oxen-io
/
oxen-electron-gui-wallet
mirror of https://github.com/oxen-io/oxen-electron-gui-wallet.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
oxen-electron-gui-wallet/BUILDING.md

1.9 KiB
Raw Permalink Blame History

Building

Set up the supported versions of npm/node/etc.:

nvm use

Linux, Windows

npm run build

MacOS

If you don't care about signing (i.e. you are not going to distribute) then you should be able to simply npm run build.

When you want to distribute the app, however, you need to do a bunch of crap to satisfy Apple's arbitrary security theatre Rube Goldberg machine that purports to keep users safe but in reality is designed to further Apple lock-in control of the Apple ecosystem.

  1. You have to pay Apple money (every year) to get a developer account.

  2. You need a Developer ID Application certificate, created and signed from the Apple, and loaded into your system keychain. security find-identity -v should show it.

  3. You need to create an App-specific password for the Apple developer account under which you are notarizing.

  4. In the project root, create a .env file with contents:

    SIGNING_APPLE_ID=your-developer-id@example.com
SIGNING_APP_PASSWORD=app-specific-password

    This password can be plaintext if absolutely needed (e.g. in a CI job) but should be a keychain reference such as @keychain:some-token for better security where feasible.

    • If you have multiple ids and need to use a particular signing team ID you can add:

      SIGNING_TEAM_ID=TEAMIDXYZ1

  5. If building from a remote connection (e.g. ssh'd into a mac) then unlock the keychain for that session by running security unlock.

With all of that set up, your npm run build should produce a signed and notarized installer. Hopefully. Maybe. Sometimes Apple's servers are broken and you might have to try again. But don't worry, Apple's incompetence around signing makes everything more secure because... reasons.