Adds a codesigning script. (#136)

infinitered · Aug 23, 2016 · 8067787 · 8067787
1 parent 84f2738
commit 8067787
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 1 deletion.
diff --git a/packages/reactotron-app/codesign-electron.sh b/packages/reactotron-app/codesign-electron.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+# Invoke this script with a relative '.app' path, for example:
+# codesign-electron.sh "darwin-x64/Electron.app"
+
+# 1. Run the following command to get a list of identities:
+# security find-identity
+
+# 2. Now set the value of the identity variable below to the identity you want to use:
+identity=$REACTOTRON_CODESIDE_IDENTITY
+
+app="$PWD/$1"
+
+echo "Signing..."
+# When you sign frameworks, you have to sign a specific version.
+# For example, you have to sign "Electron Framework.framework/Versions/A"
+# Signing the top level folder ("Electron Framework.framework") will fail.
+# Signing "Electron Framework.framework/Versions/Current" will also fail (because it is a symbolic link).
+# Apple recommends NOT using --deep, but rather signing each item explictly (which is how XCode does it).
+# Other scripts sometimes resign items multiple times in the process because of --deep which is slow.
+# The following signs the bare minimum needed to get Gatekeeper acceptance.
+# If you renamed "Electron Helper.app",  "Electron Helper EH.app" and "Electron Helper NP.app" then rename below.
+codesign --verbose --sign "$identity" "$app/Contents/Frameworks/Electron Framework.framework/Versions/A"
+codesign --verbose --sign "$identity" "$app/Contents/Frameworks/Reactotron Helper EH.app"
+codesign --verbose --sign "$identity" "$app/Contents/Frameworks/Reactotron Helper NP.app"
+codesign --verbose --sign "$identity" "$app/Contents/Frameworks/Reactotron Helper.app"
+codesign --verbose --sign "$identity" "$app/Contents/Frameworks/Mantle.framework/Versions/A"
+codesign --verbose --sign "$identity" "$app/Contents/Frameworks/ReactiveCocoa.framework/Versions/A"
+codesign --verbose --sign "$identity" "$app/Contents/Frameworks/Squirrel.framework/Versions/A"
+codesign --verbose --sign "$identity" "$app"
+
+# This will often pass, even if Gatekeeper fails.
+echo ""
+echo "Verifying signatures..."
+codesign --verify --deep --display --verbose=4 "$app"
+
+# This is what really counts and what the user will see.
+echo ""
+echo "Veriyfing Gatekeeper acceptance..."
+spctl --ignore-cache --no-cache --assess --type execute --verbose=4 "$app"
diff --git a/packages/reactotron-app/package.js b/packages/reactotron-app/package.js
@@ -21,6 +21,7 @@ const DEFAULT_OPTS = {
   dir: './',
   name: appName,
   asar: shouldUseAsar,
+  'app-bundle-id': 'com.reactotron.app',
   ignore: [
     '^/test($|/)',
     '^/release($|/)',
@@ -47,7 +48,7 @@ if (version) {
   // use the same version as the currently-installed electron-prebuilt
   exec('npm list electron-prebuilt --dev', (err, stdout) => {
     if (err) {
-      DEFAULT_OPTS.version = '1.2.0'
+      DEFAULT_OPTS.version = '1.3.2'
     } else {
       DEFAULT_OPTS.version = stdout.split('electron-prebuilt@')[1].replace(/\s/g, '')
     }