diff --git a/Gruntfile.js b/Gruntfile.js index c8d427de..419e7ba7 100644 --- a/Gruntfile.js +++ b/Gruntfile.js @@ -6,6 +6,7 @@ const path = require('path'); const webpackConfig = require('./build/webpack.config'); const pkg = require('./package.json'); const hookRcedit = require('./build/util/hook-rcedit'); +const codeSignConfig = require('../keys/codesign'); hookRcedit.setup(); @@ -276,7 +277,19 @@ module.exports = function(grunt) { icon: 'graphics/icon.icns', appBundleId: 'net.antelle.keeweb', appCategoryType: 'public.app-category.productivity', - extendInfo: 'package/osx/extend.plist' + extendInfo: 'package/osx/extend.plist', + osxSign: { + identity: codeSignConfig.identities.app, + hardenedRuntime: true, + entitlements: 'package/osx/entitlements.mac.plist', + 'entitlements-inherit': 'package/osx/entitlements.mac.plist', + 'gatekeeper-assess': false + }, + osxNotarize: { + appleId: codeSignConfig.appleId, + appleIdPassword: '@keychain:AC_PASSWORD', + ascProvider: codeSignConfig.teamId + } } }, win32: { @@ -296,13 +309,6 @@ module.exports = function(grunt) { } }, codesign: { - app: { - options: { - identity: 'app', - deep: true - }, - src: ['tmp/desktop/KeeWeb-darwin-x64/KeeWeb.app'] - }, dmg: { options: { identity: 'app' diff --git a/build/util/hook-rcedit.js b/build/util/hook-rcedit.js index 035ae44b..46f27779 100644 --- a/build/util/hook-rcedit.js +++ b/build/util/hook-rcedit.js @@ -4,7 +4,7 @@ const childProcess = require('child_process'); const childProcessSpawn = childProcess.spawn; -function hookedSpawn(command, options) { +function hookedSpawn(command, options, ...args) { if (command === 'wine') { options = options.map(option => { if (option.includes(' ')) { @@ -13,7 +13,7 @@ function hookedSpawn(command, options) { return option; }); } - return childProcessSpawn.call(childProcess, command, options); + return childProcessSpawn.call(childProcess, command, options, ...args); } module.exports.setup = function() { diff --git a/grunt.tasks.js b/grunt.tasks.js index de569bdd..10185910 100644 --- a/grunt.tasks.js +++ b/grunt.tasks.js @@ -40,8 +40,7 @@ module.exports = function(grunt) { 'copy:desktop-darwin-installer', 'copy:desktop-windows-helper-ia32', 'copy:desktop-windows-helper-x64', - 'chmod:linux-desktop-x64', - 'codesign:app' + 'chmod:linux-desktop-x64' ]); grunt.registerTask('build-desktop-archives', [ diff --git a/package/osx/entitlements.mac.plist b/package/osx/entitlements.mac.plist new file mode 100644 index 00000000..38c887b2 --- /dev/null +++ b/package/osx/entitlements.mac.plist @@ -0,0 +1,12 @@ + + + + + com.apple.security.cs.allow-jit + + com.apple.security.cs.allow-unsigned-executable-memory + + com.apple.security.cs.allow-dyld-environment-variables + + + diff --git a/release-notes.md b/release-notes.md index 64f66c1b..f7cb8eef 100644 --- a/release-notes.md +++ b/release-notes.md @@ -1,5 +1,8 @@ Release notes ------------- +##### v1.11.8 (2019-10-10) +`-` fix #1292: macOS app notarization + ##### v1.11.7 (2019-10-08) `-` fix #1289: crash on Auto sorting mode `-` fix #1288: issues when opening a file during in auto-type mode