From eff824cb4a6e837eb5b6f2776a8c02d368f45194 Mon Sep 17 00:00:00 2001 From: tony Date: Thu, 29 Jun 2023 18:14:01 +0800 Subject: [PATCH] update notarize tools --- .github/workflows/release.yaml | 6 +- build/entitlements.mac.plist | 2 - build/notarize.js | 11 +- package-lock.json | 257 ++++++++++++++++----------------- package.json | 2 +- quasar.conf.js | 1 + 6 files changed, 139 insertions(+), 140 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index b0bdafa5..6cd3961f 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -60,10 +60,10 @@ jobs: - name: Setup macOS Notarization env run: | rm -fr ~/private_keys && mkdir ~/private_keys - echo $APPLE_AUTH_PRIVATE_KEY | base64 -D > ~/private_keys/AuthKey_${APPLE_API_KEY}.p8 + echo $APPLE_AUTH_PRIVATE_KEY | base64 -D > ~/private_keys/AuthKey_${APPLE_API_KEY_ID}.p8 env: APPLE_AUTH_PRIVATE_KEY: ${{secrets.APPLE_AUTH_PRIVATE_KEY}} - APPLE_API_KEY: ${{secrets.APPLE_API_KEY}} + APPLE_API_KEY_ID: ${{secrets.APPLE_API_KEY_ID}} - name: Build and Release run: npx quasar build -m electron @@ -71,7 +71,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} CSC_LINK: ${{ secrets.CSC_LINK }} CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }} - APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }} + APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} release-android: diff --git a/build/entitlements.mac.plist b/build/entitlements.mac.plist index 9d26cc2d..757a30e5 100644 --- a/build/entitlements.mac.plist +++ b/build/entitlements.mac.plist @@ -4,8 +4,6 @@ com.apple.security.cs.allow-jit - com.apple.security.cs.allow-unsigned-executable-memory - com.apple.security.cs.disable-library-validation com.apple.security.cs.allow-dyld-environment-variables diff --git a/build/notarize.js b/build/notarize.js index ddcff914..31049fc5 100644 --- a/build/notarize.js +++ b/build/notarize.js @@ -1,5 +1,5 @@ // eslint-disable-next-line @typescript-eslint/no-var-requires -const { notarize } = require('electron-notarize') +const { notarize } = require('@electron/notarize') exports.default = async function notarizing(context) { const { electronPlatformName, appOutDir } = context @@ -8,10 +8,10 @@ exports.default = async function notarizing(context) { return } - if (!(process.env.APPLE_API_KEY && process.env.APPLE_API_ISSUER)) { + if (!(process.env.APPLE_API_KEY_ID && process.env.APPLE_API_ISSUER)) { console.warn( 'Skipping macOS app notarization.' + - ' Missing one or more environment vars (APPLE_API_KEY, APPLE_API_ISSUER).' + ' Missing one or more environment vars (APPLE_API_KEY_ID, APPLE_API_ISSUER).' ) return } @@ -19,9 +19,10 @@ exports.default = async function notarizing(context) { const appName = context.packager.appInfo.productFilename return await notarize({ - appBundleId: 'org.vechain.sync', + tool: 'notarytool', appPath: `${appOutDir}/${appName}.app`, - appleApiKey: process.env.APPLE_API_KEY, + appleApiKey: `~/private_keys/AuthKey_${process.env.APPLE_API_KEY_ID}.p8`, + appleApiKeyId: process.env.APPLE_API_KEY_ID, appleApiIssuer: process.env.APPLE_API_ISSUER }) } diff --git a/package-lock.json b/package-lock.json index 66c0b20c..4c94f485 100644 --- a/package-lock.json +++ b/package-lock.json @@ -14,6 +14,7 @@ "node-hid": "^2.1.1" }, "devDependencies": { + "@electron/notarize": "^2.0.0", "@electron/remote": "^1.0.4", "@ledgerhq/hw-transport-node-hid-noevents": "^5.46.0", "@ledgerhq/hw-transport-webhid": "^5.46.0", @@ -40,7 +41,6 @@ "electron-builder": "^22.10.5", "electron-debug": "^3.0.1", "electron-devtools-installer": "^2.2.4", - "electron-notarize": "^1.0.0", "electron-rebuild": "^2.3.5", "eslint": "^6.8.0", "eslint-config-standard": "^14.1.0", @@ -3218,6 +3218,78 @@ "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", "dev": true }, + "node_modules/@electron/notarize": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/@electron/notarize/-/notarize-2.0.0.tgz", + "integrity": "sha512-dqDpd2YCgl6PHJgXEuKGYH3+L4GIGV7ZbKYJjJv66ed+hVPxZA+GAL5JH8/hCnoyQa8WzJTzqd+qhiL5Oxr+SA==", + "dev": true, + "dependencies": { + "debug": "^4.1.1", + "fs-extra": "^9.0.1" + }, + "engines": { + "node": ">= 10.0.0" + } + }, + "node_modules/@electron/notarize/node_modules/debug": { + "version": "4.3.4", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", + "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==", + "dev": true, + "dependencies": { + "ms": "2.1.2" + }, + "engines": { + "node": ">=6.0" + }, + "peerDependenciesMeta": { + "supports-color": { + "optional": true + } + } + }, + "node_modules/@electron/notarize/node_modules/fs-extra": { + "version": "9.1.0", + "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.1.0.tgz", + "integrity": "sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==", + "dev": true, + "dependencies": { + "at-least-node": "^1.0.0", + "graceful-fs": "^4.2.0", + "jsonfile": "^6.0.1", + "universalify": "^2.0.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/@electron/notarize/node_modules/jsonfile": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", + "integrity": "sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==", + "dev": true, + "dependencies": { + "universalify": "^2.0.0" + }, + "optionalDependencies": { + "graceful-fs": "^4.1.6" + } + }, + "node_modules/@electron/notarize/node_modules/ms": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", + "dev": true + }, + "node_modules/@electron/notarize/node_modules/universalify": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz", + "integrity": "sha512-hAZsKq7Yy11Zu1DE0OzWjw7nnLZmJZYTDZZyEFHZdUhV8FkH5MCfoU1XMaxXovpyW5nq5scPqq0ZDP9Zyl04oQ==", + "dev": true, + "engines": { + "node": ">= 10.0.0" + } + }, "node_modules/@electron/remote": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/@electron/remote/-/remote-1.0.4.tgz", @@ -9680,79 +9752,6 @@ "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", "dev": true }, - "node_modules/electron-notarize": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/electron-notarize/-/electron-notarize-1.0.0.tgz", - "integrity": "sha512-dsib1IAquMn0onCrNMJ6gtEIZn/azG8hZMCYOuZIMVMUeRMgBYHK1s5TK9P8xAcrAjh/2aN5WYHzgVSWX314og==", - "deprecated": "Please use @electron/notarize moving forward. There is no API change, just a package name change", - "dev": true, - "dependencies": { - "debug": "^4.1.1", - "fs-extra": "^9.0.1" - }, - "engines": { - "node": ">= 10.0.0" - } - }, - "node_modules/electron-notarize/node_modules/debug": { - "version": "4.3.1", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.1.tgz", - "integrity": "sha512-doEwdvm4PCeK4K3RQN2ZC2BYUBaxwLARCqZmMjtF8a51J2Rb0xpVloFRnCODwqjpwnAoao4pelN8l3RJdv3gRQ==", - "dev": true, - "dependencies": { - "ms": "2.1.2" - }, - "engines": { - "node": ">=6.0" - }, - "peerDependenciesMeta": { - "supports-color": { - "optional": true - } - } - }, - "node_modules/electron-notarize/node_modules/fs-extra": { - "version": "9.1.0", - "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.1.0.tgz", - "integrity": "sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==", - "dev": true, - "dependencies": { - "at-least-node": "^1.0.0", - "graceful-fs": "^4.2.0", - "jsonfile": "^6.0.1", - "universalify": "^2.0.0" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/electron-notarize/node_modules/jsonfile": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", - "integrity": "sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==", - "dev": true, - "dependencies": { - "universalify": "^2.0.0" - }, - "optionalDependencies": { - "graceful-fs": "^4.1.6" - } - }, - "node_modules/electron-notarize/node_modules/ms": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", - "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", - "dev": true - }, - "node_modules/electron-notarize/node_modules/universalify": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz", - "integrity": "sha512-hAZsKq7Yy11Zu1DE0OzWjw7nnLZmJZYTDZZyEFHZdUhV8FkH5MCfoU1XMaxXovpyW5nq5scPqq0ZDP9Zyl04oQ==", - "dev": true, - "engines": { - "node": ">= 10.0.0" - } - }, "node_modules/electron-osx-sign": { "version": "0.4.17", "resolved": "https://registry.npmjs.org/electron-osx-sign/-/electron-osx-sign-0.4.17.tgz", @@ -27703,6 +27702,61 @@ } } }, + "@electron/notarize": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/@electron/notarize/-/notarize-2.0.0.tgz", + "integrity": "sha512-dqDpd2YCgl6PHJgXEuKGYH3+L4GIGV7ZbKYJjJv66ed+hVPxZA+GAL5JH8/hCnoyQa8WzJTzqd+qhiL5Oxr+SA==", + "dev": true, + "requires": { + "debug": "^4.1.1", + "fs-extra": "^9.0.1" + }, + "dependencies": { + "debug": { + "version": "4.3.4", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", + "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==", + "dev": true, + "requires": { + "ms": "2.1.2" + } + }, + "fs-extra": { + "version": "9.1.0", + "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.1.0.tgz", + "integrity": "sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==", + "dev": true, + "requires": { + "at-least-node": "^1.0.0", + "graceful-fs": "^4.2.0", + "jsonfile": "^6.0.1", + "universalify": "^2.0.0" + } + }, + "jsonfile": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", + "integrity": "sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==", + "dev": true, + "requires": { + "graceful-fs": "^4.1.6", + "universalify": "^2.0.0" + } + }, + "ms": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", + "dev": true + }, + "universalify": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz", + "integrity": "sha512-hAZsKq7Yy11Zu1DE0OzWjw7nnLZmJZYTDZZyEFHZdUhV8FkH5MCfoU1XMaxXovpyW5nq5scPqq0ZDP9Zyl04oQ==", + "dev": true + } + } + }, "@electron/remote": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/@electron/remote/-/remote-1.0.4.tgz", @@ -32992,61 +33046,6 @@ } } }, - "electron-notarize": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/electron-notarize/-/electron-notarize-1.0.0.tgz", - "integrity": "sha512-dsib1IAquMn0onCrNMJ6gtEIZn/azG8hZMCYOuZIMVMUeRMgBYHK1s5TK9P8xAcrAjh/2aN5WYHzgVSWX314og==", - "dev": true, - "requires": { - "debug": "^4.1.1", - "fs-extra": "^9.0.1" - }, - "dependencies": { - "debug": { - "version": "4.3.1", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.1.tgz", - "integrity": "sha512-doEwdvm4PCeK4K3RQN2ZC2BYUBaxwLARCqZmMjtF8a51J2Rb0xpVloFRnCODwqjpwnAoao4pelN8l3RJdv3gRQ==", - "dev": true, - "requires": { - "ms": "2.1.2" - } - }, - "fs-extra": { - "version": "9.1.0", - "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.1.0.tgz", - "integrity": "sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==", - "dev": true, - "requires": { - "at-least-node": "^1.0.0", - "graceful-fs": "^4.2.0", - "jsonfile": "^6.0.1", - "universalify": "^2.0.0" - } - }, - "jsonfile": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", - "integrity": "sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==", - "dev": true, - "requires": { - "graceful-fs": "^4.1.6", - "universalify": "^2.0.0" - } - }, - "ms": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", - "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", - "dev": true - }, - "universalify": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz", - "integrity": "sha512-hAZsKq7Yy11Zu1DE0OzWjw7nnLZmJZYTDZZyEFHZdUhV8FkH5MCfoU1XMaxXovpyW5nq5scPqq0ZDP9Zyl04oQ==", - "dev": true - } - } - }, "electron-osx-sign": { "version": "0.4.17", "resolved": "https://registry.npmjs.org/electron-osx-sign/-/electron-osx-sign-0.4.17.tgz", diff --git a/package.json b/package.json index 8e0588ff..daedb1ab 100644 --- a/package.json +++ b/package.json @@ -18,6 +18,7 @@ "node-hid": "^2.1.1" }, "devDependencies": { + "@electron/notarize": "^2.0.0", "@electron/remote": "^1.0.4", "@ledgerhq/hw-transport-node-hid-noevents": "^5.46.0", "@ledgerhq/hw-transport-webhid": "^5.46.0", @@ -44,7 +45,6 @@ "electron-builder": "^22.10.5", "electron-debug": "^3.0.1", "electron-devtools-installer": "^2.2.4", - "electron-notarize": "^1.0.0", "electron-rebuild": "^2.3.5", "eslint": "^6.8.0", "eslint-config-standard": "^14.1.0", diff --git a/quasar.conf.js b/quasar.conf.js index 0b1894b5..9b1df04d 100644 --- a/quasar.conf.js +++ b/quasar.conf.js @@ -315,6 +315,7 @@ module.exports = configure(function (ctx) { }, afterSign: "build/notarize.js", mac: { + hardenedRuntime: true, entitlements: "build/entitlements.mac.plist", entitlementsInherit: "build/entitlements.mac.plist", target: {