前置条件
任何脱离了具体环境的踩坑都是耍流氓,环境为: node14+ + Electron^11.3.0 + electron-builder^22.10.5 + electron-notarize^0.2.1。
!!! 条件:应用正常build且本地测试全部通过。
1、签名配置,脚本签名你的应用
证书:
3rd Party Mac Developer Application: Peng (China) Co., xxxx
3rd Party Mac Developer Installer: Peng (China) Co., xxxx
Mac Developer: xxx (packjson配置mas-dev密钥)
参考: 生成证书参考链接
关注:notarize.js、electron-notarize模块
注意:mas打包版本本地不能打开,需要修改mas 到 mas-dev
2、适配package.json
修改mac target
"mac": {
"icon": "build/icons/icon.icns",
"category": "public.app-category.productivity",
"entitlements": "build/entitlements.mac.plist",
"entitlementsInherit": "build/entitlements.mac.plist",
"hardenedRuntime": true,
"gatekeeperAssess": false,
"extendInfo": {
"CFBundleIdentifier": "****",
"CFBundleVersion": "1.1.1.1",
"LSHasLocalizedDisplayName": true,
"CFBundleDevelopmentRegion": "zh_CN"
},
"artifactName": "${productName}.${ext}",
"target": [ "mas" ]
}
配置mas
"mas": {
"category": "public.app-category.productivity",
"entitlements": "build/entitlements.mas.plist",
"entitlementsInherit": "build/entitlements.mas.inherit.plist",
"hardenedRuntime": true,
"gatekeeperAssess": false,
"cscLink": "*/cert/csc.p12",
"cscKeyPassword": "*********"
}
3、配置entitlements.mas.plist、entitlements.mac.inherit.plist
参考配置步骤
3.1 build/entitlements.mas.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
<key>com.apple.security.files.user-selected.read-only</key>
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
<key>com.apple.security.assets.movies.read-only</key>
<true/>
<key>com.apple.security.assets.movies.read-write</key>
<true/>
<key>com.apple.security.assets.pictures.read-only</key>
<true/>
<key>com.apple.security.assets.pictures.read-write</key>
<true/>
<key>com.apple.security.files.downloads.read-write</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.assets.music.read-only</key>
<true/>
<key>com.apple.security.assets.music.read-write</key>
<true/>
<key>com.apple.security.device.audio-video-bridging</key>
<true/>
<key>com.apple.security.files.bookmarks.app-scope</key>
<true/>
<key>com.apple.security.files.bookmarks.document-scope</key>
<true/>
</dict>
</plist>
3.2 build/entitlements.mas.inherit.plist
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
<key>com.apple.security.inherit</key>
<true/>
</dict>
</plist>
3.3 配置参考 Enabling App Sandbox
| 功能 | 配置 |
|---|---|
| 视频 | com.apple.security.network.server、com.apple.security.network.client |
| 图片 | com.apple.security.assets.pictures.read-only、com.apple.security.assets.pictures.read-write |
| 下载 | com.apple.security.files.downloads.read-write |
| 网络 | com.apple.security.network.server、com.apple.security.network.client |
4、屏蔽crashReporter相关
5、屏蔽autoUpdater相关
为了让你的应用沙箱满足所有条件,在 MAS 构建的时候,下面的模块需要禁用 :
- crashReporter
- autoUpdater
并且下面的行为也改变了:
- 一些视频采集功能无效.
- 某些特征不可访问.
- Apps 不可识别 DNS 改变.
- 也由于应用沙箱的使用方法,应用可以访问的资源被严格限制了 ; 了解更多信息 App Sandboxing 。
6、注意⚠️:动态链接库
可改写动态链接库到 libuv开发(暂未实践);
参考:
1. Electron Mac App Store 应用程序提交指南
2. App Sanbox
3. Releasing an Electron app on the Mac App Store
4. Publishing an Electron App on the Mac App Store
5. WORKING WITH MAC OS X DESKTOP BUILD AND DEPLOYING TO ITUNES MAC APPSTORE
