Created
November 18, 2015 14:11
-
-
Save jorangreef/27e708c67b7e6746a98a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Invoke this script with a relative '.app' path, for example: | |
| # codesign-electron.sh "darwin-x64/Electron.app" | |
| # 1. Run the following command to get a list of identities: | |
| # security find-identity | |
| # 2. Now set the value of the identity variable below to the identity you want to use: | |
| identity="Developer ID Application: ... (...)" | |
| app="$PWD/$1" | |
| echo "Signing..." | |
| # When you sign frameworks, you have to sign a specific version. | |
| # For example, you have to sign "Electron Framework.framework/Versions/A" | |
| # Signing the top level folder ("Electron Framework.framework") will fail. | |
| # Signing "Electron Framework.framework/Versions/Current" will also fail (because it is a symbolic link). | |
| # Apple recommends NOT using --deep, but rather signing each item explictly (which is how XCode does it). | |
| # Other scripts sometimes resign items multiple times in the process because of --deep which is slow. | |
| # The following signs the bare minimum needed to get Gatekeeper acceptance. | |
| # If you renamed "Electron Helper.app", "Electron Helper EH.app" and "Electron Helper NP.app" then rename below. | |
| codesign --verbose --sign "$identity" "$app/Contents/Frameworks/Electron Framework.framework/Versions/A" | |
| codesign --verbose --sign "$identity" "$app/Contents/Frameworks/Electron Helper EH.app" | |
| codesign --verbose --sign "$identity" "$app/Contents/Frameworks/Electron Helper NP.app" | |
| codesign --verbose --sign "$identity" "$app/Contents/Frameworks/Electron Helper.app" | |
| codesign --verbose --sign "$identity" "$app/Contents/Frameworks/Mantle.framework/Versions/A" | |
| codesign --verbose --sign "$identity" "$app/Contents/Frameworks/ReactiveCocoa.framework/Versions/A" | |
| codesign --verbose --sign "$identity" "$app/Contents/Frameworks/Squirrel.framework/Versions/A" | |
| codesign --verbose --sign "$identity" "$app" | |
| # This will often pass, even if Gatekeeper fails. | |
| echo "" | |
| echo "Verifying signatures..." | |
| codesign --verify --deep --display --verbose=4 "$app" | |
| # This is what really counts and what the user will see. | |
| echo "" | |
| echo "Veriyfing Gatekeeper acceptance..." | |
| spctl --ignore-cache --no-cache --assess --type execute --verbose=4 "$app" | |
| # Thanks to http://jbavari.github.io/blog/2015/08/14/codesigning-electron-applications/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey @f-zand I know I'm a little late for the party (:sweat_smile:) but I also got the
bundle format is ambiguous (could be app or framework).It turns out that I was copying the
.appsomewhere else before signing, and copying with-rwon't suffice as apparently it doesn't keep symlinks inside frameworks.Copying it with
-Rsolved the issue! :)