Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
It looks like codesigning jpackaged apps is still very much a work in progress. There's a large discussion here with some useful details about how to get them working on Catalina until official support arrives: adoptium/temurin-build#1130
The entitlements discussed in that thread unfortunately weren't sufficient, I found a few more necessary ones here after some trial and error: electron-userland/electron-builder#3940
Further discussions / resources that were extremely helpful include:
Finally, a lot of inspiration was drawn from https://github.com/Deep-Symmetry/beat-link-trigger/blob/master/.github/scripts/build_dmg.zsh - specifically we'll want to include the notarization steps here into the build script if we decide to notarize in the future.
To make this work, we'll need to pass the new argument
-mac-sign-identity "<identity>"
tobuild_image.py
when building on Mac (it does nothing if passed on other OSes). Using my free Apple Development Certificate as the identity works for me locally, but Gatekeeper will block the app from launching with the message“PolyGlot” can’t be opened because Apple cannot check it for malicious software.
The user will still have to right-click and Open the app the first time to white list it with Gatekeeper unless you have a paid Apple Developer account, sign it with your Developer ID Certificate, and notarize the app / dmg.