How to sign and notarize a NWJS export for Mac App Store

3

Stats

1,101 visits, 1,476 views

Tools

Translations

This tutorial hasn't been translated.

License

This tutorial is licensed under CC BY 4.0. Please refer to the license text if you wish to reuse, share or remix the content contained within this tutorial.

Published on 25 May, 2021.

Configuration for a signed and notarized package for mac os x

Step 1: Creating the icon

● Download “https://itunes.apple.com/fr/app/image2icon/id992115977?mt=12”

(image2icon)

● Open “image2icon”

● Place the icon in “png or jpeg” format in the circular area

● Select “Original” mode in the right sidebar

● Export the icon in "icns" format

Step 2: Apple developer configuration

● Go to developer.apple.com and connect with your account.

Apple developers connection

● Select “Certificates, Identifiers & Profiles”

● Create an Identifier

● Select “App ID”

● Add a new application and enter a new “bundle id”

● Open the "Xcode" application

● Select the "Preferences" tab

● Select the “Accounts” tab

● Add a new account by selecting the small cross on the left edge of the window

● Select “Apple ID” and enter the credentials of the apple account

● Select "Download Manual Profiles" followed by "Manage Certificates" and make sure there is no error or "red cross" message on the certificates

Step 3: Configure files

● Unzip the “mas.zip” file.

● Drop the “YourAppName.app” application in the “mas” folder

● Go to the “mas” folder

● Drop the “icone.icns” icon generated previously in the “mas” folder

● Open the “build.cfg” file with a text editor

  • Replace “ApplicationIdentity = 3rd Party Mac Developer Application: Foo (XXXXXXXXXX)” by “ApplicationIdentity = Developer ID Application: COMPANY NAME (COMPANY TEAM ID)”
  • Replace “Sandbox = Yes” by “Sandbox = No”
  • Replace “InstallerIdentity = 3rd Party Mac Developer Installer: Foo (XXXXXXXXXX)” by “InstallerIdentity = Developer ID Installer: COMPANY NAME (COMPANY TEAM ID)”
  • Replace “NWTeamID = XXXXXXXXXX” by “NWTeamID = YOURAPPLETEAMID”
  • Replace “CFBundleIdentifier = your.app.bundle.id” by “CFBundleIdentifier = com.yourdomain.yourbundleID”
  • Replace “Icon = path / to / custom / icon.icns” by “Icon = icone.icns”
  • Replace “CFBundleDisplayName = My App” by “CFBundleDisplayName = YourAppName”
  • Replace “CFBundleGetInfoString = My App 1.0.0, Copyright 2016 My Company. All rights reserved. ” by “CFBundleGetInfoString = YourAppName 1.0.0, Copyright 2020 Your Company Name. All rights reserved ”
  • Replace “CFBundleName = My App” by “CFBundleName = YourAppName”
  • Save and close the “build.cfg” file

Step 4: Running the scripts

A. Signature of the app

● Open the Mac “Terminal”

● Type the "cd " command (space is important) DO NOT PRESS RETURN YET !

● Drag the “mas” folder into the terminal window

● Press the “return” key (enter key)

● Enter the command :

python build_mas.py -C build.cfg -I "./YourAppName.app" -O "YourAppName.signed.app"

● Press the “return” key (The execution of the command must end with the word “done” and the “YourAppName.signed.app” file must be visible with the appropriate icon in the “mas” folder)

● Delete the “YourAppName.app” file (the file with the nwjs icon).

● Rename “YourAppName.signed.app” to “YourAppName.app” (This is the signed application)

● Open the buildmas.sh file and change the first const:

const APP = "YourAppPath/mas/YourAppName.app";

● Save and close the file.

● Enter the command :

./buildmas.sh

B. Creation of the PACKAGE

● Create the “build” folder

● Go to the “build” folder

● Create the “Your Company Name” folder

● Go to the “Your Company Name” folder

● Create the “YourAppName” folder

● Go to the “YourAppName” folder

● If the application is linked to a “Resources” folder then drop the “Resources” folder in the “YourAppName” folder

● Remember to give Read / Write rights for the "Resources" folder (unlock the padlock to apply to sub-folders)

● Drop the “YourAppName.app” file in the “YourAppName” folder

● Resume the terminal window

● Enter the command

pkgbuild --root "./build" --install-location "/ Applications" "./YourAppName.pkg"

● Press the “return” key, wait for the word “wrote package to…” (The “YourAppName.pkg” file must be visible in the “mas” folder)

● Delete the “YourAppName.app” file in the “YourAppName” folder

● Enter the order

productbuild --synthesize --package "./YourAppName.pkg" distribution.xml

● Press the “return” key (The “distribution.xml” file must be visible in the “mas” folder)

● Create the “resources” folder

● Go to the “resources” folder

● Upload the “ReadmeMac.txt” file

● Go back to the “mas” folder

● Go to the “YourAppName” folder

● Deposit a copy of the “ReadmeMac.txt” file

● Go back to the “mas” folder

● Open the “distribution.xml” file with a text editor

● Below “<installer-gui-script minSpecVersion =" 1 ">”, insert the following lines:

<title> YourAppName </title>

<organization> Your Company Name </organization>

<readme file = "ReadmeMac.txt" mime-type = "text / plain" />

● Save and close the “distribution.xml” file

● Resume the terminal

● Enter the command :

productbuild --distribution "./distribution.xml" --resources "./resources" --package-path "./YourAppName.pkg" "./YourAppName.final.pkg"

● Press the “return” key (The “YourAppName.final.pkg” file must be visible in the “mas” folder)

● Delete the “YourAppName.pkg” file

● Sign “YourAppName.pkg” by entering the following command:

productsign --sign "Developer ID Installer: COMPANY NAME (COMPANY TEAM ID)" --keychain ~ / Library / Keychains / login.keychain-db "./YourAppName.final.pkg" "./YourAppName.pkg"

● Delete the “YourAppName.final.pkg” file

● Empty the recycle bin (Be careful to delete all occurrences of the “YourAppName.app” file)

Step 5: Notarize the package

• Compress the .pkg file

• Open the terminal and enter the following command:

xcrun altool --notarize-app --primary-bundle-id "com.yourdomain.yourBundleID.zip" --username "email@yourdomain.com" --password "your notarization password" --file /yourPkgPath/YourAppName.pkg .zip

Make sure you change the com.yourdomain.xxx and the file title.

• Wait for the content to be uploaded successfully to Apple's servers.

• Once this is done, copy the tracking number of the request which has this form:

32625f6b-e7fa-4ac7-xxxxxxxxxxxxxxxxxxx

• Wait between 5 and 10 minutes to receive an email indicating the success of the notarization.

• Check the logs for this operation by entering the following command.

Don't forget to change the tracking number.

xcrun altool --notarization-info 32625f6b-e7fa-4ac7-xxxxxxxxxxxxxxx --username "email@yourdomain.com" --password "your notarization password"

• Staple the proof of notarization to the .pkg file by entering the following command:

xcrun stapler staple /YourPkgPath/YourAppName.pkg

• Check that the stapling was successful by entering the following command:

xcrun stapler validate --verbose /YourPkgPath/YourAppName.pkg

• Delete the .zip used for sending and empty the recycle bin. Compress the .pkg file again.

WELL DONE !

  • 3 Comments

  • Order by
Want to leave a comment? Login or Register an account!
  • Can you provide an updated link for the mas.zip file? I've been pushing back my release date until I can get my OSX version notarized.

  • Thank you very much for the introduction. Super! Can you provide the link (mas.zip) again? Thanks