Add macOS notarization

electron-builder.yml

@@ -78,16 +78,18 @@ fileAssociations:
     ext: pt
   - name: "Torch Model"
     ext: t7
+afterSign: "setup/notarize.js"
 publish:
   - provider: github
     releaseType: release
 mac:
   category: public.app-category.developer-tools
+  darkModeSupport: true
+  hardenedRuntime: true
+  gatekeeperAssess: false
   target: 
   - dmg
   - zip
-  extendInfo:
-    NSRequiresAquaSystemAppearance: false
 linux:
   target:
   - AppImage

package.json

@@ -30,6 +30,7 @@
     "devDependencies": {
         "electron": "5.0.8",
         "electron-builder": "21.1.1",
+        "electron-notarize": "0.1.1",
         "eslint": "6.1.0",
         "xmldom": "0.1.27"
     }

setup/entitlements.mas.plist

@@ -1,16 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
-	<key>com.apple.security.app-sandbox</key>
-	<true/>
-	<key>com.apple.security.network.client</key>
-	<true/>
-	<key>com.apple.security.files.user-selected.read-only</key>
-	<true/>
-	<key>com.apple.security.files.user-selected.read-write</key>
-	<true/>
-	<key>com.apple.security.files.downloads.read-write</key>
-	<true/>
-</dict>
-</plist>

setup/notarize.js

@@ -0,0 +1,27 @@
+
+const child_process = require('child_process');
+const fs = require('fs');
+const notarize = require('electron-notarize');
+
+exports.default = function (context) {
+    if (context.electronPlatformName === 'darwin' && context.packager.platformSpecificBuildOptions.type !== 'development') {
+
+        const appPath = context.appOutDir + '/' + context.packager.appInfo.productFilename + '.app';
+
+        const configuration = fs.readFileSync('electron-builder.yml', 'utf-8');
+        const appBundleId = (/^appId:\s(.*)\s/m.exec(configuration) || [ '', '' ])[1];
+
+        const idResult = child_process.spawnSync('/usr/bin/security', [ 'find-generic-password', '-s', appBundleId, '-g' ], { encoding: 'utf-8' });
+        const id = idResult.status === 0 ? (/"acct"<blob>="(.*)"/.exec(idResult.stdout) || [ '', ''])[1] : '';
+
+        const passwordResult = child_process.spawnSync('/usr/bin/security', [ 'find-generic-password', '-s', appBundleId, '-w' ], { encoding: 'utf-8' });
+        const password = passwordResult.status == 0 ? passwordResult.stdout.split('\n').shift() : '';
+
+        return notarize.notarize({
+            appBundleId: appBundleId,
+            appPath: appPath,
+            appleId: id,
+            appleIdPassword: password,
+        });
+    }
+};