2015-10-16 09:15:23 +00:00
|
|
|
|
# Mac App Store Submission Guide
|
|
|
|
|
|
2015-10-21 20:03:12 +00:00
|
|
|
|
Since v0.34.0, Electron allows submitting packaged apps to the Mac App Store
|
|
|
|
|
(MAS). This guide provides information on: how to submit your app and the
|
2015-10-16 23:25:30 +00:00
|
|
|
|
limitations of the MAS build.
|
2015-10-16 09:15:23 +00:00
|
|
|
|
|
2016-03-31 05:17:50 +00:00
|
|
|
|
**Note:** Submitting an app to Mac App Store requires enrolling [Apple Developer
|
2015-11-30 07:21:39 +00:00
|
|
|
|
Program][developer-program], which costs money.
|
|
|
|
|
|
2015-10-16 22:50:41 +00:00
|
|
|
|
## How to Submit Your App
|
2015-10-16 09:15:23 +00:00
|
|
|
|
|
2015-10-21 20:03:12 +00:00
|
|
|
|
The following steps introduce a simple way to submit your app to Mac App Store.
|
2015-11-19 01:04:16 +00:00
|
|
|
|
However, these steps do not ensure your app will be approved by Apple; you
|
2015-10-21 20:03:12 +00:00
|
|
|
|
still need to read Apple's [Submitting Your App][submitting-your-app] guide on
|
2015-10-16 23:25:30 +00:00
|
|
|
|
how to meet the Mac App Store requirements.
|
2015-10-16 09:15:23 +00:00
|
|
|
|
|
2015-10-16 22:50:41 +00:00
|
|
|
|
### Get Certificate
|
2015-10-16 09:15:23 +00:00
|
|
|
|
|
2015-10-21 20:03:12 +00:00
|
|
|
|
To submit your app to the Mac App Store, you first must get a certificate from
|
2015-10-16 23:25:30 +00:00
|
|
|
|
Apple. You can follow these [existing guides][nwjs-guide] on web.
|
2015-10-16 09:15:23 +00:00
|
|
|
|
|
2015-10-16 22:50:41 +00:00
|
|
|
|
### Sign Your App
|
2015-10-16 09:15:23 +00:00
|
|
|
|
|
2015-10-16 22:50:41 +00:00
|
|
|
|
After getting the certificate from Apple, you can package your app by following
|
2015-10-21 20:03:12 +00:00
|
|
|
|
[Application Distribution](application-distribution.md), and then proceed to
|
|
|
|
|
signing your app. This step is basically the same with other programs, but the
|
2015-10-16 23:25:30 +00:00
|
|
|
|
key is to sign every dependency of Electron one by one.
|
2015-10-16 09:15:23 +00:00
|
|
|
|
|
2015-10-16 22:50:41 +00:00
|
|
|
|
First, you need to prepare two entitlements files.
|
2015-10-16 09:15:23 +00:00
|
|
|
|
|
|
|
|
|
`child.plist`:
|
|
|
|
|
|
|
|
|
|
```xml
|
|
|
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
|
|
|
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
|
|
|
|
<plist version="1.0">
|
|
|
|
|
<dict>
|
|
|
|
|
<key>com.apple.security.app-sandbox</key>
|
|
|
|
|
<true/>
|
|
|
|
|
<key>com.apple.security.inherit</key>
|
|
|
|
|
<true/>
|
|
|
|
|
</dict>
|
|
|
|
|
</plist>
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
`parent.plist`:
|
|
|
|
|
|
|
|
|
|
```xml
|
|
|
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
|
|
|
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
|
|
|
|
<plist version="1.0">
|
|
|
|
|
<dict>
|
|
|
|
|
<key>com.apple.security.app-sandbox</key>
|
|
|
|
|
<true/>
|
2016-04-19 07:08:37 +00:00
|
|
|
|
<key>com.apple.security.temporary-exception.sbpl</key>
|
|
|
|
|
<string>(allow mach-lookup (global-name-regex #"^org.chromium.Chromium.rohitfork.[0-9]+$"))</string>
|
2015-10-16 09:15:23 +00:00
|
|
|
|
</dict>
|
|
|
|
|
</plist>
|
|
|
|
|
```
|
|
|
|
|
|
2015-10-16 23:25:30 +00:00
|
|
|
|
And then sign your app with the following script:
|
2015-10-16 09:15:23 +00:00
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
|
|
# Name of your app.
|
|
|
|
|
APP="YourApp"
|
|
|
|
|
# The path of you app to sign.
|
|
|
|
|
APP_PATH="/path/to/YouApp.app"
|
|
|
|
|
# The path to the location you want to put the signed package.
|
|
|
|
|
RESULT_PATH="~/Desktop/$APP.pkg"
|
|
|
|
|
# The name of certificates you requested.
|
|
|
|
|
APP_KEY="3rd Party Mac Developer Application: Company Name (APPIDENTITY)"
|
|
|
|
|
INSTALLER_KEY="3rd Party Mac Developer Installer: Company Name (APPIDENTITY)"
|
|
|
|
|
|
|
|
|
|
FRAMEWORKS_PATH="$APP_PATH/Contents/Frameworks"
|
|
|
|
|
|
2016-04-19 11:27:58 +00:00
|
|
|
|
codesign -s "$APP_KEY" -f --entitlements child.plist "$FRAMEWORKS_PATH/Electron Framework.framework/Versions/A/Electron Framework"
|
|
|
|
|
codesign -s "$APP_KEY" -f --entitlements child.plist "$FRAMEWORKS_PATH/Electron Framework.framework/Versions/A/Libraries/libffmpeg.dylib"
|
|
|
|
|
codesign -s "$APP_KEY" -f --entitlements child.plist "$FRAMEWORKS_PATH/Electron Framework.framework/Versions/A/Libraries/libnode.dylib"
|
|
|
|
|
codesign -s "$APP_KEY" -f --entitlements child.plist "$FRAMEWORKS_PATH/Electron Framework.framework"
|
|
|
|
|
codesign -s "$APP_KEY" -f --entitlements child.plist "$FRAMEWORKS_PATH/$APP Helper.app/Contents/MacOS/$APP Helper"
|
|
|
|
|
codesign -s "$APP_KEY" -f --entitlements child.plist "$FRAMEWORKS_PATH/$APP Helper.app/"
|
|
|
|
|
codesign -s "$APP_KEY" -f --entitlements child.plist "$FRAMEWORKS_PATH/$APP Helper EH.app/Contents/MacOS/$APP Helper EH"
|
|
|
|
|
codesign -s "$APP_KEY" -f --entitlements child.plist "$FRAMEWORKS_PATH/$APP Helper EH.app/"
|
|
|
|
|
codesign -s "$APP_KEY" -f --entitlements child.plist "$FRAMEWORKS_PATH/$APP Helper NP.app/Contents/MacOS/$APP Helper NP"
|
|
|
|
|
codesign -s "$APP_KEY" -f --entitlements child.plist "$FRAMEWORKS_PATH/$APP Helper NP.app/"
|
|
|
|
|
codesign -s "$APP_KEY" -f --entitlements child.plist "$APP_PATH/Contents/MacOS/$APP"
|
|
|
|
|
codesign -s "$APP_KEY" -f --entitlements parent.plist "$APP_PATH"
|
2016-01-29 04:38:50 +00:00
|
|
|
|
|
2015-11-09 03:42:37 +00:00
|
|
|
|
productbuild --component "$APP_PATH" /Applications --sign "$INSTALLER_KEY" "$RESULT_PATH"
|
2015-10-16 09:15:23 +00:00
|
|
|
|
```
|
2015-10-21 20:03:12 +00:00
|
|
|
|
|
2015-11-09 03:42:37 +00:00
|
|
|
|
If you are new to app sandboxing under OS X, you should also read through
|
2015-10-21 20:03:12 +00:00
|
|
|
|
Apple's [Enabling App Sandbox][enable-app-sandbox] to have a basic idea, then
|
2015-10-16 23:25:30 +00:00
|
|
|
|
add keys for the permissions needed by your app to the entitlements files.
|
2015-10-16 09:15:23 +00:00
|
|
|
|
|
2016-04-19 07:08:37 +00:00
|
|
|
|
### Upload Your App
|
2015-10-16 09:15:23 +00:00
|
|
|
|
|
2015-10-16 22:50:41 +00:00
|
|
|
|
After signing your app, you can use Application Loader to upload it to iTunes
|
|
|
|
|
Connect for processing, making sure you have [created a record][create-record]
|
2016-04-19 07:08:37 +00:00
|
|
|
|
before uploading.
|
|
|
|
|
|
|
|
|
|
### Explain the Usages of `temporary-exception`
|
|
|
|
|
|
|
|
|
|
When sandboxing your app there was a `temporary-exception` entry added to the
|
|
|
|
|
entitlements, according to the [App Sandbox Temporary Exception
|
|
|
|
|
Entitlements][temporary-exception] documentation, you have to explain why this
|
|
|
|
|
entry is needed:
|
|
|
|
|
|
|
|
|
|
> Note: If you request a temporary-exception entitlement, be sure to follow the
|
|
|
|
|
guidance regarding entitlements provided on the iTunes Connect website. In
|
|
|
|
|
particular, identify the entitlement and corresponding issue number in the App
|
|
|
|
|
Sandbox Entitlement Usage Information section in iTunes Connect and explain why
|
|
|
|
|
your app needs the exception.
|
|
|
|
|
|
|
|
|
|
You may explain that your app is built upon Chromium browser, which uses Mach
|
|
|
|
|
port for its multi-process architecture. But there is still probability that
|
|
|
|
|
your app failed the review because of this.
|
|
|
|
|
|
|
|
|
|
### Submit Your App for Review
|
|
|
|
|
|
|
|
|
|
After these steps, you can [submit your app for review][submit-for-review].
|
2015-10-16 09:15:23 +00:00
|
|
|
|
|
2015-10-16 22:50:41 +00:00
|
|
|
|
## Limitations of MAS Build
|
2015-10-16 09:15:23 +00:00
|
|
|
|
|
2015-10-21 20:03:12 +00:00
|
|
|
|
In order to satisfy all requirements for app sandboxing, the following modules
|
2015-10-16 23:25:30 +00:00
|
|
|
|
have been disabled in the MAS build:
|
2015-10-16 09:15:23 +00:00
|
|
|
|
|
2016-01-29 04:38:50 +00:00
|
|
|
|
* `crashReporter`
|
|
|
|
|
* `autoUpdater`
|
2015-10-16 09:15:23 +00:00
|
|
|
|
|
2015-10-16 22:50:41 +00:00
|
|
|
|
and the following behaviors have been changed:
|
2015-10-16 09:15:23 +00:00
|
|
|
|
|
|
|
|
|
* Video capture may not work for some machines.
|
|
|
|
|
* Certain accessibility features may not work.
|
|
|
|
|
* Apps will not be aware of DNS changes.
|
|
|
|
|
|
2015-10-16 23:25:30 +00:00
|
|
|
|
Also, due to the usage of app sandboxing, the resources which can be accessed by
|
2016-01-29 04:38:50 +00:00
|
|
|
|
the app are strictly limited; you can read [App Sandboxing][app-sandboxing] for
|
|
|
|
|
more information.
|
|
|
|
|
|
|
|
|
|
## Cryptographic Algorithms Used by Electron
|
|
|
|
|
|
|
|
|
|
Depending on the country and region you are located, Mac App Store may require
|
|
|
|
|
documenting the cryptographic algorithms used in your app, and even ask you to
|
|
|
|
|
submit a copy of U.S. Encryption Registration (ERN) approval.
|
|
|
|
|
|
|
|
|
|
Electron uses following cryptographic algorithms:
|
|
|
|
|
|
|
|
|
|
* AES - [NIST SP 800-38A](http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf), [NIST SP 800-38D](http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf), [RFC 3394](http://www.ietf.org/rfc/rfc3394.txt)
|
|
|
|
|
* HMAC - [FIPS 198-1](http://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf)
|
|
|
|
|
* ECDSA - ANS X9.62–2005
|
|
|
|
|
* ECDH - ANS X9.63–2001
|
|
|
|
|
* HKDF - [NIST SP 800-56C](http://csrc.nist.gov/publications/nistpubs/800-56C/SP-800-56C.pdf)
|
|
|
|
|
* PBKDF2 - [RFC 2898](https://tools.ietf.org/html/rfc2898)
|
|
|
|
|
* RSA - [RFC 3447](http://www.ietf.org/rfc/rfc3447)
|
|
|
|
|
* SHA - [FIPS 180-4](http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf)
|
|
|
|
|
* Blowfish - https://www.schneier.com/cryptography/blowfish/
|
|
|
|
|
* CAST - [RFC 2144](https://tools.ietf.org/html/rfc2144), [RFC 2612](https://tools.ietf.org/html/rfc2612)
|
|
|
|
|
* DES - [FIPS 46-3](http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf)
|
|
|
|
|
* DH - [RFC 2631](https://tools.ietf.org/html/rfc2631)
|
|
|
|
|
* DSA - [ANSI X9.30](http://webstore.ansi.org/RecordDetail.aspx?sku=ANSI+X9.30-1%3A1997)
|
|
|
|
|
* EC - [SEC 1](http://www.secg.org/sec1-v2.pdf)
|
|
|
|
|
* IDEA - "On the Design and Security of Block Ciphers" book by X. Lai
|
|
|
|
|
* MD2 - [RFC 1319](http://tools.ietf.org/html/rfc1319)
|
|
|
|
|
* MD4 - [RFC 6150](https://tools.ietf.org/html/rfc6150)
|
|
|
|
|
* MD5 - [RFC 1321](https://tools.ietf.org/html/rfc1321)
|
|
|
|
|
* MDC2 - [ISO/IEC 10118-2](https://www.openssl.org/docs/manmaster/crypto/mdc2.html)
|
|
|
|
|
* RC2 - [RFC 2268](https://tools.ietf.org/html/rfc2268)
|
|
|
|
|
* RC4 - [RFC 4345](https://tools.ietf.org/html/rfc4345)
|
|
|
|
|
* RC5 - http://people.csail.mit.edu/rivest/Rivest-rc5rev.pdf
|
|
|
|
|
* RIPEMD - [ISO/IEC 10118-3](http://webstore.ansi.org/RecordDetail.aspx?sku=ISO%2FIEC%2010118-3:2004)
|
|
|
|
|
|
|
|
|
|
On how to get the ERN approval, you can reference the article: [How to legally
|
|
|
|
|
submit an app to Apple’s App Store when it uses encryption (or how to obtain an
|
|
|
|
|
ERN)][ern-tutorial].
|
2015-10-16 09:15:23 +00:00
|
|
|
|
|
2015-11-30 07:21:39 +00:00
|
|
|
|
[developer-program]: https://developer.apple.com/support/compare-memberships/
|
2015-10-16 09:15:23 +00:00
|
|
|
|
[submitting-your-app]: https://developer.apple.com/library/mac/documentation/IDEs/Conceptual/AppDistributionGuide/SubmittingYourApp/SubmittingYourApp.html
|
|
|
|
|
[nwjs-guide]: https://github.com/nwjs/nw.js/wiki/Mac-App-Store-%28MAS%29-Submission-Guideline#first-steps
|
|
|
|
|
[enable-app-sandbox]: https://developer.apple.com/library/ios/documentation/Miscellaneous/Reference/EntitlementKeyReference/Chapters/EnablingAppSandbox.html
|
|
|
|
|
[create-record]: https://developer.apple.com/library/ios/documentation/LanguagesUtilities/Conceptual/iTunesConnect_Guide/Chapters/CreatingiTunesConnectRecord.html
|
|
|
|
|
[submit-for-review]: https://developer.apple.com/library/ios/documentation/LanguagesUtilities/Conceptual/iTunesConnect_Guide/Chapters/SubmittingTheApp.html
|
|
|
|
|
[app-sandboxing]: https://developer.apple.com/app-sandboxing/
|
2016-03-31 23:49:59 +00:00
|
|
|
|
[issue-3871]: https://github.com/electron/electron/issues/3871
|
2016-01-29 04:38:50 +00:00
|
|
|
|
[ern-tutorial]: https://carouselapps.com/2015/12/15/legally-submit-app-apples-app-store-uses-encryption-obtain-ern/
|
2016-04-19 07:08:37 +00:00
|
|
|
|
[temporary-exception]: https://developer.apple.com/library/mac/documentation/Miscellaneous/Reference/EntitlementKeyReference/Chapters/AppSandboxTemporaryExceptionEntitlements.html
|