Due to the last mas package submitted to Apple Connect was not approved, mainly due to the Election private API.
Therefore, I signed and notarized myself, packaged as DMG, not put on the Apple App Store, for everyone to download and use.
Of course, this process will also have some problems, such as: in the packaging process generated APP, the installation of the “you do not have permission to open the application” problem, because there is no signature.
So I documented the whole process, so I’d have a place to go when I showed up with everyone else.
The signature
Through the previous configuration and packaging, fanlyCalendar. app is generated, which still needs to be signed by ourselves. Here we can use the electron-osx-sign tool.
electron-osx-sign "/Users/yemeishu/Documents/code/codes/fanlymenu2/dist/Mac/FanlyCalendar.app"
Copy the codeAfter a signature is signed, you can verify the validity of the signature.
Verify the signature
Use the command line: SPCTL.
spctl --verbose=4 --assess --type execute "/Users/yemeishu/Documents/code/codes/fanlymenu2/dist/Mac/FanlyCalendar.app"
FanlyCalendar.app: accepted
source=Unnotarized Developer ID
override=security disabled
Copy the codeThis returns accepted.
The signed. App can be packaged in DMG format using create-dmg or Appdmg.
create-dmg
Package app format into DMG format with create-dmg:
// install
npm install --global create-dmg
// or
brew install create-dmg
// use
create-dmg FanlyCalendar.dmg FanlyCalendar.app
Copy the code
Note: Don’t forget to notarize your DMG. Don’t forget to notarize your app.
appdmg
NPM install -g appdmg // json {"title": "Test Application", "icon": "test-app.icns", "background": "test-background.png", "contents": [ { "x": 448, "y": 344, "type": "link", "path": "/Applications" }, { "x": 192, "y": 344, "type": "file", "path": "TestApp.app" } ] } // use appdmg ./dist.json FanlyCalendar.dmgCopy the codeFor other configurations, see: github.com/LinusU/node…
notarization
For apps to be distributed (such as on MAS or other channels), there is also notarization, which involves uploading packages to Apple’s back end so that apple can determine whether they contain malicious programs. This can be thought of as an iPhone app review process, but it should be automated because it’s quick (usually a few minutes).
If your installation package is not notarized, someone will get a “can’t open it because you can’t verify the developer” message, even though you can install it locally.
xcrun altool --notarize-app --primary-bundle-id "cn.coding01.fanlycalendar" --username "*****@***.com" --password "****-****-****-****" --asc-provider "W5******" -t osx --file "./FanlyCalendar.dmg"
Copy the codeAuthentication returns:
No errors uploading './FanlyCalendar.dmg'.
RequestUUID = 53ff521e-45f6-485c-870c-33c****ee882
Copy the codeYou can use the RequestUUID to execute the command to view the notarization result:
xcrun altool --notarization-info 53ff521e-45f6-485c-870c-33c****cee882 -u "username" -p "password-****-****-****"
Copy the codeSuccess:
No errors getting notarization info.
Date: 2021-07-27 09:05:06 +0000
Hash: b35d8896170aef6
RequestUUID: 53ff521e-45f6-485c-870c-33c****ee882
Status: in progress
Copy the codeFailure tips:
No errors getting notarization info.
Date: 2021-07-27 06:23:17 +0000
Hash: 7763048fbf39a8a9006f
LogFileURL: https://osxapps-ssl.itunes.apple.com/itunes-assets/Enigma115/vSPAw9Ohfbsu4HWFBsU4M9raZn5vq9PvEylwI%3D
RequestUUID: 1d7f9fdb-c11c-49a3-8d5d-f79d0699472f
Status: invalid
Status Code: 2
Status Message: Package Invalid
Copy the codeYou can also see the feedback on his web page.
Whether the notarization is successful or not, the notarization result will be pushed to our mailbox:
Only the DMG after notarization can download the address for everyone to download, install and use.
Download here: github.com/fanly/fanly…
conclusion
We basically recorded the whole process, and then throughout August, we started to develop new features:
There are also some useful command-line tools for this process, such as: security find-identity:
security find-identity -p codesigning -v
1) 70AF557B6F1******2ED57D657C77A834C10 "3rd Party Mac Developer Application: **** ** (***)"
2) A66AA88D1B******0A0C671A81842226F18B "Developer ID Application: H**** ** (***)"
2 valid identities found
Copy the code