIABLE_NAME
QUESTION
I am trying to notarize my .net core application to run in MacOS devices, and when I notarize it I get the error of
The executable does not have the hardened runtime enabled
if I add the --options=runtime flag to my signing operation my console app stops working. I found in the dotnet documentation that you have to add the following entitlements to your app host.
- com.apple.security.cs.allow-jit
- com.apple.security.cs.allow-unsigned-executable-memory
- com.apple.security.cs.allow-dyld-environment-variables
- com.apple.security.cs.disable-library-validation
but I dont know where to add them, I tried adding a entitlements.plist file to my output directory with the following content:
...ANSWER
Answered 2021-May-18 at 00:24the solution is to use the entitlements.plist when signing the code:
QUESTION
I am trying to notarize an Electron app using electron-builderand electron-notarize. The docs state that an app specific password is needed and provides this link: Using app-specific passwords.
The problem is that link is about generating "app-specific passwords" for personal Apple ID accounts – not Apple Developer accounts. And I am part of a team and there is no place (e.g. a "Security" panel) in either my personal ADC account nor the parts of team account I have access too (where I have admin privileges).
I've tried all combinations I can think of for APPLEID and APPLEIDPASSwhen trying to notarize: my personal Apple ID & password, the team's Apple ID & password, "app-specfic passwords" I created in my personal account.
It's can't be this hard. What am I missing?
...ANSWER
Answered 2021-May-11 at 17:47I have been able to solve my notarization issues. I don't know if this is "the right way" but it worked, so here is what I did – maybe it will save someone the time and frustration I went through.
Context: I am a contractor with "Admin" privileges on my client's Apple Developer account, along with my having a personal ADC account. As noted in my question, the Electron Builder docs state that an "app-specific password" is needed and links to an Apple doc about how to generate one. However, that link is or seems to be about generating a specific password to use with a 3rd party app like "Twitter" – so that one's personal Apple ID password is protected. At least that is the way I read it. There is no place within my personal ADC account or the Team account where such a password can be generated. So I generated a password in my personal ADC account.
This post from Electron Builder issues introduced an additional property to pass to notarize: the "ProviderShortname". As noted in the post, this can be accessed through:
QUESTION
I'm cresting electron app using node-canvas.
I generated an app-installer by the following command:
$ electron-builder --mac --x64 --config ./build_mac.js
build_mac.js
...ANSWER
Answered 2021-May-09 at 17:31The solution to fix this is put all dylibs (except under "/usr/lib" or "/System/Library/Frameworks") under the folder which is in under control of electron.
Something like this in my project: https://github.com/code4history/MaplatEditor/tree/master/assets/mac/canvas/build/Release
But just putting dylib is not working, because each dylib has information about link to other libraries.
You can check which libraries are linked from each dylib by using "otool" command, and youcan overwrite it by using "install_name_tool" command.
https://github.com/code4history/MaplatEditor/blob/master/mac_canvas_dylib
In this URL, you can find what I did for my project.
QUESTION
OSX version: 10.14.6
electron-builder: 22.11.1
electron-notarize: 1.0.0
I've been trying to notarize an Electron app using the latest version of Electron Builder, however I keep getting the error:
error: unable to find utility "altool", not a developer tool or in PATH
I've seen the other questions related to this issue and based on the suggestions, I've removed, reinstalled and selected the CommandLineTools using:
...ANSWER
Answered 2021-May-09 at 07:49You need to install Xcode - the command line tools do not include altool, but Xcode does.
Assuming you install Xcode to /Applications you will find altool at /Applications/Xcode.app/Contents/Developer/usr/bin/altool
QUESTION
ANSWER
Answered 2021-Apr-29 at 08:11No. This cannot be removed. It is a security feature to inform the user.
Instead of using a plug-in, you may be able to do what you want with Installer JS scripts.
QUESTION
I'm using ad hoc (outside App Store) distribution for my document-based app. The app is NOT sandboxed, and entitlements are set correctly:
...ANSWER
Answered 2021-Apr-11 at 20:42The problem was some remnants of old a bundle identifier. I had migrated to a sandboxed distribution of the app, and at some point in the process, I had built the sandboxed version with the same bundle identifier. macOS had registered the bundle identifier to belong to a sandboxed app and, probably due to security reasons, no longer wanted to allow it to run non-sandboxed.
I created a fresh Info.plist, and changed the bundle identifier and the errors were gone.
QUESTION
I'm building a project based off the Electron React Boilerplate project. I am running MacOS 10.15.7 and node v14.15.1.
I'm trying to install sqlite3 package. Since it's a native dependency, I ran yarn add sqlite3 inside the src/ directory, like it says to do here. The compilation fails with the following output:
ANSWER
Answered 2021-Mar-10 at 22:12I downgraded the sqlite3 package to v5.0.0 and it rebuilt correctly. Hope this helps anyone else with the same issue.
Source: nodejs electronjs sqlite3 - use of undeclared identifier 'napi_is_detached_arraybuffer'
QUESTION
I'm having strange problems with electron notarization. I followed the tutorial on this page:https://kilianvalkhof.com/2019/electron/notarizing-your-electron-application/
It seemed to be pretty thorough so I don't know what I'm missing. Everything runs fine until notarize.js:
...ANSWER
Answered 2020-Nov-26 at 15:13I don't know if the reason I ran into this is the same as yours, but here's what I discovered, in case this helps anyone else.
Before manually notarizing your app (using electron-notarize), make sure the certificate type you're signing your app with is correct. You specifically need a Developer ID Application certificate (the last one):
I had been using Apple Distribution before, and notarization failed because of it. The list of files you're seeing are probably the first few files Apple checked, and they were signed with an incorrect type of certificate (don't quote me on this), and so it failed.
Either way, once I generated an Developer ID Application certificate, defined my entitlements this way:
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install Notarize
Run the install script: $ ./install.sh
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
