Configuration for a signed and notarized package for mac os x
Creating the icon
● Download “https://itunes.apple.com/fr/app/image2icon/id992115977?mt=12”
(image2icon)
● Open “image2icon”
● Place the icon in “png or jpeg” format in the circular area
● Select “Original” mode in the right sidebar
● Export the icon in "icns" format
Apple developer configuration
● Go to developer.apple.com and connect with your account.
Apple developers connection
● Select “Certificates, Identifiers & Profiles”
● Create an Identifier
● Select “App ID”
● Add a new application and enter a new “bundle id”
● Open the "Xcode" application
● Select the "Preferences" tab
● Select the “Accounts” tab
● Add a new account by selecting the small cross on the left edge of the window
● Select “Apple ID” and enter the credentials of the apple account
● Select "Download Manual Profiles" followed by "Manage Certificates" and make sure there is no error or "red cross" message on the certificates
Configure files
● Unzip the “mas.zip” file.
● Drop the “YourAppName.app” application in the “mas” folder
● Go to the “mas” folder
● Drop the “icone.icns” icon generated previously in the “mas” folder
● Open the “build.cfg” file with a text editor
- Replace “ApplicationIdentity = 3rd Party Mac Developer Application: Foo (XXXXXXXXXX)” by “ApplicationIdentity = Developer ID Application: COMPANY NAME (COMPANY TEAM ID)”
- Replace “Sandbox = Yes” by “Sandbox = No”
- Replace “InstallerIdentity = 3rd Party Mac Developer Installer: Foo (XXXXXXXXXX)” by “InstallerIdentity = Developer ID Installer: COMPANY NAME (COMPANY TEAM ID)”
- Replace “NWTeamID = XXXXXXXXXX” by “NWTeamID = YOURAPPLETEAMID”
- Replace “CFBundleIdentifier = your.app.bundle.id” by “CFBundleIdentifier = com.yourdomain.yourbundleID”
- Replace “Icon = path / to / custom / icon.icns” by “Icon = icone.icns”
- Replace “CFBundleDisplayName = My App” by “CFBundleDisplayName = YourAppName”
- Replace “CFBundleGetInfoString = My App 1.0.0, Copyright 2016 My Company. All rights reserved. ” by “CFBundleGetInfoString = YourAppName 1.0.0, Copyright 2020 Your Company Name. All rights reserved ”
- Replace “CFBundleName = My App” by “CFBundleName = YourAppName”
- Save and close the “build.cfg” file
Running the scripts
A. Signature of the app
● Open the Mac “Terminal”
● Type the "cd " command (space is important) DO NOT PRESS RETURN YET !
● Drag the “mas” folder into the terminal window
● Press the “return” key (enter key)
● Enter the command :
python build_mas.py -C build.cfg -I "./YourAppName.app" -O "YourAppName.signed.app"
● Press the “return” key (The execution of the command must end with the word “done” and the “YourAppName.signed.app” file must be visible with the appropriate icon in the “mas” folder)
● Delete the “YourAppName.app” file (the file with the nwjs icon).
● Rename “YourAppName.signed.app” to “YourAppName.app” (This is the signed application)
● Open the buildmas.sh file and change the first const:
const APP = "YourAppPath/mas/YourAppName.app";
● Save and close the file.
● Enter the command :
./buildmas.sh
B. Creation of the PACKAGE
● Create the “build” folder
● Go to the “build” folder
● Create the “Your Company Name” folder
● Go to the “Your Company Name” folder
● Create the “YourAppName” folder
● Go to the “YourAppName” folder
● If the application is linked to a “Resources” folder then drop the “Resources” folder in the “YourAppName” folder
● Remember to give Read / Write rights for the "Resources" folder (unlock the padlock to apply to sub-folders)
● Drop the “YourAppName.app” file in the “YourAppName” folder
● Resume the terminal window
● Enter the command
pkgbuild --root "./build" --install-location "/ Applications" "./YourAppName.pkg"
● Press the “return” key, wait for the word “wrote package to…” (The “YourAppName.pkg” file must be visible in the “mas” folder)
● Delete the “YourAppName.app” file in the “YourAppName” folder
● Enter the order
productbuild --synthesize --package "./YourAppName.pkg" distribution.xml
● Press the “return” key (The “distribution.xml” file must be visible in the “mas” folder)
● Create the “resources” folder
● Go to the “resources” folder
● Upload the “ReadmeMac.txt” file
● Go back to the “mas” folder
● Go to the “YourAppName” folder
● Deposit a copy of the “ReadmeMac.txt” file
● Go back to the “mas” folder
● Open the “distribution.xml” file with a text editor
● Below “<installer-gui-script minSpecVersion =" 1 ">”, insert the following lines:
<title> YourAppName </title>
<organization> Your Company Name </organization>
<readme file = "ReadmeMac.txt" mime-type = "text / plain" />
● Save and close the “distribution.xml” file
● Resume the terminal
● Enter the command :
productbuild --distribution "./distribution.xml" --resources "./resources" --package-path "./YourAppName.pkg" "./YourAppName.final.pkg"
● Press the “return” key (The “YourAppName.final.pkg” file must be visible in the “mas” folder)
● Delete the “YourAppName.pkg” file
● Sign “YourAppName.pkg” by entering the following command:
productsign --sign "Developer ID Installer: COMPANY NAME (COMPANY TEAM ID)" --keychain ~ / Library / Keychains / login.keychain-db "./YourAppName.final.pkg" "./YourAppName.pkg"
● Delete the “YourAppName.final.pkg” file
● Empty the recycle bin (Be careful to delete all occurrences of the “YourAppName.app” file)
Notarize the package
• Compress the .pkg file
• Open the terminal and enter the following command:
xcrun altool --notarize-app --primary-bundle-id "com.yourdomain.yourBundleID.zip" --username "email@yourdomain.com" --password "your notarization password" --file /yourPkgPath/YourAppName.pkg .zip
Make sure you change the com.yourdomain.xxx and the file title.
• Wait for the content to be uploaded successfully to Apple's servers.
• Once this is done, copy the tracking number of the request which has this form:
32625f6b-e7fa-4ac7-xxxxxxxxxxxxxxxxxxx
• Wait between 5 and 10 minutes to receive an email indicating the success of the notarization.
• Check the logs for this operation by entering the following command.
Don't forget to change the tracking number.
xcrun altool --notarization-info 32625f6b-e7fa-4ac7-xxxxxxxxxxxxxxx --username "email@yourdomain.com" --password "your notarization password"
• Staple the proof of notarization to the .pkg file by entering the following command:
xcrun stapler staple /YourPkgPath/YourAppName.pkg
• Check that the stapling was successful by entering the following command:
xcrun stapler validate --verbose /YourPkgPath/YourAppName.pkg
• Delete the .zip used for sending and empty the recycle bin. Compress the .pkg file again.
WELL DONE !