0.0.3 • Published 3 years ago

nobj-nw-osx-notarize v0.0.3

Weekly downloads
-
License
MIT
Repository
bitbucket
Last release
3 years ago

nobj-nw-osx-notarize

A tool to notarize NW.JS applications. Just a wrapper for electron-notarize.

Installing

1 - Install the tool

  • Declare the dependency in `devDependencies
npm install nobj-nw-osx-notarize --save-dev

2 - Optionally Add scripts to package.json

You can declare the following scripts in the parent project for ease of use:

"scripts": {
    "notarize": "nw-notarize",
    "packdmg": "nw-packdmg"
  }

so you can run:

npm run notarize

3 - Just run the script manually:

./node_modules/.bin/nw-notarize

4. Entitlements

  • You should sign with the correct entitlements all executable files.

Entitlements that I use that work:

<?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
    <key>com.apple.security.app-sandbox</key>
	<false/>
	<key>com.apple.security.cs.allow-jit</key>
    <true/>
    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
    <true/>
    <key>com.apple.security.cs.disable-executable-page-protection</key>
    <true/>
    <key>com.apple.security.automation.apple-events</key>
    <true/>
    <key>com.apple.security.device.audio-input</key>
    <true/>
    <key>com.apple.security.device.camera</key>
    <true/>

    <key>com.apple.security.files.user-selected.read-write</key>
    <true/>
    <key>com.apple.security.files.downloads.read-write</key>
    <true/>
    <key>com.apple.security.assets.pictures.read-write</key>
    <true/>
    <key>com.apple.security.assets.movies.read-write</key>
    <true/>

    <key>com.apple.security.device.usb</key>
    <true/>
    <key>com.apple.security.cs.allow-dyld-environment-variables</key>
    <false/>
    <key>com.apple.security.cs.disable-library-validation</key>
    <false/>

    <key>com.apple.security.network.server</key>
    <true/>
    <key>com.apple.security.network.client</key>
    <true/>

    </dict>
    </plist>

Also, you should sign all these files inside NW.JS: (each nw.js version updates the chrome version)

Contents/Resources/app.nw/node_modules/utf-8-validate/prebuilds/darwin-x64+arm64/node.napi.node
Contents/Resources/app.nw/node_modules/bufferutil/prebuilds/darwin-x64+arm64/node.napi.node
Contents/Frameworks/nwjs Framework.framework/Versions/103.0.5060.114/Libraries/libEGL.dylib
Contents/Frameworks/nwjs Framework.framework/Versions/103.0.5060.114/Libraries/libGLESv2.dylib
Contents/Frameworks/nwjs Framework.framework/Versions/103.0.5060.114/Libraries/libvk_swiftshader.dylib
Contents/Resources/app.nw/node_modules/mac-screen-capture-permissions/build/Release/screencapturepermissions.node
Contents/Frameworks/nwjs Framework.framework/Versions/103.0.5060.114/nwjs Framework

You should sign with HARD RUNTIME the main executable only.

Copyright

(C) 2018-2021 Nebular Streams. License: MIT

dotenvelectron-notarize
0.0.3

3 years ago

0.0.2

3 years ago

0.0.1

3 years ago

0.0.0

3 years ago