From 803cce808bcbe4107c9fa973e3ccd1dea0f09352 Mon Sep 17 00:00:00 2001
From: Feross Aboukhadijeh <feross@feross.org>
Date: Wed, 15 Jul 2020 22:26:29 -0700
Subject: [PATCH] Add macOS Notarization

Fixes: https://github.com/webtorrent/webtorrent-desktop/issues/1675
---
 bin/darwin-entitlements.plist | 12 ++++++++++++
 bin/package.js                | 26 ++++++++++++++++++++++++--
 package.json                  |  1 +
 3 files changed, 37 insertions(+), 2 deletions(-)
 create mode 100644 bin/darwin-entitlements.plist

diff --git a/bin/darwin-entitlements.plist b/bin/darwin-entitlements.plist
new file mode 100644
index 00000000..8f574f5f
--- /dev/null
+++ b/bin/darwin-entitlements.plist
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+  <dict>
+    <key>com.apple.security.cs.allow-jit</key>
+    <true/>
+    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+    <true/>
+    <key>com.apple.security.cs.debugger</key>
+    <true/>
+  </dict>
+</plist>
diff --git a/bin/package.js b/bin/package.js
index 26987353..fa8631da 100755
--- a/bin/package.js
+++ b/bin/package.js
@@ -266,6 +266,7 @@ function buildDarwin (cb) {
 
     function signApp (cb) {
       const sign = require('electron-osx-sign')
+      const { notarize } = require('electron-notarize')
 
       /*
        * Sign the app with Apple Developer ID certificates. We sign the app for 2 reasons:
@@ -281,16 +282,37 @@ function buildDarwin (cb) {
        *   - Membership in the Apple Developer Program
        */
       const signOpts = {
+        verbose: true,
         app: appPath,
         platform: 'darwin',
-        verbose: true
+        identity: 'Developer ID Application: WebTorrent, LLC (5MAMC8G3L8)',
+        hardenedRuntime: true,
+        entitlements: path.join(config.ROOT_PATH, 'bin', 'darwin-entitlements.plist'),
+        'entitlements-inherit': path.join(config.ROOT_PATH, 'bin', 'darwin-entitlements.plist'),
+        'signature-flags': 'library'
+      }
+
+      const notarizeOpts = {
+        appBundleId: darwin.appBundleId,
+        appPath,
+        appleId: 'feross@feross.org',
+        appleIdPassword: '@keychain:AC_PASSWORD'
       }
 
       console.log('Mac: Signing app...')
       sign(signOpts, function (err) {
         if (err) return cb(err)
         console.log('Mac: Signed app.')
-        cb(null)
+
+        console.log('Mac: Notarizing app...')
+        notarize(notarizeOpts).then(
+          function () {
+            console.log('Mac: Notarized app.')
+            cb(null)
+          },
+          function (err) {
+            cb(err)
+          })
       })
     }
 
diff --git a/package.json b/package.json
index 7177d161..75029571 100644
--- a/package.json
+++ b/package.json
@@ -52,6 +52,7 @@
     "cross-zip": "^3.1.0",
     "depcheck": "^1.0.0",
     "electron": "~10.0.0-beta.11",
+    "electron-notarize": "^1.0.0",
     "electron-osx-sign": "^0.4.17",
     "electron-packager": "^15.0.0",
     "electron-winstaller": "^4.0.1",