From c4b2893db34c571e74396543e1e1450836abb3f5 Mon Sep 17 00:00:00 2001
From: vapormusic <vietanhfat@gmail.com>
Date: Wed, 12 Jan 2022 10:00:50 +0700
Subject: [PATCH 1/2] mac signing

---
 .gitignore                   |  6 +++++-
 build/afterPack.js           | 16 ++++++++++++++++
 build/entitlements.mac.plist | 14 ++++++++++++++
 build/notarize.js            |  9 +++++++++
 package.json                 |  9 +++++++--
 5 files changed, 51 insertions(+), 3 deletions(-)
 create mode 100644 build/afterPack.js
 create mode 100644 build/entitlements.mac.plist
 create mode 100644 build/notarize.js

diff --git a/.gitignore b/.gitignore
index e1bcb518..98f806a4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -307,4 +307,8 @@ GitHub.sublime-settings
 
 #Service Worker mappings
 src/renderer/sw.js.map
-src/renderer/workbox-962786f2.js.map
\ No newline at end of file
+src/renderer/workbox-962786f2.js.map
+
+#Mac certs
+*.p12
+keys.sh
\ No newline at end of file
diff --git a/build/afterPack.js b/build/afterPack.js
new file mode 100644
index 00000000..963caa17
--- /dev/null
+++ b/build/afterPack.js
@@ -0,0 +1,16 @@
+exports.default = function(context) {
+    const { execSync } = require('child_process')
+
+    console.log('Castlabs-evs update start')
+    execSync('python3 -m pip install --upgrade castlabs-evs')
+    console.log('Castlabs-evs update complete')
+
+    if (process.platform !== 'darwin')
+        return
+
+    console.log('VMP signing start')
+
+    execSync('python3 -m castlabs_evs.vmp -n sign-pkg dist/mac',{stdio: 'inherit'})
+    
+    console.log('VMP signing complete')
+}
\ No newline at end of file
diff --git a/build/entitlements.mac.plist b/build/entitlements.mac.plist
new file mode 100644
index 00000000..fcb8d4a3
--- /dev/null
+++ b/build/entitlements.mac.plist
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+  <dict>
+    <!-- https://github.com/electron/electron-notarize#prerequisites -->
+    <key>com.apple.security.cs.allow-jit</key>
+    <true/>
+    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+    <true/>
+    <!-- https://github.cm/electron-userland/electron-builder/issues/3940 -->
+    <key>com.apple.security.cs.disable-library-validation</key>
+    <true/>
+  </dict>
+</plist>
\ No newline at end of file
diff --git a/build/notarize.js b/build/notarize.js
new file mode 100644
index 00000000..acf45d78
--- /dev/null
+++ b/build/notarize.js
@@ -0,0 +1,9 @@
+exports.default = function(context) {
+  const { execSync } = require('child_process')
+  
+  if (process.platform === "win32") {
+      console.log('VMP signing start')
+      execSync('python3 -m castlabs_evs.vmp sign-pkg ' + context.appOutDir,{stdio: 'inherit'})
+      console.log('VMP signing complete')
+  }
+}
\ No newline at end of file
diff --git a/package.json b/package.json
index d930a0ca..5fc6d3cf 100644
--- a/package.json
+++ b/package.json
@@ -81,6 +81,7 @@
       "mirror": "https://github.com/castlabs/electron-releases/releases/download/v"
     },
     "appId": "cider",
+    "afterPack": "./build/afterPack.js",
     "protocols": [
       {
         "name": "Cider",
@@ -132,8 +133,12 @@
     "mac": {
       "icon": "./resources/icons/icon.icns",
       "category": "public.app-category.music",
-      "entitlements": "resources/entitlements.mac.plist",
-      "darkModeSupport": true
+      "entitlements": "build/entitlements.mac.plist",
+      "entitlementsInherit": "build/entitlements.mac.plist",
+      "darkModeSupport": true,
+      "target": [
+        "dmg"
+      ]
     }
   }
 }

From fc6946ade1a4b47d94f3f75186bdee70118dd3cc Mon Sep 17 00:00:00 2001
From: vapormusic <vietanhfat@gmail.com>
Date: Wed, 12 Jan 2022 11:11:32 +0700
Subject: [PATCH 2/2] notarize

---
 build/notarize.js | 27 +++++++++++++++++++--------
 package.json      |  5 +++++
 2 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/build/notarize.js b/build/notarize.js
index acf45d78..9e98e18c 100644
--- a/build/notarize.js
+++ b/build/notarize.js
@@ -1,9 +1,20 @@
-exports.default = function(context) {
-  const { execSync } = require('child_process')
+
   
-  if (process.platform === "win32") {
-      console.log('VMP signing start')
-      execSync('python3 -m castlabs_evs.vmp sign-pkg ' + context.appOutDir,{stdio: 'inherit'})
-      console.log('VMP signing complete')
-  }
-}
\ No newline at end of file
+require('dotenv').config();
+  const { notarize } = require('electron-notarize');
+  
+exports.default = async function notarizing(context) {
+    const { electronPlatformName, appOutDir } = context;  
+    if (electronPlatformName !== 'darwin') {
+      return;
+    }
+  
+    const appName = context.packager.appInfo.productFilename;
+  
+    return await notarize({
+      appBundleId: 'com.ciderapp.cider',
+      appPath: `${appOutDir}/${appName}.app`,
+      appleId: process.env.APPLEID,
+      appleIdPassword: process.env.APPLEIDPASS,
+    });
+};
\ No newline at end of file
diff --git a/package.json b/package.json
index 5fc6d3cf..d7d62b75 100644
--- a/package.json
+++ b/package.json
@@ -27,6 +27,8 @@
     "electron-acrylic-window": "^0.5.11",
     "electron-fetch": "^1.7.4",
     "electron-log": "^4.4.3",
+    "electron-notarize": "^1.1.1",
+    "electron-packager": "^15.4.0",
     "electron-store": "^8.0.1",
     "electron-updater": "^4.6.1",
     "electron-window-state": "^5.0.3",
@@ -82,6 +84,7 @@
     },
     "appId": "cider",
     "afterPack": "./build/afterPack.js",
+    "afterSign": "./build/notarize.js",
     "protocols": [
       {
         "name": "Cider",
@@ -131,6 +134,8 @@
       "buildResources": "."
     },
     "mac": {
+      "hardenedRuntime": true,
+      "gatekeeperAssess": false,
       "icon": "./resources/icons/icon.icns",
       "category": "public.app-category.music",
       "entitlements": "build/entitlements.mac.plist",